Malwarebytes no funciona en mi computadora

Hace unos días, de pronto Malwarebytes dejó de funcionar; lo instalé y desinstalé varias veces, pero no funciona.

https://forospyware.com/uploads/default/original/2X/7/7ea017b596d723724876737584ae206059d994f3.png

Firma con problemas: Nombre del evento de problema: APPCRASH Nombre de la aplicación: mbam.exe Versión de la aplicación: 3.1.0.1807 Marca de tiempo de la aplicación: 5cc0b6f1 Nombre del módulo con errores: Qt5Core.dll Versión del módulo con errores: 5.11.1.0 Marca de tiempo del módulo con errores: 5cba0161 Código de excepción: c0000005 Desplazamiento de excepción: 001a86be Versión del sistema operativo: 6.1.7601.2.1.0.256.48 Id. de configuración regional: 2058 Información adicional 1: 0a9e Información adicional 2: 0a9e372d3b4ad19135b953a78882e789 Información adicional 3: 0a9e Información adicional 4: 0a9e372d3b4ad19135b953a78882e789

Lea nuestra declaración de privacidad en línea: http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0c0a

Si la declaración de privacidad en línea no está disponible, lea la declaración de privacidad sin conexión: C:\Windows\system32\es-ES\erofflps.txt

Saludos @pedro_picapiedra…que Window usas … me imagino que cumples con los requisitos del programa …sería buena idea desinstalar con el revouninstaller y luego bajar la aplicación de la web oficial e instalar…

@pedro_picapiedra, estas usando una version muy antigua ya de Malwarebytes 3.1.0.1807, a si que debes actualizarla, o desde el propio programa o instalando sobre la que tienes la ultima

Comentas

Hola, Miguel:

Gracias por tu amable respuesta.

Según yo, mi versión de Malwarebytes no estaba tan desactualizada y funcionaba muy bien, hasta que de repente no encontré el ícono en la barra de tareas. Entonces instalé la última versión, y al ejectuar el programa salió un letrero con el ícono de Malwarebyte diciendo que el programa dejó de funcionar y que Windows podía buscar una solución en línea.

Seguí tus amables indicaciones, y utilicé los desinstaladores recomendados. Al utilizar MB-Clean.exe apareció un letrero en rojo:

Control de cuentas de usuario Este programa se bloqueó como medida de seguridad. Un administrador bloqueó este programa para que no pueda ejecutarlo.

Estoy intrigado, porque Malwarebytes se instala bien, pero no lo puedo ejecutar. Tengo el antivirus ESET Internet Security y también hice una exploración con el ESET Online Scanner sin novedades. Tengo Windows 7 de 64 bits.

Hola, Master_Gear:

Gracias por tu amable respuesta.

Uso Windows 7 de 64 bits. Desinstalé el Malwarebytes con el Revouninstaller y bajé la aplicación de la web oficial. Se instaló sin ningún problema, pero al iniciar el programa vuelve a salir el mismo cuadro con el ícono de Malwarebyte diciendo que el programa dejó de funcionar y que Windows podía buscar una solución en línea.

Estoy intrigado. Según mi antivirus (ESET Internet Security) y ESET Online Scanner mi computadora está libre de virus.

Saludos

Tu versión estaba muy desactualizada, fíjate:

version 3.1 / 10 de mayo de 2017

Bueno, ahora en orden y me pegas los logs

1- Manual Malwarebytes Anti-Rootkit Beta


2-

  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

1 me gusta

Hola, Miguel:

Seguí tus amables indicaciones. Pego textos:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-05.2019
Ran by pc (administrator) on PC-PC (Hewlett-Packard HP Compaq 6200 Pro SFF PC) (30-05-2019 18:00:31)
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc & Copiar)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Broadcom Corporation) [File not signed] C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
(DEVGURU CO LTD -> DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\73.4.118\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\73.4.118\QtWebEngineProcess.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Internet Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Internet Security\ekrn.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(IDM Computer Solutions, Inc. -> IDM Computer Solutions, Inc.) C:\Program Files\IDM Computer Solutions\UltraEdit\uedit64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(pdfforge GmbH -> © pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Internet Security\ecmdS.exe [177928 2019-04-17] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5461312 2019-05-21] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3156176292-3350762252-934864854-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-22] (Google LLC -> Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0357C4C3-B01C-440A-B873-8328BDF24E09} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {18C3F3B5-38A6-46D5-BE15-F4F02DEACDC6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {23F339E6-B6CF-49B6-9775-D011AB5EFEBB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2B301493-7497-423B-B6C7-399E8F3243E0} - System32\Tasks\{CBA40CE9-AAE4-41E2-A25E-B03A2B4DE5EF} => C:\Windows\system32\pcalua.exe -a "C:\Users\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I1WGOR5G\JavaSetup8u201.exe" -d C:\Users\pc\Desktop
Task: {5E58394B-228C-47EF-8822-F54E696DF31A} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {75F32A00-D8D6-498D-8147-6B97556A2673} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7FECFB2C-EFB8-4292-BDC5-670E4B55600B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {842EE97B-333E-4460-A1E7-5486A1714E0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-12] (Google Inc -> Google Inc.)
Task: {9BB67FD4-33DD-4D33-B39E-082CE2C48F94} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {A2CFEA5B-2370-4F72-B5F5-6DA49B370854} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1741576 2016-03-17] (Intel(R) Software -> Intel Corporation)
Task: {BCAB2094-440A-4F9C-BF0E-CEDD2DE68EB2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {CABB274B-082B-4727-BE01-1D30B8F8D4B8} - System32\Tasks\{4F0859FA-6371-408B-8242-180C16BFC0AC} => C:\Windows\system32\pcalua.exe -a C:\Users\pc\Downloads\jxpiinstall.exe -d C:\Users\pc\Downloads
Task: {CB4A70BD-A2D1-4532-9C34-F0CD31DCD032} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {D4210026-EF41-4A1C-ABFB-DB083A21EB75} - System32\Tasks\{A5A26AFF-B2F9-4B69-BDE4-F7F009C0FABC} => C:\Windows\system32\pcalua.exe -a C:\Users\pc\AppData\Local\Temp\jre-8u141-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau-m FAMILYUPGRADE=1 <==== ATTENTION
Task: {E05E3B83-1423-477C-A170-27763041EF65} - System32\Tasks\AdobeGCInvoker-1.0-pc-PC-pc => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {ED33C5D8-41F5-4246-8D13-F94D8F84F604} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-12] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{76FE05FE-1C94-46AC-B343-981B250435C7}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-3156176292-3350762252-934864854-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/es-mx/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3156176292-3350762252-934864854-1000 -> DefaultScope {1DF3BB7C-42CA-4782-BE57-C090172B75C6} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3156176292-3350762252-934864854-1000 -> {1DF3BB7C-42CA-4782-BE57-C090172B75C6} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-05-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3156176292-3350762252-934864854-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {4B5DC085-DDEE-4B81-8F51-D63E31053F96} hxxp://idse.imss.gob.mx/certificacion/SeguriTools/GenKey.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: u3ydjqyr.default-1533936292125
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\u3ydjqyr.default-1533936292125 [2019-05-30]
FF Extension: (Netflix Super Browse) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\u3ydjqyr.default-1533936292125\Extensions\@cyris.xpi [2018-08-10] [Legacy]
FF Extension: (Botón de Google Académico) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\u3ydjqyr.default-1533936292125\Extensions\[email protected] [2018-08-10]
FF Extension: (Online Convert) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\u3ydjqyr.default-1533936292125\Extensions\[email protected] [2019-02-20]
FF Extension: (Webmail Ad Blocker) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\u3ydjqyr.default-1533936292125\Extensions\[email protected] [2019-02-20]
FF Extension: (Español (México) Language Pack) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\u3ydjqyr.default-1533936292125\Extensions\[email protected] [2019-02-20]
FF Extension: (Google Translator for Firefox) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\u3ydjqyr.default-1533936292125\Extensions\[email protected] [2019-02-20]
FF Extension: (No Name) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\u3ydjqyr.default-1533936292125\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-04]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-02-06] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-19] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-19] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2019-05-30]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com.mx/"
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default [2019-05-30]
CHR Extension: (Traductor de Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-04-03]
CHR Extension: (Presentaciones) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Kindle Cloud Reader) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhobdllgfmhkiebcdmeipdjpbhhmncd [2018-09-11]
CHR Extension: (Sudoku) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2017-02-16]
CHR Extension: (Duolingo en la web) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2017-08-07]
CHR Extension: (Documentos) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Dictanote) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2018-07-11]
CHR Extension: (Google Drive) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-12]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-12]
CHR Extension: (Webmail Ad Blocker) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2019-02-22]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-23]
CHR Extension: (Web Cache) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coblegoildgpecccijneplifmeghcgip [2017-08-07]
CHR Extension: (Netflix) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2017-02-16]
CHR Extension: (Dropbox para Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2019-02-07]
CHR Extension: (Convertio) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eppjkefeiehhflmgkhdooajgbkkegpcl [2019-03-21]
CHR Extension: (Hojas de cálculo) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Descargar Videos de Facebook) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffflbdiodmhiipfcnmagakecnmcbmolp [2018-05-16]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (Crackle Mexico) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjooonhjldhpollpbkglklcgnegfmdgh [2017-02-16]
CHR Extension: (Voice Recognition) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2017-08-07]
CHR Extension: (Voz a Texto) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcdafhjjjfnkoeilnjmnadadaoehgdc [2018-07-11]
CHR Extension: (Domino Diamond) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpoojdgkmpcojkpoiipjnpffiopoeam [2017-02-16]
CHR Extension: (Google Play Books) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2017-08-07]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-25]
CHR Extension: (Audio Only Youtube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkocpiliahoaohbolmkelakpiphnllog [2019-03-13]
CHR Extension: (Fleex - Intelligent subtitles) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pocpeokkkifomeaaobopeacnnepnaldl [2019-04-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163328 2011-01-14] (Broadcom Corporation) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-05-21] (Dropbox, Inc -> Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Internet Security\ekrn.exe [2359312 2019-04-17] (ESET, spol. s r.o. -> ESET)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] (Intel(R) Software Development Products -> )
R2 PDF Architect 5 Manager; C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985904 2017-02-28] (pdfforge GmbH -> © pdfforge GmbH.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] (Intel(R) Software Development Products -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-09-28] (TeamViewer GmbH -> TeamViewer GmbH)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] (Intel(R) Software Development Products -> )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [30208 2016-08-31] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [121856 2011-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [145600 2019-03-14] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107744 2019-03-14] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [188240 2019-03-14] (ESET, spol. s r.o. -> ESET)
S4 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50280 2019-03-14] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82472 2019-03-14] (ESET, spol. s r.o. -> ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61152 2019-03-14] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [110000 2019-03-14] (ESET, spol. s r.o. -> ESET)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] (Intel(R) Code Signing External -> )
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Parte 2 de FRST.txt

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-30 18:00 - 2019-05-30 18:04 - 000029415 _____ C:\Users\pc\Desktop\FRST.txt
2019-05-30 18:00 - 2019-05-30 18:00 - 000000000 ____D C:\FRST
2019-05-30 17:55 - 2019-05-30 17:59 - 002435584 _____ (Farbar) C:\Users\pc\Desktop\FRST64.exe
2019-05-30 17:14 - 2019-05-30 17:14 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\567A147A.sys
2019-05-30 17:13 - 2019-05-30 17:49 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-05-30 17:13 - 2019-05-30 17:13 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2019-05-30 17:12 - 2019-05-30 17:46 - 000000000 ____D C:\Users\pc\Desktop\mbar
2019-05-30 14:01 - 2019-05-30 14:01 - 014178840 _____ (Malwarebytes Corp.) C:\Users\pc\Desktop\mbar-1.10.3.1001.exe
2019-05-29 16:32 - 2019-05-29 16:32 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-29 16:32 - 2019-05-29 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-29 16:32 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-05-29 16:31 - 2019-05-30 17:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-29 16:31 - 2019-05-29 16:31 - 000000000 ____D C:\Program Files\Malwarebytes
2019-05-29 14:50 - 2019-05-29 14:50 - 000566128 _____ (Malwarebytes) C:\Users\pc\Desktop\mbam-clean-2.3.0.1001.exe
2019-05-29 14:44 - 2019-05-29 14:44 - 000858912 _____ (Malwarebytes) C:\Users\pc\Desktop\mb-clean-3.1.0.1035.exe
2019-05-29 14:27 - 2019-05-29 14:27 - 000000082 _____ C:\Users\pc\Documents\cc_20190529_142748.reg
2019-05-29 13:20 - 2019-05-29 13:22 - 063182216 _____ (Malwarebytes ) C:\Users\pc\Desktop\mb3-setup-37469.37469-3.7.1.2839-1.0.586-1.0.10430.exe
2019-05-29 12:53 - 2019-05-29 12:54 - 000003706 _____ C:\Users\pc\Documents\cc_20190529_125356.reg
2019-05-29 12:17 - 2019-05-29 12:17 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-05-29 12:17 - 2019-05-29 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-05-29 12:17 - 2019-05-29 12:17 - 000000000 ____D C:\Program Files\VS Revo Group
2019-05-29 10:45 - 2019-05-29 10:45 - 007127416 _____ (VS Revo Group ) C:\Users\pc\Downloads\revosetup.exe
2019-05-28 16:33 - 2019-05-28 16:34 - 007665272 _____ (ESET spol. s r.o.) C:\Users\pc\Downloads\esetonlinescanner_esn.exe
2019-05-28 16:25 - 2019-05-28 16:25 - 000000213 _____ C:\Users\pc\Desktop\Garrapatas.txt
2019-05-28 11:48 - 2019-05-28 11:54 - 000002580 _____ C:\Users\pc\Desktop\Rkill.txt
2019-05-28 11:48 - 2019-05-28 11:48 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\pc\Downloads\iExplore64.exe
2019-05-28 11:47 - 2019-05-28 11:47 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\pc\Downloads\iExplore.exe
2019-05-28 11:42 - 2019-05-28 11:42 - 000000980 _____ C:\Users\pc\Desktop\Malwarebytes.txt
2019-05-28 10:42 - 2019-05-28 10:42 - 007025360 _____ (Malwarebytes) C:\Users\pc\Desktop\adwcleaner_7.3.exe
2019-05-28 10:41 - 2019-05-28 10:41 - 000769538 _____ C:\Users\pc\Desktop\PUPs - Guía.pdf
2019-05-28 10:25 - 2019-05-28 10:25 - 000004338 _____ C:\Users\pc\Documents\cc_20190528_102503.reg
2019-05-27 17:32 - 2019-05-27 17:32 - 000064024 _____ C:\Users\pc\Desktop\Yoshoku-Order Receipt.pdf
2019-05-25 15:24 - 2019-05-25 15:24 - 000000303 _____ C:\Users\pc\Desktop\Ay ojón.txt
2019-05-23 15:36 - 2019-05-23 15:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-05-21 13:54 - 2019-05-27 16:30 - 000000133 _____ C:\Users\pc\Desktop\Similares.txt
2019-05-21 13:54 - 2019-05-27 09:33 - 000000124 _____ C:\Users\pc\Desktop\Similares.txt.bak
2019-05-21 07:10 - 2019-05-21 07:10 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-05-21 07:10 - 2019-05-21 07:10 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-05-21 07:10 - 2019-05-21 07:10 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-05-21 07:10 - 2019-05-21 07:10 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-05-17 17:39 - 2019-05-17 17:40 - 011936291 _____ C:\Users\pc\Desktop\Mmmm México recetas.pdf
2019-05-17 17:35 - 2019-05-17 17:35 - 000001295 _____ C:\Users\pc\Desktop\Charros los frijoles.txt.bak
2019-05-17 17:35 - 2019-05-17 17:35 - 000001178 _____ C:\Users\pc\Desktop\Charros los frijoles.txt
2019-05-17 12:01 - 2019-05-17 12:26 - 000000680 _____ C:\Users\pc\Desktop\Misceláneos2.txt
2019-05-17 12:01 - 2019-05-17 12:01 - 000000165 _____ C:\Users\pc\Desktop\Misceláneos2.txt.bak
2019-05-15 17:14 - 2019-05-15 17:14 - 000045638 _____ C:\Users\pc\Desktop\Pago_Telmex_0519.pdf
2019-05-15 14:49 - 2019-04-30 14:28 - 000397112 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-05-15 14:49 - 2019-04-30 13:37 - 000348984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-05-15 14:49 - 2019-04-29 19:51 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-05-15 14:49 - 2019-04-29 19:51 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-05-15 14:49 - 2019-04-24 23:01 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-05-15 14:49 - 2019-04-24 22:52 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-05-15 14:49 - 2019-04-24 22:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-05-15 14:49 - 2019-04-24 22:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-05-15 14:49 - 2019-04-24 22:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-05-15 14:49 - 2019-04-24 22:38 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-05-15 14:49 - 2019-04-24 22:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-05-15 14:49 - 2019-04-24 22:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-05-15 14:49 - 2019-04-24 22:31 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-05-15 14:49 - 2019-04-24 22:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-05-15 14:49 - 2019-04-24 22:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-05-15 14:49 - 2019-04-24 22:28 - 005775360 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-05-15 14:49 - 2019-04-24 22:28 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-05-15 14:49 - 2019-04-24 22:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-05-15 14:49 - 2019-04-24 22:26 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-05-15 14:49 - 2019-04-24 22:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-05-15 14:49 - 2019-04-24 22:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-05-15 14:49 - 2019-04-24 22:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-05-15 14:49 - 2019-04-24 22:19 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-05-15 14:49 - 2019-04-24 22:16 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-05-15 14:49 - 2019-04-24 22:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-05-15 14:49 - 2019-04-24 22:12 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-05-15 14:49 - 2019-04-24 22:11 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-05-15 14:49 - 2019-04-24 22:11 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-05-15 14:49 - 2019-04-24 22:09 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-05-15 14:49 - 2019-04-24 22:09 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-05-15 14:49 - 2019-04-24 22:09 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-05-15 14:49 - 2019-04-24 22:08 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-05-15 14:49 - 2019-04-24 22:06 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-05-15 14:49 - 2019-04-24 22:05 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-05-15 14:49 - 2019-04-24 22:05 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-05-15 14:49 - 2019-04-24 22:05 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-05-15 14:49 - 2019-04-24 22:04 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-05-15 14:49 - 2019-04-24 22:03 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-05-15 14:49 - 2019-04-24 22:03 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-05-15 14:49 - 2019-04-24 22:02 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-05-15 14:49 - 2019-04-24 22:02 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-05-15 14:49 - 2019-04-24 22:01 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-05-15 14:49 - 2019-04-24 21:54 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-05-15 14:49 - 2019-04-24 21:52 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-05-15 14:49 - 2019-04-24 21:50 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-05-15 14:49 - 2019-04-24 21:50 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-05-15 14:49 - 2019-04-24 21:50 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-05-15 14:49 - 2019-04-24 21:49 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-05-15 14:49 - 2019-04-24 21:49 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-05-15 14:49 - 2019-04-24 21:48 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-05-15 14:49 - 2019-04-24 21:47 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-05-15 14:49 - 2019-04-24 21:47 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-05-15 14:49 - 2019-04-24 21:46 - 015285248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-05-15 14:49 - 2019-04-24 21:46 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-05-15 14:49 - 2019-04-24 21:45 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-05-15 14:49 - 2019-04-24 21:43 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-05-15 14:49 - 2019-04-24 21:40 - 004493312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-05-15 14:49 - 2019-04-24 21:38 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-05-15 14:49 - 2019-04-24 21:37 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-05-15 14:49 - 2019-04-24 21:36 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-05-15 14:49 - 2019-04-24 21:35 - 013682176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-05-15 14:49 - 2019-04-24 21:35 - 005303808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-05-15 14:49 - 2019-04-24 21:35 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-05-15 14:49 - 2019-04-24 21:24 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-05-15 14:49 - 2019-04-24 21:18 - 004831232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-05-15 14:49 - 2019-04-24 21:14 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-05-15 14:49 - 2019-04-24 21:14 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-05-15 14:49 - 2019-04-24 21:12 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-05-15 14:49 - 2019-04-18 21:54 - 004057320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-05-15 14:49 - 2019-04-18 21:53 - 003963624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-05-15 14:49 - 2019-04-18 21:53 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-05-15 14:49 - 2019-04-18 21:51 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:44 - 000185064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2019-05-15 14:49 - 2019-04-18 21:44 - 000095456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-05-15 14:49 - 2019-04-18 21:43 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-05-15 14:49 - 2019-04-18 21:43 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-05-15 14:49 - 2019-04-18 21:43 - 000153832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-05-15 14:49 - 2019-04-18 21:43 - 000064232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2019-05-15 14:49 - 2019-04-18 21:43 - 000063208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2019-05-15 14:49 - 2019-04-18 21:43 - 000060648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2019-05-15 14:49 - 2019-04-18 21:43 - 000031976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2019-05-15 14:49 - 2019-04-18 21:43 - 000023784 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2019-05-15 14:49 - 2019-04-18 21:43 - 000020200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2019-05-15 14:49 - 2019-04-18 21:42 - 005552864 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-05-15 14:49 - 2019-04-18 21:42 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-05-15 14:49 - 2019-04-18 21:42 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-05-15 14:49 - 2019-04-18 21:42 - 000122600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2019-05-15 14:49 - 2019-04-18 21:42 - 000068328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2019-05-15 14:49 - 2019-04-18 21:42 - 000036064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2019-05-15 14:49 - 2019-04-18 21:42 - 000015080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2019-05-15 14:49 - 2019-04-18 21:42 - 000012136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2019-05-15 14:49 - 2019-04-18 21:40 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-05-15 14:49 - 2019-04-18 21:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:27 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-05-15 14:49 - 2019-04-18 21:26 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-05-15 14:49 - 2019-04-18 21:20 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-05-15 14:49 - 2019-04-18 21:20 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-05-15 14:49 - 2019-04-18 21:20 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-05-15 14:49 - 2019-04-18 21:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-05-15 14:49 - 2019-04-18 21:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-05-15 14:49 - 2019-04-18 21:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-05-15 14:49 - 2019-04-18 21:15 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-05-15 14:49 - 2019-04-18 21:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-05-15 14:49 - 2019-04-18 21:15 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-05-15 14:49 - 2019-04-18 21:14 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-05-15 14:49 - 2019-04-18 21:12 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-05-15 14:49 - 2019-04-18 21:11 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-05-15 14:49 - 2019-04-18 21:11 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-05-15 14:49 - 2019-04-18 21:08 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-05-15 14:49 - 2019-04-18 21:08 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-05-15 14:49 - 2019-04-18 21:08 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-05-15 14:49 - 2019-04-18 21:08 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-05-15 14:49 - 2019-04-18 21:08 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-05-15 14:49 - 2019-04-18 21:08 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-05-15 14:49 - 2019-04-18 21:07 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-05-15 14:49 - 2019-04-18 21:07 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-05-15 14:49 - 2019-04-18 21:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-05-15 14:49 - 2019-04-18 21:07 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-05-15 14:49 - 2019-04-18 21:07 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-05-15 14:49 - 2019-04-18 21:07 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-05-15 14:49 - 2019-04-18 21:07 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-05-15 14:49 - 2019-04-16 10:17 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-05-15 14:49 - 2019-04-16 10:17 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-05-15 14:49 - 2019-04-16 10:17 - 000628224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2019-05-15 14:49 - 2019-04-16 10:17 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-05-15 14:49 - 2019-04-16 10:17 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-05-15 14:49 - 2019-04-16 10:17 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2019-05-15 14:49 - 2019-04-16 10:16 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2019-05-15 14:49 - 2019-04-16 10:05 - 014184448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-05-15 14:49 - 2019-04-16 10:05 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-05-15 14:49 - 2019-04-16 10:05 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2019-05-15 14:49 - 2019-04-16 10:05 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-05-15 14:49 - 2019-04-16 10:05 - 000806400 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2019-05-15 14:49 - 2019-04-16 10:05 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-05-15 14:49 - 2019-04-16 10:05 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-05-15 14:49 - 2019-04-16 10:05 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-05-15 14:49 - 2019-04-16 10:05 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-05-15 14:49 - 2019-04-16 09:55 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2019-05-15 14:49 - 2019-04-16 08:15 - 000419648 _____ C:\Windows\SysWOW64\locale.nls
2019-05-15 14:49 - 2019-04-16 08:15 - 000419648 _____ C:\Windows\system32\locale.nls
2019-05-15 14:49 - 2019-04-14 00:42 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2019-05-15 14:49 - 2019-04-14 00:40 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-05-15 14:49 - 2019-04-14 00:40 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2019-05-15 14:49 - 2019-04-14 00:39 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-05-15 14:49 - 2019-04-14 00:39 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2019-05-15 14:49 - 2019-04-14 00:28 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-05-15 14:49 - 2019-04-14 00:26 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-05-15 14:49 - 2019-04-14 00:26 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-05-15 14:49 - 2019-04-14 00:26 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-05-15 14:49 - 2019-04-14 00:26 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-05-15 14:49 - 2019-04-14 00:26 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-05-15 14:49 - 2019-04-14 00:12 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2019-05-15 14:49 - 2019-04-07 10:17 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-05-15 14:49 - 2019-04-07 10:17 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-05-15 14:49 - 2019-04-07 10:17 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-05-15 14:49 - 2019-04-07 10:17 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-05-15 14:49 - 2019-04-07 10:17 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-05-15 14:49 - 2019-04-07 10:17 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-05-15 14:49 - 2019-04-07 10:16 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-05-15 14:49 - 2019-04-07 10:16 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-05-15 14:49 - 2019-04-07 10:16 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-05-15 14:49 - 2019-04-07 10:16 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-05-15 14:49 - 2019-04-07 10:16 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-05-15 14:49 - 2019-04-07 10:16 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-05-15 14:49 - 2019-04-07 10:16 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-05-15 14:49 - 2019-04-07 10:16 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-05-15 14:49 - 2019-04-07 10:16 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2019-05-15 14:49 - 2019-04-07 10:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-05-15 14:49 - 2019-04-07 10:15 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-05-15 14:49 - 2019-04-07 10:15 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-05-15 14:49 - 2019-04-07 10:15 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-05-15 14:49 - 2019-04-07 10:15 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-05-15 14:49 - 2019-04-07 10:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-05-15 14:49 - 2019-04-07 10:15 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-05-15 14:49 - 2019-04-07 10:15 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-05-15 14:49 - 2019-04-07 10:15 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-05-15 14:49 - 2019-04-07 10:15 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-05-15 14:49 - 2019-04-07 10:15 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-05-15 14:49 - 2019-04-07 10:15 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-05-15 14:49 - 2019-04-07 10:05 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-05-15 14:49 - 2019-04-07 10:03 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-05-15 14:49 - 2019-04-07 10:03 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 001281536 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-05-15 14:49 - 2019-04-07 10:03 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-05-15 14:49 - 2019-04-07 10:03 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-05-15 14:49 - 2019-04-07 10:02 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-05-15 14:49 - 2019-04-07 10:02 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-05-15 14:49 - 2019-04-07 10:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-05-15 14:49 - 2019-04-07 10:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-05-15 14:49 - 2019-04-07 09:57 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-05-15 14:49 - 2019-04-07 09:49 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-05-15 14:49 - 2019-04-07 09:48 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-05-15 14:49 - 2019-04-07 09:45 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-05-15 14:49 - 2019-04-07 09:45 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-05-15 14:49 - 2019-04-07 09:45 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-05-15 14:49 - 2019-04-07 09:42 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-05-15 14:49 - 2019-04-07 09:42 - 000376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-05-15 14:49 - 2019-04-07 09:42 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-05-15 14:49 - 2019-04-07 09:42 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-05-15 14:49 - 2019-04-07 09:42 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-05-15 14:49 - 2019-04-07 09:38 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2019-05-15 14:49 - 2019-04-07 09:35 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-05-15 14:49 - 2019-04-07 09:33 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-05-15 14:49 - 2019-04-07 09:33 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-05-15 14:49 - 2019-04-07 08:05 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-05-15 14:49 - 2019-04-04 19:34 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll
2019-05-15 14:49 - 2019-04-04 19:23 - 000057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll
2019-05-14 17:38 - 2019-05-14 17:38 - 000253640 _____ C:\Users\pc\Desktop\Chinchulines.pdf
2019-05-14 17:19 - 2019-05-14 17:20 - 001017439 _____ C:\Users\pc\Downloads\Parrillero ciencia.zip
2019-05-14 17:18 - 2019-05-14 17:19 - 020584594 _____ C:\Users\pc\Downloads\Parrillero criollo.zip
2019-05-14 15:05 - 2019-05-14 15:06 - 029474410 _____ C:\Users\pc\Downloads\kupdf.net_gran-libro-de-cocina-de-alain-ducassepdf.pdf
2019-05-06 16:45 - 2019-05-07 09:41 - 000000000 ___HD C:\ProgramData\10162q87441B66759H52578
2019-05-04 12:59 - 2019-05-04 12:59 - 000230629 _____ C:\Users\pc\Desktop\Sams-may19.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-30 17:57 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-05-30 17:48 - 2016-11-29 15:35 - 000000938 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-05-30 17:48 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-30 17:27 - 2016-11-29 15:36 - 000000942 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-05-30 17:03 - 2016-11-12 11:33 - 000003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{39947DB6-59F0-4AE5-A73A-E88EFA762E05}
2019-05-30 17:00 - 2016-11-28 11:31 - 000000000 ____D C:\Windows\System32\Tasks\Games
2019-05-30 16:45 - 2009-07-13 23:45 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-30 16:45 - 2009-07-13 23:45 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-30 16:33 - 2017-01-28 11:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-05-30 16:32 - 2009-07-14 00:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2019-05-29 16:32 - 2018-10-18 14:37 - 000000000 ____D C:\Users\pc\AppData\Local\CrashDumps
2019-05-28 16:41 - 2017-05-20 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2019-05-28 16:41 - 2017-05-20 15:11 - 000000000 ____D C:\Program Files\KMSpico
2019-05-28 16:34 - 2016-11-12 13:23 - 000000000 ____D C:\Users\pc\AppData\Local\ESET
2019-05-28 11:25 - 2009-07-14 00:08 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-05-28 10:22 - 2016-11-29 10:57 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-05-28 10:07 - 2018-03-13 15:58 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-05-28 10:07 - 2017-10-31 18:47 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-05-25 15:27 - 2019-03-26 12:57 - 000000000 ____D C:\Users\pc\Desktop\L E E R
2019-05-24 10:16 - 2019-01-22 14:15 - 000037525 _____ C:\Users\pc\Desktop\Books to buy.txt
2019-05-24 10:10 - 2019-01-22 14:15 - 000037516 _____ C:\Users\pc\Desktop\Books to buy.txt.bak
2019-05-23 19:09 - 2019-04-29 18:47 - 000006255 _____ C:\Users\pc\Desktop\Sicopatas.txt
2019-05-23 15:37 - 2016-11-29 15:35 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-05-23 11:02 - 2019-04-29 18:47 - 000006255 _____ C:\Users\pc\Desktop\Sicopatas.txt.bak
2019-05-22 17:28 - 2019-03-09 14:09 - 000003408 _____ C:\Users\pc\Desktop\Florestan.txt
2019-05-22 16:26 - 2016-11-12 11:36 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-22 11:04 - 2019-03-09 14:09 - 000003589 _____ C:\Users\pc\Desktop\Florestan.txt.bak
2019-05-16 15:27 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2019-05-16 12:24 - 2017-01-27 13:04 - 000000000 ____D C:\Users\pc\Downloads\Ringtones
2019-05-16 10:29 - 2017-11-27 17:21 - 000000000 ____D C:\Games
2019-05-16 10:22 - 2011-04-12 04:10 - 000747396 _____ C:\Windows\system32\perfh00A.dat
2019-05-16 10:22 - 2011-04-12 04:10 - 000158868 _____ C:\Windows\system32\perfc00A.dat
2019-05-16 10:22 - 2009-07-14 00:13 - 001676890 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-16 09:54 - 2018-06-19 15:36 - 000619496 _____ C:\Windows\system32\FNTCACHE.DAT
2019-05-16 09:48 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-05-16 09:48 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Dism
2019-05-15 17:54 - 2017-01-28 13:24 - 000000000 ____D C:\Windows\system32\MRT
2019-05-15 17:48 - 2017-01-28 13:24 - 132445408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-05-15 17:45 - 2016-11-12 11:57 - 001650540 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-05-15 17:20 - 2019-04-18 15:55 - 000020018 _____ C:\Users\pc\Desktop\PUERCO.txt
2019-05-15 17:19 - 2019-04-18 15:55 - 000020029 _____ C:\Users\pc\Desktop\PUERCO.txt.bak
2019-05-15 14:18 - 2016-11-12 11:34 - 000003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 14:18 - 2016-11-12 11:34 - 000003342 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-09 17:17 - 2016-11-29 12:12 - 000000000 ____D C:\Users\pc\Documents\My Digital Editions
2019-05-09 14:10 - 2016-11-29 14:57 - 000000000 ____D C:\Users\pc\Documents\Biblioteca de calibre
2019-05-09 13:13 - 2016-11-12 11:45 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-05-09 13:08 - 2009-07-13 21:34 - 000000478 _____ C:\Windows\win.ini
2019-05-06 16:45 - 2016-11-28 14:12 - 000000000 ____D C:\Brother
2019-05-04 12:06 - 2016-11-28 11:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-04 10:55 - 2016-11-28 11:31 - 000000000 ____D C:\Users\pc\AppData\LocalLow\Mozilla
2019-05-03 14:29 - 2019-02-26 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-05-03 14:29 - 2019-02-26 11:58 - 000000000 ____D C:\Program Files (x86)\Java
2019-05-03 14:27 - 2019-02-26 11:58 - 000099192 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2019-05-01 11:26 - 2017-01-21 15:42 - 000000000 ____D C:\Users\pc\Documents\Archivos de Outlook

==================== Files in the root of some directories =======

2018-08-09 16:40 - 2018-08-09 16:40 - 000003072 _____ () C:\Users\pc\AppData\Local\file__0.localstorage
2018-08-09 16:40 - 2018-08-09 16:40 - 000003072 _____ () C:\Users\pc\AppData\Local\https_drm.youdagames.com_0.localstorage
2018-09-27 11:14 - 2018-09-27 11:14 - 000000000 _____ () C:\Users\pc\AppData\Local\oobelibMkey.log
2016-11-12 13:58 - 2017-02-05 19:21 - 000007611 _____ () C:\Users\pc\AppData\Local\Resmon.ResmonCfg
2008-02-05 15:28 - 2008-02-05 15:28 - 000000051 _____ () C:\Users\pc\AppData\Local\setup.txt

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-23 12:10
==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05.2019
Ran by pc (30-05-2019 18:05:00)
Running from C:\Users\pc\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-09-02 12:10:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3156176292-3350762252-934864854-500 - Administrator - Disabled)
Copiar (S-1-5-21-3156176292-3350762252-934864854-1001 - Administrator - Enabled) => C:\Users\Copiar
Invitado (S-1-5-21-3156176292-3350762252-934864854-501 - Limited - Disabled)
pc (S-1-5-21-3156176292-3350762252-934864854-1000 - Administrator - Enabled) => C:\Users\pc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Disabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{148F44E1-3F4A-4A55-A463-9B256CBCC37A}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{539E57B0-4D81-4095-ACF3-D2C86FBBEDD6}) (Version: 2.6.2.3 - Intel) Hidden
Adblock Plus para IE (32 bit y 64 bit) (HKLM\...\{13F8A464-64C7-4C70-A28B-A2DCB51DAD5F}) (Version: 1.6 - Eyeo GmbH)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3156176292-3350762252-934864854-1000\...\Amazon Kindle) (Version: 1.24.3.51068 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{BA88C518-1C29-6931-1190-D9153F49461B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ATLAS.ti 8.2 (HKLM-x32\...\{49D94DEA-2AF0-4C43-BB91-0A9B7F1E8F12}) (Version: 8.2.32 - Scientific Software Development GmbH) Hidden
ATLAS.ti 8.2 (HKLM-x32\...\{9d3b2fac-da70-4d2c-9abd-79a46fa12292}) (Version: 8.2.32 - Scientific Software Development GmbH)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{9B34CC4C-E7FF-4AC8-B771-1D09612D6430}) (Version: 15.0.8.3 - Broadcom Corporation)
Brother MFL-Pro Suite DCP-1510 series (HKLM-x32\...\{90C24B16-9C28-44AB-8C63-BB9822218E18}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
calibre 64bit (HKLM\...\{47DF5665-4C7E-46A0-8993-B147CE0E5A36}) (Version: 3.29.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
Dropbox (HKLM-x32\...\Dropbox) (Version: 73.4.118 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
EaseUS Partition Master 10.0 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
eMule (HKLM-x32\...\eMule) (Version:  - )
ESET Security (HKLM\...\{37E67F0A-50BB-430A-A2A5-F5E2F6EE96DB}) (Version: 12.1.34.0 - ESET, spol. s r.o.)
Express Scribe, software para transcripciones (HKLM-x32\...\Scribe) (Version: 6.09 - NCH Software)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Freeplane (HKLM\...\{D3941722-C4DD-4509-88C4-0E87F675A859}_is1) (Version: 1.5.18 - Open source)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
HydraVision (HKLM-x32\...\{FE71C6A2-0A7A-FDAC-FBF5-1085D1C2ADD8}) (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IHMC CmapTools v6.02 (HKLM\...\IHMC CmapTools v6.02) (Version: 6.0.2.0 - Institute for Human & Machine Cognition)
Intel(R) Network Connections 17.2.154.0 (HKLM\...\PROSetDX) (Version: 17.2.154.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{281508ba-d9c6-4f23-9570-48a516f37c4e}) (Version: 2.6.2.3 - Intel)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
KingRoot version 3.5.0.1157 (HKLM-x32\...\{FA3B7324-9EB4-4ADC-84D0-5461BE113832}_is1) (Version: 3.5.0.1157 - KingRoot)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Kobo (HKLM-x32\...\Kobo) (Version: 4.6.8458 - Rakuten Kobo Inc.)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Manager (HKLM-x32\...\{218A9668-3355-48AA-BFE5-6957CA4A5A4C}) (Version: 5.0.22.32425 - 2017 pdfforge GmbH. All rights reserved) Hidden
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 66.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 66.0.2 (x64 es-ES)) (Version: 66.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 66.0.2.7024 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.5.2 - pdfforge GmbH)
Plantas Contra Zombis (HKLM-x32\...\Plantas Contra Zombis) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6730 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Sistema Único de Autodeterminación (HKLM-x32\...\{4038CCF6-A4E3-45D4-B122-33A476E02ECF}) (Version: 3.4.6 - Instituto Mexicano del Seguro Social)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmartPSS 1.16.1 (HKLM-x32\...\SmartPSS) (Version: 1.16.1 - )
Speedtest by Ookla (HKLM\...\{EA206FF7-17CC-4011-8D99-AB93C09AA884}) (Version: 1.0.14.001 - Ookla)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.132598 - TeamViewer)
UltraEdit (HKLM\...\{AFFE5F64-3248-41E9-96AE-8B475F6EFAB3}) (Version: 23.20.0.41 - IDM Computer Solutions, Inc.)
Update for Skype for Business 2015 (KB4464547) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2A5F57FD-DB91-4010-9161-93639D305C0B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4464547) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2A5F57FD-DB91-4010-9161-93639D305C0B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4464547) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{2A5F57FD-DB91-4010-9161-93639D305C0B}) (Version:  - Microsoft)
VersionSUA348 (HKLM-x32\...\{C08E8470-35AC-4033-9F6D-A0647507F805}) (Version: 3.4.8 - Instituto Mexicano del Seguro Social)
VersionSUA349 (HKLM-x32\...\{A2C3F8DB-8C7F-44D3-852E-8870BF315744}) (Version: 3.4.9 - Instituto Mexicano del Seguro Social)
VersionSUA350 (HKLM-x32\...\{7DD9701D-093B-43C2-867E-03AB70730211}) (Version: 3.5.0 - Instituto Mexicano del Seguro Social)
VersionSUA351 (HKLM-x32\...\{70500418-58DC-46E4-A0C2-E957F816AD98}) (Version: 3.5.1 - Instituto Mexicano del Seguro Social)
VersionSUA352 (HKLM-x32\...\{0A328B63-305E-48B0-B108-C72BA64F51CA}) (Version: 3.5.2 - Instituto Mexicano del Seguro Social)
VersionSUA353 (HKLM-x32\...\{613818CB-99E2-45FC-A214-A64B9641D981}) (Version: 3.5.3 - Instituto Mexicano del Seguro Social)
VersionSUA355 (HKLM-x32\...\{81C81F1E-CFA7-4E3B-BD89-956B3C975D26}) (Version: 3.5.5 - Instituto Mexicano del Seguro Social)
VersionSUA356 (HKLM-x32\...\{56FBEEC4-B949-4B51-9788-EB1B5A6FCAA3}) (Version: 3.5.6 - Instituto Mexicano del Seguro Social)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3156176292-3350762252-934864854-1000_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll () [File not signed]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Internet Security\shellExt.dll [2019-04-17] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2017-01-31] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Internet Security\shellExt.dll [2019-04-17] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Internet Security\shellExt.dll [2019-04-17] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3156176292-3350762252-934864854-1000: [UltraEdit] -> {b5eedee0-c06e-11cf-8c56-444553540000} => C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll [2016-11-01] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

Shortcut: C:\Users\pc\Favorites\Sitio para descargas de NCH Software.lnk -> hxxp://www.nch.com.au/es/index.htm

==================== Loaded Modules (Whitelisted) ==============

2012-09-23 21:44 - 2012-09-23 21:44 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\es_es\acrotray.esp
2016-11-28 14:12 - 2009-02-27 17:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-11-01 14:49 - 2016-11-01 22:20 - 001364992 _____ () [File not signed] C:\Program Files\IDM Computer Solutions\UltraEdit\GNU\libxml2.dll
2016-11-01 14:49 - 2016-11-01 22:20 - 000196096 _____ () [File not signed] C:\Program Files\IDM Computer Solutions\UltraEdit\GNU\zlib1.dll
2016-11-01 14:50 - 2016-11-01 22:20 - 004889088 _____ () [File not signed] C:\Program Files\IDM Computer Solutions\UltraEdit\ueres.dll
2011-01-14 18:11 - 2011-01-14 18:11 - 000163328 _____ (Broadcom Corporation) [File not signed] C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
2016-11-28 14:12 - 2008-08-18 19:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2016-11-28 14:12 - 2012-07-13 14:09 - 000385024 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2016-11-28 14:12 - 2011-02-28 12:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2016-11-28 14:12 - 2012-12-27 15:27 - 004509184 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
2016-11-28 14:12 - 2012-08-30 16:30 - 002040832 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2016-11-28 14:12 - 2012-10-26 11:01 - 000282112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
2016-11-28 14:12 - 2012-12-18 19:36 - 001885184 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
2016-11-01 14:49 - 2016-11-01 22:20 - 001012224 _____ (Free Software Foundation) [File not signed] C:\Program Files\IDM Computer Solutions\UltraEdit\GNU\iconv.dll
2016-11-01 14:49 - 2016-11-01 22:20 - 007565824 _____ (IDM Computer Solutions, Inc.) [File not signed] C:\Program Files\IDM Computer Solutions\UltraEdit\ProtectionPlusDLL.dll
2016-11-28 17:58 - 2016-11-28 17:58 - 000115200 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
2016-11-01 14:49 - 2016-11-01 22:20 - 025911296 _____ (The ICU Project) [File not signed] C:\Program Files\IDM Computer Solutions\UltraEdit\icudt55.dll
2016-11-01 14:49 - 2016-11-01 22:20 - 001522176 _____ (The ICU Project) [File not signed] C:\Program Files\IDM Computer Solutions\UltraEdit\icuuc55.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\pc:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\Users\pc\Configuración local:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Plantillas:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Desktop\Bancomer_abr.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\pc\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\AppData\Local\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\AppData\Local\Historial:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2560]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3156176292-3350762252-934864854-1000\...\gob.mx -> hxxp://*.imss.gob.mx

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\IDM Computer Solutions\UltraEdit
HKU\S-1-5-21-3156176292-3350762252-934864854-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{942E32F5-B0C6-4A4A-820D-440086761BD3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F9DFF757-9333-48D6-84F5-46508864D02F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{773A8606-23B9-401F-9609-FF01D944436B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A11F58AB-F701-4A21-B585-5DA38A5B247C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C4C3DE16-CFDB-458A-BA1B-3F799C70F9D4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5399B0DD-2599-4678-BBD8-3A8EBF2F6422}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5D683137-2B2C-4DC3-AF76-8C7D54B37E37}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0D213959-7A61-4DA9-A3F5-02B978B2A83C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{746CDC59-5834-4DAE-A79B-D89226E85052}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1176687B-AF55-45DD-86F5-82A18A5E0A7B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FF043CFE-C719-4719-B1DD-0E23B94E286A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E6FBC699-C4F8-4C05-A443-A73C3FBF572F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{CC46B45E-95CB-4C89-BD8E-C670E4C72A5A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{122A85D1-4601-441F-AC75-8F618FCC75E6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B43E9020-A283-43D7-8666-7E162F0ACBA3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{C3E8E66D-7E5A-49CB-BD65-5A7AFDFE91D3}] => (Allow) LPort=33029
FirewallRules: [{69725BA0-39DF-472C-81ED-9BFDCAB15CB7}] => (Allow) LPort=4290
FirewallRules: [TCP Query User{2AAC4B14-B224-4F8F-88EA-91375E59D00E}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [File not signed]
FirewallRules: [UDP Query User{AFAB699D-D8AA-44E3-B4DF-59E04F064AA1}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [File not signed]
FirewallRules: [{8EF08B18-A4BC-4A67-B31E-00EB2E01B577}] => (Block) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [File not signed]
FirewallRules: [{88B5E044-4F3C-4587-9C23-2B67CEDAE227}] => (Block) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [File not signed]
FirewallRules: [{E0DF5F1B-4407-49F4-B261-F5BCF1CD732B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{3594790D-B11D-4444-B39A-9D6440016FE8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C9A6E06A-BFB7-4703-8F13-0283D6B0FA89}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{0EE76381-903A-44AD-A841-9E83C36ECC35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{9472392B-1A5A-4260-B15C-2AC326C78F0B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{F63A869A-9CD3-4A16-B35E-E5CF57B0763B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{06A30B25-282E-4E3E-B606-0E21B8DEB2E3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{B9FF43E1-D00A-4A39-B210-AD60BB2F4A7E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{D54E49C3-D581-4FE9-B461-0D3D79D326D2}] => (Allow) C:\Windows\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DE673747-52EA-4DD5-9E3D-D410D915D2A8}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DCAB0F1B-AF2B-4210-9330-4A5E0204B347}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DD0A1213-C042-4996-9440-B7811FB41B9A}] => (Allow) LPort=1688
FirewallRules: [{8573F8F3-5905-4E52-ACC6-AF09FB116CFE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{1D5860B5-AFA1-408A-BA5A-E972047F85F9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

23-05-2019 12:17:10 Punto de control programado
29-05-2019 12:18:08 Revo Uninstaller's restore point - Malwarebytes versión 3.7.1.2839
29-05-2019 12:28:17 Revo Uninstaller's restore point - Malwarebytes versión 3.7.1.2839
29-05-2019 14:23:25 Revo Uninstaller's restore point - Malwarebytes versión 3.7.1.2839
30-05-2019 17:46:11 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

Name: Mouse PS/2 de Microsoft
Description: Mouse PS/2 de Microsoft
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2019 05:49:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/30/2019 04:32:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/30/2019 10:22:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/29/2019 04:35:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/29/2019 04:32:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.1.0.1807, marca de tiempo: 0x5cc0b6f1
Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5cba0161
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x001a86be
Id. del proceso con errores: 0x1188
Hora de inicio de la aplicación con errores: 0x01d516660c0a14bf
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: 4b1489e8-8259-11e9-b73b-e839355c1e1b

Error: (05/29/2019 02:52:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/29/2019 02:34:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/29/2019 02:34:15 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (05/30/2019 05:57:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Update no respondió después de iniciar.

Error: (05/30/2019 05:53:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Energy Server Service queencreek no respondió después de iniciar.

Error: (05/30/2019 05:48:43 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (05/30/2019 04:39:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Update no respondió después de iniciar.

Error: (05/30/2019 04:36:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Energy Server Service queencreek se cerró con el siguiente error: 
Error en el subsistema ABIOS.

Error: (05/30/2019 04:32:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (05/30/2019 04:32:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK.

Error: (05/30/2019 04:32:03 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.


Windows Defender:
===================================
Date: 2018-07-05 13:56:23.591
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:1.271.442.0
Versión de firma anterior:1.269.1075.0
Origen de actualización:Usuario
Tipo de firma:AntiSpyware
Tipo de actualización:Diferencia
Usuario:NT AUTHORITY\SYSTEM
Versión de motor actual:1.1.15000.2
Versión de motor anterior:1.1.14901.4
Código de error:0x80070666
Descripción de error:Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control. 

Date: 2018-07-05 13:56:23.590
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15000.2
Versión de motor anterior:1.1.14901.4
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x80070666
Descripción de error:Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control. 

CodeIntegrity:
===================================

Date: 2019-05-30 17:20:57.158
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET Internet Security\updfiles\base_nonnups\nod7AA2.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-05-30 17:20:56.675
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET Internet Security\updfiles\base_nonnups\nod7AA2.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-05-30 17:20:56.269
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET Internet Security\updfiles\base_nonnups\nod7AA2.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-05-30 17:20:55.817
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET Internet Security\updfiles\base_nonnups\nod7AA2.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-05-30 17:20:55.333
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET Internet Security\updfiles\base_nonnups\nod7AA2.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-05-30 17:20:54.927
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET Internet Security\updfiles\base_nonnups\nod7AA2.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-05-30 17:20:53.555
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET Internet Security\updfiles\base_nonnups\nod767B.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-05-30 17:20:53.102
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET Internet Security\updfiles\base_nonnups\nod767B.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

BIOS: Hewlett-Packard J01 v02.15 11/10/2011
Motherboard: Hewlett-Packard 1497
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 80%
Total physical RAM: 3984.03 MB
Available physical RAM: 786.9 MB
Total Virtual: 7966.2 MB
Available Virtual: 4030.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:152 GB) NTFS

\\?\Volume{3a25885a-7105-11e6-8595-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B20218E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Y el primer paso?

Falta log de Malwarebytes antirookit

Hola, Miguel:

Una disculpa, soy nuevo en esto.

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2019.05.30.10
  rootkit: v2019.05.30.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.19356
pc :: PC-PC [administrator]

30/05/2019 17:14:56
mbar-log-2019-05-30 (17-14-56).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 232731
Time elapsed: 29 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 92
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [dff38f13e0e78caa78cbf2c67d83c43c]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [963cd0d2bf08ca6c251fd4e4847c2fd1]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [03cfa7fbd9eed85ee362c7f16a96e917]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [933f9f0316b1ec4a0e3806b23ec236ca]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [29a98220f6d14beb4dfab1073ac61ae6]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [6270752d5f683501074177418d73f709]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c50d6f33a81fa4926cdd615744bc7d83]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9240178b21a69a9c62e8eeca9a66af51]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8a48673b6166a98df457a5139e62d12f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0bc7c8da6265fb3b024a17a15da3d12f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [854d2b77a027b5811a3305b304fcfa06]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [488a6f3325a2e74faea0d2e6f50bde22]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [10c24c568c3baf87133ccaee5ba51ee2]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [19b9d6cc1aadec4a68e80fa9a957ef11]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d9f9d0d28f38d165eb663583ba46f709]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ba185f437156bf77054de3d5936d5aa6]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [369c6141f4d3f93dec677543b24eec14]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8151a8fa685f2511fd57c0f8fa066d93]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [587af0b2d0f7d4622e27caeebf410df3]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [6a686d356463d660d87e6652bd43b64a]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [19b9dfc39532b68098bf863205fbd22e]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [30a2ffa3f7d061d5c3953a7ebc445ca4]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2ea4dfc326a13afc1841feba20e0b34d]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5c76960c14b362d45cfe6a4ec739eb15]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ab27aef47552b383cb90eccca25e1de3]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f0e2c9d98245330394c84a6e11ef08f8]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [6f63b9e9468163d380dde1d79b656e92]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e0f2475b3790f1457ce20eaa33cd659b]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [10c2a3ff5f684de9352ab305c13ffe02]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [547e435f1aad0036312f9a1e9a66c13f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f6dceab8a522251190d1c5f3808041bf]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d10179297d4ad264332f8e2a7e822fd1]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [be14b3ef61669c9afe656058a9570df3]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fdd59b0752750432c1a3cdeb3cc4b14f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c2108022b512b18563026256867a9d63]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f1e1f0b2ba0d112582e4d6e227d9a25e]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [369c4959c00748ee83e4f5c3996749b7]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [be14871bfec9ff37fa6eaf09e41c38c8]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b31f782afccb3006c4a56355d62a40c0]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [cd056a38d7f0a59104661c9c02fe7888]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [3a98069cb017ee48de8d10a838c87c84]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fdd5fba7c8fffc3af57717a118e8ed13]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c012a200725579bd224b07b19f61e719]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f9d90d95626533035915ceead030aa56]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [10c2960ccafdae88b1bea1172dd38080]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{268EAD62-6212-4B03-90B9-5C8259FB8105} (Trojan.Agent.Generic) -> Delete on reboot. [c909ced4d9ee0a2cd058348c639d27d9]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\10162q87441B66759H52578 (Trojan.Agent.Generic) -> Delete on reboot. [11c16d359e2969cdb08ed6f1d12fdc24]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fcd60c96e9debc7a0340447458a80cf4]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [953d099996317eb8182cc4f4ba4616ea]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [06ccfea4eadd290db3923a7efb05d12f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4c864b57299e8bab44020bad3fc14fb1]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1bb7a101a225f64089bed2e69c6455ab]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [884ae7bb5374ba7cfe4aa711817f1ae6]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5979841efdcab28483c6298f936dc43c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d101a4fe21a659ddd27801b75ca4dc24]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [16bce4beac1bfa3c65e6556334ccb54b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b71b8b174e794aec56f6f7c140c0dc24]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [15bd3d65ccfbcd69b29bf6c2ea169769]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [3c96cbd7398efb3b82ccfcbce31df40c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [369c9a08bc0b9c9aef60813708f811ef]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [547eb5ed6c5b26107fd16850b14f37c9]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4092653d18af261086cb9c1c4eb2d42c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [765c20823394a690460ce4d45da3718f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7c56e5bd05c2b2843d164177ff01946c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [745e5d4500c7ce685ef606b280807d83]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a52de3bfcbfc191d56ff01b739c7eb15]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [547e960c7d4a2511f363457341bf9769]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [29a92181d8eff640b2a57a3ea7596a96]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9f332c7609be6bcb73e57543639d738d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b121940eb80fa98d76e315a3e61a7a86]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ab27f3af23a47eb8a3b7318759a760a0]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [cf033969eadd50e626350bad10f0c23e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [bb178a1819ae1323e07cbefacd3309f7]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [11c149594285152192cb6256ea166997]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d3ff10927c4b41f5c5991e9ae9170af6]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e1f1831f66611d190c531f99e61a01ff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [23af5c46dfe84fe73f213484d52bfe02]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [08ca930f5e6989add48d4a6e2fd11ee2]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f3dfaff308bf0036c69cb9ffe11f7888]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b022a200d1f66dc942216b4dfe0231cf]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9c36b2f04a7d3501b6ae9226c04023dd]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a82a1c86d4f3181ec69f8731f0108977]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fdd5aaf8359295a1cd994e6a8977b14f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fad8950de1e6b38378ef0eaa659b51af]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ab271d85d6f1f73f80e86751b749fb05]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [31a1b4ee52758ea819508830b34d847c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [10c20f93ebdc90a6f27801b76898728e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [28aa237f19ae1323e7845c5c30d06d93]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5d75abf77354c274fd6f54646b95966a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [52804e546c5b81b5bab312a6e917966a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f3df237febdc0135125ca711fb052ad6]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7c569e047b4cca6c67083b7dcd33dc24]

Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{268EAD62-6212-4B03-90B9-5C8259FB8105}|Path (Trojan.Agent.Generic) -> Data: \10162q87441B66759H52578 -> Delete on reboot. [c909ced4d9ee0a2cd058348c639d27d9]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\Tasks\10162q87441B66759H52578 (Trojan.Agent.Generic) -> Delete on reboot. [aa28465cd6f1ca6c6e572f4cd22e0df3]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.19356

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 4177555456, free: 1693892608

Downloaded database version: v2019.05.30.10
Downloaded database version: v2019.05.30.10
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     05/30/2019 17:14:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\edevmon.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\??\C:\Program Files\ESET\ESET Internet Security\Modules\em000k_64\1014\em000k_64.dll
\??\C:\Program Files\ESET\ESET Internet Security\Modules\em006_64\1204\em006_64.dll
\??\C:\Program Files\ESET\ESET Internet Security\Modules\em018k_64\1570\em018k_64.dll
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\epfw.sys
\??\C:\Program Files\ESET\ESET Internet Security\Modules\em008k_64\1530\em008k_64.dll
\??\C:\Program Files\ESET\ESET Internet Security\Modules\em042_64\2280\em042_64.dll
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\system32\DRIVERS\EpfwLWF.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\567A147A.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\normaliz.dll
\Windows\System32\advapi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\lpk.dll
\Windows\System32\msvcrt.dll
\Windows\System32\usp10.dll
\Windows\System32\iertutil.dll
\Windows\System32\psapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\gdi32.dll
\Windows\System32\user32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imm32.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\sechost.dll
\Windows\System32\difxapi.dll
\Windows\System32\nsi.dll
\Windows\System32\shell32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2019.05.30.10
  rootkit: v2019.05.30.10

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007c9c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007c9cbe0, DeviceName: \Device\00000065\, DriverName: \Driver\edevmon\
DevicePointer: 0xfffffa8007b2a940, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007c9c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007a46520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80076c0060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B20218E8

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 976564224
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Windows\System32\Tasks\10162q87441B66759H52578 --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{268EAD62-6212-4B03-90B9-5C8259FB8105}|Path --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{268EAD62-6212-4B03-90B9-5C8259FB8105} --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\10162q87441B66759H52578 --> [Trojan.Agent.Generic]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 --> [Trojan.DisabledAVSecurityCerts]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Gracias por las atenciones. Saludos.

Tenias un malware que impide que ningún programa antivirus se ejecute.

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {D4210026-EF41-4A1C-ABFB-DB083A21EB75} - System32\Tasks\{A5A26AFF-B2F9-4B69-BDE4-F7F009C0FABC} => C:\Windows\system32\pcalua.exe -a C:\Users\pc\AppData\Local\Temp\jre-8u141-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau-m FAMILYUPGRADE=1 <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
2019-05-06 16:45 - 2019-05-07 09:41 - 000000000 ___HD C:\ProgramData\10162q87441B66759H52578
2018-08-09 16:40 - 2018-08-09 16:40 - 000003072 _____ () C:\Users\pc\AppData\Local\file__0.localstorage
2018-08-09 16:40 - 2018-08-09 16:40 - 000003072 _____ () C:\Users\pc\AppData\Local\https_drm.youdagames.com_0.localstorage
2018-09-27 11:14 - 2018-09-27 11:14 - 000000000 _____ () C:\Users\pc\AppData\Local\oobelibMkey.log
2016-11-12 13:58 - 2017-02-05 19:21 - 000007611 _____ () C:\Users\pc\AppData\Local\Resmon.ResmonCfg
2008-02-05 15:28 - 2008-02-05 15:28 - 000000051 _____ () C:\Users\pc\AppData\Local\setup.txt
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\pc\Favorites\Sitio para descargas de NCH Software.lnk -> hxxp://www.nch.com.au/es/index.htm
AlternateDataStreams: C:\Users\pc:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\Users\pc\Configuración local:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Plantillas:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Desktop\Bancomer_abr.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\pc\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\AppData\Local\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\AppData\Local\Historial:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2560]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, y realizas los siguientes analisis y me pegas también sus logs, pues ya debería de funcionar todo de nuevo


1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware,

Manual Malwarebytes, para que sepas usarlo y configurarlo.

  • Realiza un Análisis Personalizado,marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
  • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
  • Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward:Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.

  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • Si no encuentra nada, pulsamos “Omitir Reparación

  • El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Descarga Ccleaner

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Fabar,Malwarebytesy AdwCleaner y comentas como va el problema.

1 me gusta

Estimado Miguel:

Muchas gracias por tus indicaciones. Ya puedo ejecutar Malwarebytes. Te agradezco las atenciones.

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-05.2019
Ran by pc (31-05-2019 18:06:50) Run:1
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc & Copiar)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {D4210026-EF41-4A1C-ABFB-DB083A21EB75} - System32\Tasks\{A5A26AFF-B2F9-4B69-BDE4-F7F009C0FABC} => C:\Windows\system32\pcalua.exe -a C:\Users\pc\AppData\Local\Temp\jre-8u141-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau-m FAMILYUPGRADE=1 <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
2019-05-06 16:45 - 2019-05-07 09:41 - 000000000 ___HD C:\ProgramData\10162q87441B66759H52578
2018-08-09 16:40 - 2018-08-09 16:40 - 000003072 _____ () C:\Users\pc\AppData\Local\file__0.localstorage
2018-08-09 16:40 - 2018-08-09 16:40 - 000003072 _____ () C:\Users\pc\AppData\Local\https_drm.youdagames.com_0.localstorage
2018-09-27 11:14 - 2018-09-27 11:14 - 000000000 _____ () C:\Users\pc\AppData\Local\oobelibMkey.log
2016-11-12 13:58 - 2017-02-05 19:21 - 000007611 _____ () C:\Users\pc\AppData\Local\Resmon.ResmonCfg
2008-02-05 15:28 - 2008-02-05 15:28 - 000000051 _____ () C:\Users\pc\AppData\Local\setup.txt
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\pc\Favorites\Sitio para descargas de NCH Software.lnk -> hxxp://www.nch.com.au/es/index.htm
AlternateDataStreams: C:\Users\pc:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\Users\pc\Configuraci�n local:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Plantillas:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Desktop\Bancomer_abr.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\pc\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\AppData\Local\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\AppData\Local\Historial:gs5sys [3074]
AlternateDataStreams: C:\Users\pc\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2560]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4210026-EF41-4A1C-ABFB-DB083A21EB75}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4210026-EF41-4A1C-ABFB-DB083A21EB75}" => removed successfully
C:\Windows\System32\Tasks\{A5A26AFF-B2F9-4B69-BDE4-F7F009C0FABC} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A5A26AFF-B2F9-4B69-BDE4-F7F009C0FABC}" => removed successfully
HKLM\System\CurrentControlSet\Services\dbx => removed successfully
dbx => service removed successfully
C:\ProgramData\10162q87441B66759H52578 => moved successfully
C:\Users\pc\AppData\Local\file__0.localstorage => moved successfully
C:\Users\pc\AppData\Local\https_drm.youdagames.com_0.localstorage => moved successfully
C:\Users\pc\AppData\Local\oobelibMkey.log => moved successfully
C:\Users\pc\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\pc\AppData\Local\setup.txt => moved successfully
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully
"BVTFilter" => removed successfully
"BVTConsumer" => removed successfully
C:\Users\pc\Favorites\Sitio para descargas de NCH Software.lnk => moved successfully
C:\Users\pc => ":gs5sys" ADS removed successfully
C:\ProgramData\desktop.ini => ":gs5sys" ADS removed successfully
"C:\Users\pc\Configuraci�n local" => ":gs5sys" ADS not found.
C:\Users\pc\Cookies => ":gs5sys" ADS removed successfully
C:\Users\pc\Datos de programa => ":gs5sys" ADS removed successfully
C:\Users\pc\Plantillas => ":gs5sys" ADS removed successfully
C:\Users\pc\Desktop\Bancomer_abr.pdf => ":com.dropbox.attributes" ADS removed successfully
C:\Users\pc\Desktop\desktop.ini => ":gs5sys" ADS removed successfully
C:\Users\pc\AppData\Local => ":gs5sys" ADS removed successfully
"C:\Users\pc\AppData\Roaming" => ":gs5sys" ADS not found.
"C:\Users\pc\AppData\Local\Datos de programa" => ":gs5sys" ADS not found.
C:\Users\pc\AppData\Local\Historial => ":gs5sys" ADS removed successfully
C:\Users\pc\Documents\desktop.ini => ":gs5sys" ADS removed successfully
C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS removed successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3156176292-3350762252-934864854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3156176292-3350762252-934864854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : rga.ip
   Direcci¢n IPv6 . . . . . . . . . . : 2806:109f:1:46fd:427:bcec:1be3:19b7
   Direcci¢n IPv6 temporal. . . . . . : 2806:109f:1:46fd:b57b:e58b:82d4:9d4d
   V¡nculo: direcci¢n IPv6 local. . . : fe80::427:bcec:1be3:19b7%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.65
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : fe80::1%11
                                       192.168.1.254

Adaptador de t£nel isatap.rga.ip:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13139157 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 152766585 B
Edge => 0 B
Chrome => 397415230 B
Firefox => 23312829 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 110 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66520 B
LocalService => 0 B
NetworkService => 0 B
pc => 8540732 B
Copiar => 584528 B

RecycleBin => 0 B
EmptyTemp: => 568.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:08:47 ====
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-05-27.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-31-2019
# Duration: 00:00:24
# OS:       Windows 7 Professional
# Scanned:  27501
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [3194 octets] - [10/08/2018 16:27:18]
AdwCleaner[C00].txt - [3070 octets] - [10/08/2018 16:29:30]
AdwCleaner[S01].txt - [1379 octets] - [28/05/2019 10:44:42]
AdwCleaner[C01].txt - [1565 octets] - [28/05/2019 10:46:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 31/5/19
Hora del análisis: 18:25
Archivo de registro: 655dcb48-83fb-11e9-ae30-e839355c1e1b.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.586
Versión del paquete de actualización: 1.0.10860
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: pc-PC\pc

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 274184
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 11 min, 19 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Para eliminar las herramientas usadas en la desinfección, realizas:

  • Descargas y Ejecutas >> Delfix, en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)

  • Marca solamente la casilla Remove disinfection tools

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.


Me alegro de haberte podido ayudar! :+1:


TEMA SOLUCIONADO

1 me gusta

Este tema se cerró automáticamente 2 días después del último post. No se permiten nuevas respuestas.