Mi notebook se infecto al descargar un ISO

Ayuda General
#8

continuo con el FRST


2019-03-11 23:26 - 2019-03-11 23:28 - 000045618 _____ C:\Users\Caro\Downloads\FRST.txt
2019-03-11 23:25 - 2019-03-11 23:26 - 000000000 ____D C:\FRST
2019-03-11 23:24 - 2019-03-11 23:24 - 002434560 _____ (Farbar) C:\Users\Caro\Downloads\FRST64.exe
2019-03-11 16:19 - 2019-03-11 16:19 - 000001752 _____ C:\Users\Caro\Downloads\marzo11 malware.txt
2019-03-10 23:13 - 2019-03-10 23:13 - 019384632 _____ (Piriform Software Ltd) C:\Users\Caro\Downloads\ccsetup553.exe
2019-03-10 23:13 - 2019-03-10 23:13 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-03-10 23:13 - 2019-03-10 23:13 - 000002874 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-03-10 23:13 - 2019-03-10 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-03-10 23:13 - 2019-03-10 23:13 - 000000000 ____D C:\Program Files\CCleaner
2019-03-10 21:03 - 2019-03-10 21:03 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-03-10 21:03 - 2019-03-10 21:03 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-03-10 21:02 - 2019-03-10 21:02 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-10 21:02 - 2019-03-10 21:02 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-03-10 20:25 - 2019-03-10 21:00 - 000000000 ____D C:\Users\Caro\AppData\Roaming\ZHP
2019-03-10 20:25 - 2019-03-10 20:25 - 000000000 ____D C:\Users\Caro\AppData\Local\ZHP
2019-03-10 20:21 - 2019-03-10 20:21 - 003321728 _____ C:\Users\Caro\Downloads\ZHPCleaner.exe
2019-03-10 20:16 - 2019-03-10 20:16 - 007316688 _____ (Malwarebytes) C:\Users\Caro\Downloads\adwcleaner_7.2.7.0 (1).exe
2019-03-10 19:35 - 2019-03-10 19:37 - 000000000 ____D C:\AdwCleaner
2019-03-10 19:33 - 2019-03-10 19:34 - 007316688 _____ (Malwarebytes) C:\Users\Caro\Downloads\adwcleaner_7.2.7.0.exe
2019-03-10 19:08 - 2019-03-10 19:08 - 000042734 _____ C:\Users\Caro\Downloads\marzo10Malware.txt
2019-03-10 19:02 - 2019-03-10 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-03-10 18:07 - 2019-03-10 18:07 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-03-10 18:07 - 2019-03-10 18:07 - 000000000 ____D C:\Users\Caro\AppData\Local\mbam
2019-03-10 18:06 - 2019-03-10 18:06 - 000000000 ____D C:\Users\Caro\AppData\Local\mbamtray
2019-03-10 18:05 - 2019-03-10 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-10 18:05 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-10 18:05 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-10 18:01 - 2019-03-10 18:01 - 062400056 _____ (Malwarebytes ) C:\Users\Caro\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9618.exe
2019-03-10 17:24 - 2019-03-10 17:24 - 000002591 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002550 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002542 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-03-07 22:54 - 2019-03-07 22:54 - 000000012 _____ C:\Users\Caro\setup_01.ini
2019-03-04 10:17 - 2019-03-04 10:17 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-03-04 10:17 - 2019-03-04 10:17 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-03-04 10:17 - 2019-03-04 10:17 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-03-04 10:17 - 2019-03-04 10:17 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-02-14 18:32 - 2019-02-14 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-02-14 18:31 - 2019-02-14 18:31 - 000000000 ____D C:\Program Files\iTunes
2019-02-14 18:31 - 2019-02-14 18:31 - 000000000 ____D C:\Program Files\iPod
2019-02-14 18:22 - 2019-02-14 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-02-14 18:08 - 2019-02-06 04:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-14 18:08 - 2019-02-06 04:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-14 18:08 - 2019-02-06 04:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-14 18:08 - 2019-02-06 04:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-14 18:08 - 2019-02-06 03:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-14 18:08 - 2019-02-06 03:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-14 18:08 - 2019-02-06 00:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-14 18:08 - 2019-02-06 00:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-14 18:08 - 2019-02-06 00:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-14 18:08 - 2019-02-06 00:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-14 18:08 - 2019-02-06 00:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-14 18:08 - 2019-02-06 00:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-14 18:08 - 2019-02-06 00:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-14 18:08 - 2019-02-06 00:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-14 18:08 - 2019-02-06 00:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-14 18:08 - 2019-02-05 23:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-14 18:08 - 2019-02-05 23:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-14 18:08 - 2019-02-05 23:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-14 18:08 - 2019-02-05 23:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-14 18:08 - 2019-02-05 23:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-14 18:08 - 2019-02-05 23:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-14 18:08 - 2019-02-05 23:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-14 18:08 - 2019-02-05 23:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-14 18:08 - 2019-02-05 23:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-14 18:08 - 2019-02-05 23:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-14 18:08 - 2019-02-05 23:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-14 18:08 - 2019-02-05 23:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-14 18:08 - 2019-02-05 23:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-14 18:08 - 2019-01-11 23:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-14 18:08 - 2019-01-09 14:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-14 18:08 - 2019-01-09 14:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-14 18:08 - 2019-01-09 14:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-14 18:08 - 2019-01-09 14:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-14 18:08 - 2019-01-09 06:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-14 18:08 - 2019-01-09 02:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-14 18:08 - 2019-01-09 02:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-14 18:08 - 2019-01-09 02:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-14 18:08 - 2019-01-09 02:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-14 18:08 - 2019-01-09 02:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-14 18:08 - 2019-01-09 02:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-14 18:08 - 2019-01-09 02:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-14 18:08 - 2019-01-09 02:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-14 18:08 - 2019-01-09 02:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-14 18:08 - 2019-01-09 02:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-14 18:08 - 2019-01-09 02:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-14 18:08 - 2019-01-09 02:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-14 18:08 - 2019-01-09 02:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-14 18:08 - 2019-01-09 02:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-14 18:08 - 2019-01-09 02:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-14 18:08 - 2019-01-09 02:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-14 18:08 - 2019-01-09 02:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-14 18:07 - 2019-02-06 04:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-14 18:07 - 2019-02-06 04:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-14 18:07 - 2019-02-06 04:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-14 18:07 - 2019-02-06 03:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-14 18:07 - 2019-02-06 00:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-14 18:07 - 2019-02-06 00:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-14 18:07 - 2019-02-06 00:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-14 18:07 - 2019-02-06 00:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-14 18:07 - 2019-02-06 00:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-14 18:07 - 2019-02-06 00:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-14 18:07 - 2019-02-06 00:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-14 18:07 - 2019-02-05 23:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-14 18:07 - 2019-02-05 23:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-14 18:07 - 2019-02-05 23:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-14 18:07 - 2019-02-05 23:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-14 18:07 - 2019-02-05 23:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-14 18:07 - 2019-02-05 23:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-14 18:07 - 2019-02-05 23:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-14 18:07 - 2019-01-09 15:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-14 18:07 - 2019-01-09 02:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-14 18:07 - 2019-01-09 02:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-14 18:07 - 2019-01-09 02:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-14 18:07 - 2019-01-09 02:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-14 18:07 - 2019-01-09 02:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-14 18:07 - 2019-01-09 02:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-14 18:07 - 2019-01-09 02:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-14 18:07 - 2019-01-09 02:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-14 18:07 - 2019-01-09 02:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-14 18:07 - 2019-01-09 02:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-14 18:07 - 2019-01-09 02:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-14 18:07 - 2019-01-09 02:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-14 18:07 - 2019-01-09 02:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-14 18:07 - 2019-01-09 01:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-14 18:07 - 2019-01-09 01:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-14 18:07 - 2019-01-08 00:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-14 16:56 - 2019-02-06 04:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-14 16:56 - 2019-02-06 03:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-14 16:56 - 2019-02-06 00:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-14 16:56 - 2019-02-06 00:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-14 16:56 - 2019-02-06 00:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-14 16:56 - 2019-02-06 00:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-14 16:56 - 2019-02-06 00:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-14 16:56 - 2019-02-06 00:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-14 16:56 - 2019-02-06 00:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-14 16:56 - 2019-02-06 00:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-14 16:56 - 2019-02-05 23:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-14 16:56 - 2019-02-05 23:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-14 16:56 - 2019-02-05 23:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-14 16:56 - 2019-02-05 23:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-14 16:56 - 2019-02-05 23:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-14 16:56 - 2019-02-05 23:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-14 16:56 - 2019-02-05 23:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-14 16:56 - 2019-02-05 23:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-14 16:56 - 2019-02-05 23:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-14 16:56 - 2019-02-05 23:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-14 16:56 - 2019-02-05 23:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-14 16:56 - 2019-02-05 23:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-14 16:56 - 2019-02-05 23:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-14 16:56 - 2019-02-05 23:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-14 16:56 - 2019-02-05 23:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-14 16:56 - 2019-02-05 23:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-14 16:56 - 2019-02-05 22:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-14 16:56 - 2019-01-12 05:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-14 16:56 - 2019-01-09 14:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-14 16:56 - 2019-01-09 14:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-14 16:56 - 2019-01-09 14:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-14 16:56 - 2019-01-09 07:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-14 16:56 - 2019-01-09 06:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-14 16:56 - 2019-01-09 05:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-14 16:56 - 2019-01-09 05:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-14 16:56 - 2019-01-09 02:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-14 16:56 - 2019-01-09 02:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-14 16:56 - 2019-01-09 02:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-14 16:56 - 2019-01-09 02:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-14 16:56 - 2019-01-09 02:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-14 16:56 - 2019-01-09 02:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-14 16:56 - 2019-01-09 02:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-14 16:56 - 2019-01-09 02:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-14 16:56 - 2019-01-09 02:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-14 16:56 - 2019-01-09 02:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-14 16:56 - 2019-01-09 02:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-14 16:56 - 2019-01-09 02:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-14 16:56 - 2019-01-09 02:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-14 16:56 - 2019-01-09 02:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-14 16:56 - 2019-01-09 02:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-14 16:56 - 2019-01-09 02:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-14 16:56 - 2019-01-09 02:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-14 16:56 - 2019-01-08 06:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-14 16:56 - 2019-01-08 00:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-14 16:55 - 2019-01-08 00:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-14 15:58 - 2019-02-14 15:58 - 000000011 _____ C:\Users\Caro\setup24.ini
2019-02-14 15:57 - 2019-02-14 15:57 - 000000009 _____ C:\Users\Caro\rstr4.ini
2019-02-10 04:54 - 2019-02-10 04:54 - 006161408 _____ C:\Users\Caro\AppData\Local\dump007.dat
2019-02-10 04:54 - 2019-02-10 04:54 - 000000011 _____ C:\Users\Caro\setup22.ini
2019-02-10 04:52 - 2019-02-10 04:52 - 000000009 _____ C:\Users\Caro\rstr3.ini
2019-02-10 03:49 - 2019-02-10 03:49 - 000000003 _____ C:\Users\Caro\AppData\Local\wbem.ini
2019-02-10 03:48 - 2019-02-18 01:07 - 000000000 ____D C:\Users\Caro\AppData\Local\Mail.Ru
2019-02-10 03:48 - 2019-02-10 03:48 - 000000000 ____D C:\ProgramData\Mail.Ru
2019-02-10 03:08 - 2019-02-10 03:10 - 000000000 ___RD C:\Users\Caro\Box Sync
2019-02-10 03:03 - 2019-02-10 04:56 - 000000000 ____D C:\Users\Caro\AppData\Local\Box Sync
2019-02-10 03:03 - 2019-02-10 03:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2019-02-10 03:03 - 2019-02-10 03:03 - 000000000 ____D C:\Program Files\Box
2019-02-10 02:26 - 2019-02-10 02:26 - 000000882 _____ C:\Users\Caro\Downloads\Documentos - Acceso directo.lnk
2019-02-09 08:53 - 2019-02-09 08:53 - 000101737 _____ C:\WINDOWS\uninstaller.dat

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-11 23:14 - 2018-05-29 02:41 - 000004204 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C6F4BD55-6BCC-4B51-BBE7-346301359930}
2019-03-11 16:46 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-11 16:39 - 2018-05-29 02:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-11 02:12 - 2018-05-20 14:45 - 000000000 ___DC C:\WINDOWS\Panther
2019-03-11 02:12 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-03-11 02:12 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-10 21:09 - 2016-04-28 01:30 - 000000000 ___RD C:\Users\Caro\Google Drive
2019-03-10 21:09 - 2016-01-25 23:32 - 000000000 ___RD C:\Users\Caro\Dropbox
2019-03-10 21:07 - 2016-11-03 14:16 - 000000000 ___RD C:\Users\Caro\iCloudDrive
2019-03-10 21:07 - 2016-01-25 15:03 - 000000000 ___RD C:\Users\Caro\OneDrive
2019-03-10 21:03 - 2017-06-02 15:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-10 21:03 - 2016-01-25 15:01 - 000000000 __SHD C:\Users\Caro\IntelGraphicsProfiles
2019-03-10 21:02 - 2018-05-29 02:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-10 21:02 - 2016-08-22 22:09 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-10 21:01 - 2018-04-11 18:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2019-03-10 19:05 - 2016-01-25 23:20 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-03-10 18:54 - 2018-07-26 22:05 - 000000648 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009.job
2019-03-10 18:54 - 2018-07-26 22:05 - 000000552 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009.job
2019-03-10 18:53 - 2018-05-29 02:14 - 000000000 ____D C:\Users\Caro
2019-03-10 18:05 - 2018-04-11 20:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-10 17:26 - 2018-04-11 18:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-10 17:22 - 2015-08-15 06:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-03-10 17:12 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-09 01:45 - 2018-07-26 22:05 - 000003802 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009
2019-03-09 01:45 - 2018-07-26 22:05 - 000003706 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009
2019-03-09 01:45 - 2018-07-26 22:05 - 000000000 ____D C:\Users\Caro\AppData\Local\GoToMeeting
2019-03-09 01:03 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-07 23:28 - 2017-12-15 02:08 - 000000000 ____D C:\Users\Caro\AppData\Local\PlaceholderTileLogoFolder
2019-03-07 23:28 - 2017-12-01 14:57 - 000000000 ____D C:\Users\Caro\AppData\Local\Packages
2019-03-07 23:08 - 2015-11-10 23:51 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-07 23:04 - 2018-05-29 02:26 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-07 23:04 - 2018-04-12 13:18 - 000787744 _____ C:\WINDOWS\system32\perfh00A.dat
2019-03-07 23:04 - 2018-04-12 13:18 - 000155340 _____ C:\WINDOWS\system32\perfc00A.dat
2019-03-07 22:56 - 2016-01-25 23:20 - 000000966 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-03-07 22:56 - 2016-01-25 23:20 - 000000962 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-03-07 22:16 - 2016-05-16 23:47 - 000000000 ____D C:\Users\Caro\AppData\Local\ElevatedDiagnostics
2019-03-06 20:12 - 2018-05-29 02:14 - 000002445 _____ C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-01 23:07 - 2018-11-16 22:28 - 000000000 ____D C:\Program Files\rempl
2019-02-23 23:35 - 2018-02-27 00:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-20 18:04 - 2018-05-29 02:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-02-14 18:39 - 2018-05-29 02:41 - 000004026 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2019-02-14 18:39 - 2018-05-29 02:41 - 000003794 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2019-02-14 18:37 - 2018-05-29 02:06 - 000464120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-14 18:20 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-10 04:47 - 2017-04-10 02:31 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-02-10 03:48 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-02-10 03:48 - 2013-08-22 12:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-02-10 03:04 - 2015-08-15 06:21 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-10 02:33 - 2017-04-10 02:32 - 000000000 ____D C:\ProgramData\NCH Software
2019-02-10 02:26 - 2017-04-10 02:31 - 000000000 ____D C:\Users\Caro\AppData\Roaming\NCH Software
2019-02-10 02:09 - 2018-05-29 02:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software

==================== Files in the root of some directories =======

2016-10-24 20:07 - 2016-11-24 15:21 - 000000033 _____ () C:\Users\Caro\AppData\Roaming\AdobeWLCMCache.dat
2019-02-10 04:54 - 2019-02-10 04:54 - 006161408 _____ () C:\Users\Caro\AppData\Local\dump007.dat
2018-10-05 22:20 - 2018-10-05 22:20 - 000000000 _____ () C:\Users\Caro\AppData\Local\oobelibMkey.log
2019-02-10 03:49 - 2019-02-10 03:49 - 000000003 _____ () C:\Users\Caro\AppData\Local\wbem.ini

Some files in TEMP:
====================
2019-02-10 04:52 - 2019-03-11 02:12 - 000000000 ____D () C:\Users\Caro\AppData\Local\Temp\ImagingEngine.dll

Some zero byte size files/folders:
==========================
C:\Windows\System32\mysqld.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-29 02:06

==================== End of FRST.txt ============================

Hasta aqui San el FRST. Eral muy largo asi que lo dividi

#9

El adition


2019-03-11 23:26 - 2019-03-11 23:28 - 000045618 _____ C:\Users\Caro\Downloads\FRST.txt
2019-03-11 23:25 - 2019-03-11 23:26 - 000000000 ____D C:\FRST
2019-03-11 23:24 - 2019-03-11 23:24 - 002434560 _____ (Farbar) C:\Users\Caro\Downloads\FRST64.exe
2019-03-11 16:19 - 2019-03-11 16:19 - 000001752 _____ C:\Users\Caro\Downloads\marzo11 malware.txt
2019-03-10 23:13 - 2019-03-10 23:13 - 019384632 _____ (Piriform Software Ltd) C:\Users\Caro\Downloads\ccsetup553.exe
2019-03-10 23:13 - 2019-03-10 23:13 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-03-10 23:13 - 2019-03-10 23:13 - 000002874 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-03-10 23:13 - 2019-03-10 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-03-10 23:13 - 2019-03-10 23:13 - 000000000 ____D C:\Program Files\CCleaner
2019-03-10 21:03 - 2019-03-10 21:03 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-03-10 21:03 - 2019-03-10 21:03 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-03-10 21:02 - 2019-03-10 21:02 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-10 21:02 - 2019-03-10 21:02 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-03-10 20:25 - 2019-03-10 21:00 - 000000000 ____D C:\Users\Caro\AppData\Roaming\ZHP
2019-03-10 20:25 - 2019-03-10 20:25 - 000000000 ____D C:\Users\Caro\AppData\Local\ZHP
2019-03-10 20:21 - 2019-03-10 20:21 - 003321728 _____ C:\Users\Caro\Downloads\ZHPCleaner.exe
2019-03-10 20:16 - 2019-03-10 20:16 - 007316688 _____ (Malwarebytes) C:\Users\Caro\Downloads\adwcleaner_7.2.7.0 (1).exe
2019-03-10 19:35 - 2019-03-10 19:37 - 000000000 ____D C:\AdwCleaner
2019-03-10 19:33 - 2019-03-10 19:34 - 007316688 _____ (Malwarebytes) C:\Users\Caro\Downloads\adwcleaner_7.2.7.0.exe
2019-03-10 19:08 - 2019-03-10 19:08 - 000042734 _____ C:\Users\Caro\Downloads\marzo10Malware.txt
2019-03-10 19:02 - 2019-03-10 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-03-10 18:07 - 2019-03-10 18:07 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-03-10 18:07 - 2019-03-10 18:07 - 000000000 ____D C:\Users\Caro\AppData\Local\mbam
2019-03-10 18:06 - 2019-03-10 18:06 - 000000000 ____D C:\Users\Caro\AppData\Local\mbamtray
2019-03-10 18:05 - 2019-03-10 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-10 18:05 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-10 18:05 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-10 18:01 - 2019-03-10 18:01 - 062400056 _____ (Malwarebytes ) C:\Users\Caro\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9618.exe
2019-03-10 17:24 - 2019-03-10 17:24 - 000002591 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002550 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002542 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-03-07 22:54 - 2019-03-07 22:54 - 000000012 _____ C:\Users\Caro\setup_01.ini
2019-03-04 10:17 - 2019-03-04 10:17 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-03-04 10:17 - 2019-03-04 10:17 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-03-04 10:17 - 2019-03-04 10:17 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-03-04 10:17 - 2019-03-04 10:17 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-02-14 18:32 - 2019-02-14 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-02-14 18:31 - 2019-02-14 18:31 - 000000000 ____D C:\Program Files\iTunes
2019-02-14 18:31 - 2019-02-14 18:31 - 000000000 ____D C:\Program Files\iPod
2019-02-14 18:22 - 2019-02-14 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-02-14 18:08 - 2019-02-06 04:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-14 18:08 - 2019-02-06 04:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-14 18:08 - 2019-02-06 04:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-14 18:08 - 2019-02-06 04:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-14 18:08 - 2019-02-06 03:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-14 18:08 - 2019-02-06 03:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-14 18:08 - 2019-02-06 00:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-14 18:08 - 2019-02-06 00:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-14 18:08 - 2019-02-06 00:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-14 18:08 - 2019-02-06 00:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-14 18:08 - 2019-02-06 00:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-14 18:08 - 2019-02-06 00:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-14 18:08 - 2019-02-06 00:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-14 18:08 - 2019-02-06 00:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-14 18:08 - 2019-02-06 00:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-14 18:08 - 2019-02-05 23:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-14 18:08 - 2019-02-05 23:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-14 18:08 - 2019-02-05 23:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-14 18:08 - 2019-02-05 23:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-14 18:08 - 2019-02-05 23:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-14 18:08 - 2019-02-05 23:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-14 18:08 - 2019-02-05 23:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-14 18:08 - 2019-02-05 23:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-14 18:08 - 2019-02-05 23:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-14 18:08 - 2019-02-05 23:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-14 18:08 - 2019-02-05 23:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-14 18:08 - 2019-02-05 23:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-14 18:08 - 2019-02-05 23:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-14 18:08 - 2019-01-11 23:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-14 18:08 - 2019-01-09 14:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-14 18:08 - 2019-01-09 14:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-14 18:08 - 2019-01-09 14:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-14 18:08 - 2019-01-09 14:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-14 18:08 - 2019-01-09 06:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-14 18:08 - 2019-01-09 02:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-14 18:08 - 2019-01-09 02:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-14 18:08 - 2019-01-09 02:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-14 18:08 - 2019-01-09 02:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-14 18:08 - 2019-01-09 02:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-14 18:08 - 2019-01-09 02:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-14 18:08 - 2019-01-09 02:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-14 18:08 - 2019-01-09 02:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-14 18:08 - 2019-01-09 02:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-14 18:08 - 2019-01-09 02:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-14 18:08 - 2019-01-09 02:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-14 18:08 - 2019-01-09 02:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-14 18:08 - 2019-01-09 02:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-14 18:08 - 2019-01-09 02:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-14 18:08 - 2019-01-09 02:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-14 18:08 - 2019-01-09 02:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-14 18:08 - 2019-01-09 02:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-14 18:07 - 2019-02-06 04:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-14 18:07 - 2019-02-06 04:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-14 18:07 - 2019-02-06 04:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-14 18:07 - 2019-02-06 03:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-14 18:07 - 2019-02-06 00:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-14 18:07 - 2019-02-06 00:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-14 18:07 - 2019-02-06 00:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-14 18:07 - 2019-02-06 00:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-14 18:07 - 2019-02-06 00:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-14 18:07 - 2019-02-06 00:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-14 18:07 - 2019-02-06 00:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-14 18:07 - 2019-02-05 23:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-14 18:07 - 2019-02-05 23:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-14 18:07 - 2019-02-05 23:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-14 18:07 - 2019-02-05 23:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-14 18:07 - 2019-02-05 23:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-14 18:07 - 2019-02-05 23:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-14 18:07 - 2019-02-05 23:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-14 18:07 - 2019-01-09 15:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-14 18:07 - 2019-01-09 02:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-14 18:07 - 2019-01-09 02:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-14 18:07 - 2019-01-09 02:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-14 18:07 - 2019-01-09 02:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-14 18:07 - 2019-01-09 02:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-14 18:07 - 2019-01-09 02:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-14 18:07 - 2019-01-09 02:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-14 18:07 - 2019-01-09 02:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-14 18:07 - 2019-01-09 02:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-14 18:07 - 2019-01-09 02:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-14 18:07 - 2019-01-09 02:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-14 18:07 - 2019-01-09 02:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-14 18:07 - 2019-01-09 02:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-14 18:07 - 2019-01-09 01:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-14 18:07 - 2019-01-09 01:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-14 18:07 - 2019-01-08 00:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-14 16:56 - 2019-02-06 04:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-14 16:56 - 2019-02-06 03:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-14 16:56 - 2019-02-06 00:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-14 16:56 - 2019-02-06 00:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-14 16:56 - 2019-02-06 00:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-14 16:56 - 2019-02-06 00:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-14 16:56 - 2019-02-06 00:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-14 16:56 - 2019-02-06 00:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-14 16:56 - 2019-02-06 00:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-14 16:56 - 2019-02-06 00:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-14 16:56 - 2019-02-05 23:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-14 16:56 - 2019-02-05 23:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-14 16:56 - 2019-02-05 23:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-14 16:56 - 2019-02-05 23:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-14 16:56 - 2019-02-05 23:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-14 16:56 - 2019-02-05 23:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-14 16:56 - 2019-02-05 23:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-14 16:56 - 2019-02-05 23:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-14 16:56 - 2019-02-05 23:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-14 16:56 - 2019-02-05 23:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-14 16:56 - 2019-02-05 23:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-14 16:56 - 2019-02-05 23:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-14 16:56 - 2019-02-05 23:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-14 16:56 - 2019-02-05 23:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-14 16:56 - 2019-02-05 23:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-14 16:56 - 2019-02-05 23:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-14 16:56 - 2019-02-05 22:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-14 16:56 - 2019-01-12 05:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-14 16:56 - 2019-01-09 14:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-14 16:56 - 2019-01-09 14:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-14 16:56 - 2019-01-09 14:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-14 16:56 - 2019-01-09 07:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-14 16:56 - 2019-01-09 06:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-14 16:56 - 2019-01-09 05:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-14 16:56 - 2019-01-09 05:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-14 16:56 - 2019-01-09 02:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-14 16:56 - 2019-01-09 02:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-14 16:56 - 2019-01-09 02:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-14 16:56 - 2019-01-09 02:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-14 16:56 - 2019-01-09 02:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-14 16:56 - 2019-01-09 02:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-14 16:56 - 2019-01-09 02:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-14 16:56 - 2019-01-09 02:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-14 16:56 - 2019-01-09 02:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-14 16:56 - 2019-01-09 02:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-14 16:56 - 2019-01-09 02:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-14 16:56 - 2019-01-09 02:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-14 16:56 - 2019-01-09 02:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-14 16:56 - 2019-01-09 02:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-14 16:56 - 2019-01-09 02:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-14 16:56 - 2019-01-09 02:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-14 16:56 - 2019-01-09 02:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-14 16:56 - 2019-01-08 06:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-14 16:56 - 2019-01-08 00:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-14 16:55 - 2019-01-08 00:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-14 15:58 - 2019-02-14 15:58 - 000000011 _____ C:\Users\Caro\setup24.ini
2019-02-14 15:57 - 2019-02-14 15:57 - 000000009 _____ C:\Users\Caro\rstr4.ini
2019-02-10 04:54 - 2019-02-10 04:54 - 006161408 _____ C:\Users\Caro\AppData\Local\dump007.dat
2019-02-10 04:54 - 2019-02-10 04:54 - 000000011 _____ C:\Users\Caro\setup22.ini
2019-02-10 04:52 - 2019-02-10 04:52 - 000000009 _____ C:\Users\Caro\rstr3.ini
2019-02-10 03:49 - 2019-02-10 03:49 - 000000003 _____ C:\Users\Caro\AppData\Local\wbem.ini
2019-02-10 03:48 - 2019-02-18 01:07 - 000000000 ____D C:\Users\Caro\AppData\Local\Mail.Ru
2019-02-10 03:48 - 2019-02-10 03:48 - 000000000 ____D C:\ProgramData\Mail.Ru
2019-02-10 03:08 - 2019-02-10 03:10 - 000000000 ___RD C:\Users\Caro\Box Sync
2019-02-10 03:03 - 2019-02-10 04:56 - 000000000 ____D C:\Users\Caro\AppData\Local\Box Sync
2019-02-10 03:03 - 2019-02-10 03:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2019-02-10 03:03 - 2019-02-10 03:03 - 000000000 ____D C:\Program Files\Box
2019-02-10 02:26 - 2019-02-10 02:26 - 000000882 _____ C:\Users\Caro\Downloads\Documentos - Acceso directo.lnk
2019-02-09 08:53 - 2019-02-09 08:53 - 000101737 _____ C:\WINDOWS\uninstaller.dat

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-11 23:14 - 2018-05-29 02:41 - 000004204 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C6F4BD55-6BCC-4B51-BBE7-346301359930}
2019-03-11 16:46 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-11 16:39 - 2018-05-29 02:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-11 02:12 - 2018-05-20 14:45 - 000000000 ___DC C:\WINDOWS\Panther
2019-03-11 02:12 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-03-11 02:12 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-10 21:09 - 2016-04-28 01:30 - 000000000 ___RD C:\Users\Caro\Google Drive
2019-03-10 21:09 - 2016-01-25 23:32 - 000000000 ___RD C:\Users\Caro\Dropbox
2019-03-10 21:07 - 2016-11-03 14:16 - 000000000 ___RD C:\Users\Caro\iCloudDrive
2019-03-10 21:07 - 2016-01-25 15:03 - 000000000 ___RD C:\Users\Caro\OneDrive
2019-03-10 21:03 - 2017-06-02 15:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-10 21:03 - 2016-01-25 15:01 - 000000000 __SHD C:\Users\Caro\IntelGraphicsProfiles
2019-03-10 21:02 - 2018-05-29 02:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-10 21:02 - 2016-08-22 22:09 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-10 21:01 - 2018-04-11 18:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2019-03-10 19:05 - 2016-01-25 23:20 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-03-10 18:54 - 2018-07-26 22:05 - 000000648 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009.job
2019-03-10 18:54 - 2018-07-26 22:05 - 000000552 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009.job
2019-03-10 18:53 - 2018-05-29 02:14 - 000000000 ____D C:\Users\Caro
2019-03-10 18:05 - 2018-04-11 20:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-10 17:26 - 2018-04-11 18:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-10 17:22 - 2015-08-15 06:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-03-10 17:12 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-09 01:45 - 2018-07-26 22:05 - 000003802 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009
2019-03-09 01:45 - 2018-07-26 22:05 - 000003706 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009
2019-03-09 01:45 - 2018-07-26 22:05 - 000000000 ____D C:\Users\Caro\AppData\Local\GoToMeeting
2019-03-09 01:03 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-07 23:28 - 2017-12-15 02:08 - 000000000 ____D C:\Users\Caro\AppData\Local\PlaceholderTileLogoFolder
2019-03-07 23:28 - 2017-12-01 14:57 - 000000000 ____D C:\Users\Caro\AppData\Local\Packages
2019-03-07 23:08 - 2015-11-10 23:51 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-07 23:04 - 2018-05-29 02:26 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-07 23:04 - 2018-04-12 13:18 - 000787744 _____ C:\WINDOWS\system32\perfh00A.dat
2019-03-07 23:04 - 2018-04-12 13:18 - 000155340 _____ C:\WINDOWS\system32\perfc00A.dat
2019-03-07 22:56 - 2016-01-25 23:20 - 000000966 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-03-07 22:56 - 2016-01-25 23:20 - 000000962 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-03-07 22:16 - 2016-05-16 23:47 - 000000000 ____D C:\Users\Caro\AppData\Local\ElevatedDiagnostics
2019-03-06 20:12 - 2018-05-29 02:14 - 000002445 _____ C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-01 23:07 - 2018-11-16 22:28 - 000000000 ____D C:\Program Files\rempl
2019-02-23 23:35 - 2018-02-27 00:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-20 18:04 - 2018-05-29 02:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-02-14 18:39 - 2018-05-29 02:41 - 000004026 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2019-02-14 18:39 - 2018-05-29 02:41 - 000003794 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2019-02-14 18:37 - 2018-05-29 02:06 - 000464120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-14 18:20 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-10 04:47 - 2017-04-10 02:31 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-02-10 03:48 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-02-10 03:48 - 2013-08-22 12:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-02-10 03:04 - 2015-08-15 06:21 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-10 02:33 - 2017-04-10 02:32 - 000000000 ____D C:\ProgramData\NCH Software
2019-02-10 02:26 - 2017-04-10 02:31 - 000000000 ____D C:\Users\Caro\AppData\Roaming\NCH Software
2019-02-10 02:09 - 2018-05-29 02:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software

==================== Files in the root of some directories =======

2016-10-24 20:07 - 2016-11-24 15:21 - 000000033 _____ () C:\Users\Caro\AppData\Roaming\AdobeWLCMCache.dat
2019-02-10 04:54 - 2019-02-10 04:54 - 006161408 _____ () C:\Users\Caro\AppData\Local\dump007.dat
2018-10-05 22:20 - 2018-10-05 22:20 - 000000000 _____ () C:\Users\Caro\AppData\Local\oobelibMkey.log
2019-02-10 03:49 - 2019-02-10 03:49 - 000000003 _____ () C:\Users\Caro\AppData\Local\wbem.ini

Some files in TEMP:
====================
2019-02-10 04:52 - 2019-03-11 02:12 - 000000000 ____D () C:\Users\Caro\AppData\Local\Temp\ImagingEngine.dll

Some zero byte size files/folders:
==========================
C:\Windows\System32\mysqld.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-29 02:06

==================== End of FRST.txt ============================

Bueno ahi conclui lo que me has pedido que realice. Te super agradezco la info y el tiempo dedicado. Te cuento que cuando la prendi hoy se activo el Malware porque esta en version premium trial y me detecto 2 troyanos. Nos vemos por aqui , te mando un saludo . Gracias

#10

Hola @Carolina_Saggio

Seguramente por error se te pego la segunda parte del FRST en lugar del Addition.

Por favor necesito ambos, así que pegarlo en tu próxima respuesta.

La infección aun continua, usa el equipo lo menos posible, comentantes mas arriba que usas Panda pero tienes muchas entradas de McAfee??

Mientras tanto revisa tu Onedrive, especialmente elimina lo que veas con caracteres rusos o raros, aunque ya Malwarebytes elimino algo, revisa tu manualmente también archivos de este estilo:

Искать в Интернете.URL

Salu2.

#11

Hola San , aun despierta por aqui. te pego el Adittion y te ceunto el MCAfee yo lo habia comprado y hasta que vencio y solo me quedo la parte de una extension del Chromee que hace el chequeo. Instalado tengo el panda y recien quise abrir el MSAfee y pone acceso eliminado , asi que no recuerdo si lo elimine. Una vez ingrese a unas paginas buscando libros de ingles rusas y posiblemente en la web me haya infectado.

Lo que me pides del Onedrive es las carpetas que tengo en mi pc? Revisare ahi . Gracias por estar atenta. Ahora me voy a descansar. Te deseo un muy buen martes para ti , saludos


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2019
Ran by Caro (11-03-2019 23:28:34)
Running from C:\Users\Caro\Downloads
Windows 10 Home Single Language Version 1803 17134.590 (X64) (2018-05-29 05:43:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4145286444-108475074-2886558672-500 - Administrator - Disabled)
Caro (S-1-5-21-4145286444-108475074-2886558672-1009 - Administrator - Enabled) => C:\Users\Caro
DefaultAccount (S-1-5-21-4145286444-108475074-2886558672-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4145286444-108475074-2886558672-1005 - Limited - Enabled)
Invitado (S-1-5-21-4145286444-108475074-2886558672-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4145286444-108475074-2886558672-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Dome (Disabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Dome (Disabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Actualización de NVIDIA 11.10.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 11.10.11 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015.3 (HKLM-x32\...\ILST_20_1_0) (Version: 20.1.0 - Adobe Systems Incorporated)
Adobe Lightroom CC (HKLM-x32\...\LRCC_1_0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Apple Application Support (32 bits) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{CD5CB679-159B-4E4C-B847-B29B492D106E}) (Version: 4.0.7929.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{ee10352e-1caf-4132-add1-3809a8ea6d43}) (Version: 4.0.7929.0 - Box Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.53 - Piriform)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4505 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM-x32\...\{1D2682EA-75DD-44B6-BF2D-CD3C49EAD012}) (Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 68.4.102 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.23 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.23 - Lenovo)
Enterprise Architect (HKLM-x32\...\{71A2AAC1-8DB5-40B4-AEF5-99C23238D37C}) (Version: 12.0.1210.14 - Sparx Systems)
Express Scribe, software para transcripciones (HKLM-x32\...\Scribe) (Version: 6.02 - NCH Software)
Gear IconX (HKLM-x32\...\Gear IconX) (Version: 2.0.170927.51 - Samsung Electronics Co, Ltd.)
GeForce Experience NvStream Client Components (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC) (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{0FC4261B-F502-48B3-B1CF-60021C8F7D22}) (Version: 1.0.481 - LogMeIn, Inc.)
GoToMeeting 8.40.1.12023 (HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\GoToMeeting) (Version: 8.40.1.12023 - LogMeIn, Inc.)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
iTunes (HKLM\...\{514BCD3A-B38B-4835-8B8C-69DA8C48A7A7}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Lenovo App Services (HKLM\...\Lenovo App Services) (Version: 0.200.8.268 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10279 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Motion Control (HKLM-x32\...\{A60E1DE0-2AD1-4BD3-BBCC-4FBB22FB6F85}) (Version: 2.5.1.0225 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A60E1DE0-2AD1-4BD3-BBCC-4FBB22FB6F85}) (Version: 2.5.1.0225 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.5.2624.01 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.5.2624.01 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\cbe8636f7dd0cf1d) (Version: 1.6.2.0 - Lenovo)
Lenovo Settings (HKLM-x32\...\{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.52 - Nombre de su organización) Hidden
Lenovo Settings (HKLM-x32\...\InstallShield_{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.52 - Nombre de su organización)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Manuales de usuario (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R8 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.26 - McAfee, Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Project Profesional 2016 - es-es (HKLM\...\ProjectProRetail - es-es) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft Visio Profesional 2016 - es-es (HKLM\...\VisioProRetail - es-es) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MySQL Workbench 6.2 CE (HKLM\...\{82D50D82-CAF2-4ABA-8BB7-090668162290}) (Version: 6.2.5 - Oracle Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Dome (HKLM\...\{DC22166B-6F26-4E2E-BFDE-CC3578246940}) (Version: 9.14.00 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.6.0 - Panda Security)
Panel de control de NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden
Paquete de controladores de Windows - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Paquete de controladores de Windows - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Polar FlowSync versión 2.6.2 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.6.2 - Polar Electro Oy)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.810.810.031214 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0251 - REALTEK Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.62.0 - Samsung Electronics Co., Ltd.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Meetings App (HKLM-x32\...\{D20CE315-AC32-4B25-AB3A-7112A9AB6FC3}) (Version: 16.2.0.232 - Microsoft Corporation)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.5 - Synaptics Incorporated)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.3.6 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
x86_64-5.3.0-win32-seh-rt_v4-rev0 (HKLM-x32\...\x86_64-5.3.0-win32-seh-rt_v4-rev0) (Version:  - MinGW-W64)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{4A8FCD9F-623C-4283-96F0-10F41846A98A} -> [Box Sync] => C:\Users\Caro\Box Sync [2019-02-10 03:08]
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Caro\AppData\Local\GoToMeeting\8953\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Caro\Dropbox [2016-01-25 23:32]
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {06395f73-8d75-3c47-ac2f-93524a83ce03} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {072d2f45-ddf0-35bd-a911-38b853695def} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {88092007-0d01-3d32-a4b4-56f7e19a1c49} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {507a0531-fd10-3efc-8eb8-64e35606e542} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {b9b9e487-7684-373f-a7a2-6b04c8d772a8} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Caro\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] () [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [BoxContextMenuClient] -> {53792c99-3144-3699-8968-fa4278ad3c1e} => C:\Program Files\Box\Box Sync\ContextMenuClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-09-28] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-09-28] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Caro\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] () [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [BoxContextMenuClient] -> {53792c99-3144-3699-8968-fa4278ad3c1e} => C:\Program Files\Box\Box Sync\ContextMenuClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03D8E194-8467-48F3-A8BE-B0C7197751E5} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {0AD276D0-920B-4DA2-A6C9-488E9472E393} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {14FFCA24-7FEB-4F0F-BE4A-A2E06176D3CE} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.207\DADUpdater.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {1BBE00ED-04AD-4878-B989-60536A431F13} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {1C8BBC1E-06BD-4516-A0EF-1C93F300DC78} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe (LENOVO -> Lenovo)
Task: {2F03F9F4-39F6-4FA0-A2DE-731C685D41EF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {34FEBD07-6327-4947-866D-478F20A5902D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {3EAEC50B-E51D-41CA-AB0F-E697FF87CB81} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {426AAB97-E52F-44AC-98F1-FC6A0C0E3A2D} - System32\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009 => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupdate.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {4E8805D4-8EBF-4629-8EC1-34ADCA156434} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {586157A8-2B25-451B-8B51-8303345EE681} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5E1F9D01-1F53-47CF-89E6-303C4E5107EC} - no filepath
Task: {705E20AC-120B-4781-9EE0-8C034F946EB9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {73C1812B-0822-4CE7-8B73-61B7EF8F0385} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7AF5003E-30F5-417A-9C94-CF8FF376811C} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {7F2AAA77-8FD0-47BA-AFF8-BC57991DE983} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe (LENOVO -> )
Task: {848EBB28-3284-42CC-B4CF-FE6ECBCC8A09} - System32\Tasks\S-1-5-21-4145286444-108475074-2886558672-1009\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {85C4818D-D1EA-4DB9-B38B-BF99FC2662E3} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {87D3C943-57A6-456B-BA90-C35347BDA291} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (Apple Inc. -> Apple Inc.)
Task: {8C4298DB-5950-4E87-AC81-36679A0AF032} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A0E5B763-191F-4993-BAC4-6AC8E87B314C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {A62CF881-4D6D-4982-8555-70A5AF2542C1} - System32\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009 => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupload.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {A8095E53-C258-4B9F-AC53-55A50622B67D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A8893BE7-F8EA-4F68-AA71-446252EB2BD2} - no filepath
Task: {B21855B7-6224-41CE-82F2-DFA267868E8B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B2CF33F5-A43A-4E79-B044-3C01B60D6D38} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B8AFEEA4-E809-479B-8555-D02183ECA6F6} - no filepath
Task: {B9DFFC09-557F-4842-8C1F-A83EF18E7415} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C7384652-FA3F-4129-82D5-D2FDCC1A6E45} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C9F89DD1-9386-4252-B170-9F1A1545F96F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (LENOVO -> Lenovo)
Task: {E9ACBDFE-EC5A-4414-8D84-1B85C032B7EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F84AE722-1E42-4351-B7BE-3DEF1499004C} - no filepath

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009.job => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009.job => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupload.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\{8931EFDE-73C7-49A3-B6A1-FA8FAF40E1E9}.job => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe
Task: C:\WINDOWS\Tasks\{C89190C7-347E-4BF6-B85D-E4DA12014C0C}.job => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Caro\Google Drive\Documentos_TRABAJO\TRABAJO2\info varias\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Caro\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Hangouts de Google (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Caro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Caro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->   --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->   --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->   --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2013-08-27 09:32 - 2013-08-27 09:32 - 000747520 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2017-02-10 00:58 - 2016-12-29 09:29 - 000339072 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_nvstapisvr64.dll
2016-10-18 17:46 - 2016-10-04 11:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-05-01 11:13 - 2016-11-14 00:11 - 000592384 _____ () [File not signed] C:\Users\Caro\AppData\Local\MEGAsync\ShellExtX64.dll
2019-02-14 19:29 - 2019-02-14 19:29 - 000931328 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\log4net\0250960b8fb57f293d3ecf997cd74192\log4net.ni.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 003042304 _____ (Python Software Foundation) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\python27.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 000113664 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_ctypes.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000080896 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\bz2.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 001792512 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_hashlib.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000128512 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32api.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000137728 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\pywintypes27.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 000548864 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\pythoncom27.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 000689664 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\unicodedata.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000438784 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32com.shell.shell.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 001489408 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wx._core_.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wxbase30u_net_vc90_x64.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wxbase30u_vc90_x64.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wxmsw30u_adv_vc90_x64.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wxmsw30u_core_vc90_x64.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 001007104 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wx._gdi_.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 001039872 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wx._windows_.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wxmsw30u_html_vc90_x64.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 001325056 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wx._controls_.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000916992 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wx._misc_.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 001084416 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\pysqlite2._sqlite.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000149504 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32file.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000136192 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32security.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000007680 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\hashobjs_ext.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000020992 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\thumbnails_ext.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000118784 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\usb_ext.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000047616 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_socket.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 002224640 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_ssl.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000014848 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\common.time34.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000023040 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32event.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000034304 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\windows.conditional.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000020480 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\windows.winwrap.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000110080 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\windows.volumes.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000223232 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32gui.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000173568 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_elementtree.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000169472 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\pyexpat.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000048128 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32inet.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000103424 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wx._html2.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wxmsw30u_webview_vc90_x64.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 000046080 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_psutil_windows.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000011776 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32crypt.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000301568 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\PIL._imaging.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000032256 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_multiprocessing.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 005752320 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\cello.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000026112 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_yappi.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000044032 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32process.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000027648 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32pipe.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000010752 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\select.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000029696 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32pdh.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000038400 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\windows.connectivity.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000073216 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\windows.device_monitor.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000020480 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32profile.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000026624 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32ts.pyd
2015-08-15 06:51 - 2015-08-15 06:51 - 000815104 _____ () [File not signed] C:\Program Files\Lenovo PhoneCompanion\adb.exe
2015-08-15 06:18 - 2014-01-20 21:24 - 001179576 _____ (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed] C:\WINDOWS\system32\nvspcap64.dll
2013-08-27 08:57 - 2013-08-27 08:57 - 001199104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-10 18:05 - 2019-02-01 10:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2015-08-15 06:51 - 2015-08-15 06:51 - 000096256 _____ (Google, inc) [File not signed] C:\Program Files\Lenovo PhoneCompanion\AdbWinApi.dll
2015-08-15 06:51 - 2015-08-15 06:51 - 000060928 _____ (Google, inc) [File not signed] C:\Program Files\Lenovo PhoneCompanion\AdbWinUsbApi.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000086016 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000037888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmlsettingsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\CyberLink:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
#12 

AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\Lenovo:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\Plantillas personalizadas de Office:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\WBS Schedule Pro:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2017-03-20 00:03 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2016-11-28 23:04 - 2018-07-29 19:18 - 000000504 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

2.168.137.25 LGSmartTV.mshome.net # 2017 11 1 27 1 38 23 420

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Lenovo\Motion Control\;C:\Users\Caro\Documents\Software\mysql-5.7.11-winx64\MySQL\bin;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\Control Panel\Desktop\\Wallpaper -> C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 200.42.4.207 - 200.49.130.41
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{6445E2B3-C093-4CC7-BC58-BC2DA17CED42}C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2F2A4B23-3D83-4182-B9B1-2A3FB06E2BF3}C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8BE0E86-CEA7-452F-BC64-BEE87368C2FB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{14A8C27A-7CCA-409A-B7A8-48FB6D981D92}] => (Allow) LPort=5354
FirewallRules: [{4145152B-A374-4F0F-A876-39009026ED1F}] => (Allow) LPort=5354
FirewallRules: [{0674A708-5DEE-4861-A3BB-4BA272DB92A3}] => (Allow) LPort=5354
FirewallRules: [{27D6803F-4825-4B84-BDA6-4EE002D2DBC3}] => (Allow) LPort=5354
FirewallRules: [{DD97A0C5-8919-40FE-98A7-729325A92EF9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8F906C73-765C-4552-881F-43CB181783E9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{15036AA2-E78D-4364-9416-8D5A3D062637}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6DDA5088-8A04-46B3-B968-1CBA466AADB7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1EFA5A45-210F-4FA3-BC43-A97D2AECE0BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BBBDDB4B-CF12-4C1E-A4EB-2074D1B375A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EA093CDC-31F8-49D4-9655-1682E93C10DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7B6B033C-07C2-4858-95EB-2C591C697258}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{2D0273FB-A271-48EB-8F19-AA3E18D61678}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{7EB91165-18C1-48C1-AC9D-56ACA1478890}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{AC9DE88E-B852-4A2E-B7E9-3E4D8D925E82}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{110771D7-3E77-4252-A90B-E16779580AB6}] => (Allow) LPort=55100
FirewallRules: [{8CA91650-DBBE-4649-8970-B657B1E21C54}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe (Lenovo (Beijing) Limited -> Lenovo)
FirewallRules: [TCP Query User{12A3A7F4-6A6B-439C-AC71-836AED5B5305}C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe] => (Allow) C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe () [File not signed]
FirewallRules: [UDP Query User{93E4A2C4-8ABA-45CA-8E67-CD1B5C4CD218}C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe] => (Allow) C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe () [File not signed]
FirewallRules: [{7361BA51-FAA9-4046-9F08-83C7C7F4F7E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B9269BC9-5D5C-436C-B1C9-1AB24263A7B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C527C130-C338-401B-A37E-807FCF634468}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2CEF4505-F8EC-40BE-A8AF-FB3CA6F5D00D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B36AC524-C865-403D-B6CE-0A822332CB9B}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> SHAREit Technologies Co.Ltd)
FirewallRules: [{8128852A-27D9-436E-A5A8-694868766F70}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> SHAREit Technologies Co.Ltd)
FirewallRules: [{D695AC39-8CD1-4705-B275-F7D2208B81E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{6A5E8FDA-A157-4006-836B-22DF5300B1E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{4964FC4B-F48F-4934-9E84-65641CB9287D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{440E1684-EC4E-43DF-A50D-59B0BEFD88D7}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{F485ED72-1381-4C95-80C6-65E984914B0D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{8716827E-2E53-40C7-8E9C-4ECFE53D9A41}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B9D76EC6-5FB7-4A05-B6CF-9F284DE8200A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3654873E-FFB1-4473-919F-8FEC82C5E7CF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57E99ECD-02CA-4FDF-A583-3C1DB32AC343}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0B8475F2-E966-4E9F-9C15-D8E2EF3C7FC2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3E0EB971-9FA2-422B-B0BC-15898F2ADA81}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{75F9EDB9-69CB-4B63-A784-DCAE77C2B107}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AD90C594-2F9E-412E-87A3-9D49110727B6}] => (Allow) C:\Program Files (x86)\lXAYLUeDDfS.exe No File
FirewallRules: [{3AAFFCE5-D672-45B3-AAE9-051CE33B9229}] => (Allow) C:\Program Files (x86)\TZEA.exe No File
FirewallRules: [{C8926869-E834-4D9E-9C37-D1C7FAFE71B7}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{18700AA6-4DBC-4A43-9ABE-FF55893EF0F9}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7E76F635-6C83-420E-ADAE-E11120D984C6}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{309CACE3-3B76-46EE-B0EA-2A365358E90C}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4CC54563-AFF5-463D-81C8-EC36B85DD458}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{128B646B-C489-4EDB-B094-6197404FE9DE}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{088EAE30-D4C5-4F35-96DE-B719088158D6}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6007436F-1402-45A7-9FE8-F22AAFBDF9FF}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DCF01053-205A-4F1D-9EC6-752407EA8DFF}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{8C631CE0-CE04-49F1-9EA3-D8AECD40ABF8}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{95CCCDE5-F74D-4B30-9BF1-C2E0F5FD286A}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3110D8E8-9527-4D6C-B0B0-FE1DF3398503}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B78B9F83-6EE6-43B0-A035-5A8133EF4923}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{EF38372C-8C43-4A2D-95FE-00629357988D}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6BEA2E63-8DA2-470C-B9A0-AEABDF21B16A}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C27330F4-EFFF-407B-9A62-10D03790C2AB}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{3C580D35-09EF-4E4D-A47A-F50BD9DF2255}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{0CF69197-17C3-4F59-BAFC-1B94FB35C494}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{72796C39-C1BF-4979-AD4C-D88CA1707C01}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{D21DA473-B5EE-4DBB-9B9C-FF51A7D470EB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{2B6BC4E9-CEEF-4AA5-AF06-62B863C7144A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{C264845E-F511-4172-B9F5-85CADB7EA6C4}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{0594888D-C034-4CA2-9F5C-228EE1911F48}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{69299F49-8794-453F-9CC8-7472FD35B03D}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{98859968-459A-4920-84BB-683523FEAADF}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{75FD8EC7-A0AA-4194-94BA-ACE306B67FE8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

18-02-2019 00:39:58 Windows Update
01-03-2019 23:04:25 Windows Update
10-03-2019 19:31:16 Punto de control programado

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2019 11:20:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x64c8
Hora de inicio de la aplicación con errores: 0x01d4d87a2b8d328a
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: cac1085c-e452-4c90-86c6-5c079ffd203b
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/11/2019 11:11:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22155500

Error: (03/11/2019 11:11:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22155500

Error: (03/11/2019 11:11:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/11/2019 04:16:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa mbam.exe, versión 3.1.0.1731, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 2a04

Hora de inicio: 01d4d83a8e7d0fc7

Hora de finalización: 60000

Ruta de la aplicación: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

Identificador de informe: bdb3fc88-b5d4-452d-b022-c46cf249405c

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (03/11/2019 04:11:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x41d8
Hora de inicio de la aplicación con errores: 0x01d4d83e4141f6b1
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: 04b605b1-7843-411d-99cc-8c8fa040d009
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/11/2019 04:09:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 560078

Error: (03/11/2019 04:09:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 560078


System errors:
=============
Error: (03/11/2019 11:31:14 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 11:30:43 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 11:30:12 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 11:29:41 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 11:29:10 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 11:28:39 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 11:28:08 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 11:27:37 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.


Windows Defender:
===================================
Date: 2019-03-06 20:28:42.520
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/DealPly&threatid=194668&enterprise=0
Nombre: Adware:Win32/DealPly
Id.: 194668
Gravedad: Alta
Categoría: Adware
Ruta de acceso: file:_C:\Users\Caro\AppData\Local\Temp\ImagingEngine.dll\ic64.dll
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: Lenovo-PC\Caro
Nombre de proceso: C:\Users\Caro\AppData\Local\Temp\ImagingEngine.dll\z.exe
Versión de firma: AV: 1.289.589.0, AS: 1.289.589.0, NIS: 1.289.589.0
Versión de motor: AM: 1.1.15700.9, NIS: 1.1.15700.9

Date: 2019-02-10 04:08:59.813
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {F0E4D0A6-F5F2-40ED-9629-0B879E9F823F}
Tipo de examen: Antimalware
Parámetros de examen: Examen completo
Usuario: Lenovo-PC\Caro

Date: 2019-02-10 04:08:59.813
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Unwaders.C!ml&threatid=242874&enterprise=0
Nombre: Program:Win32/Unwaders.C!ml
Id.: 242874
Gravedad: Grave
Categoría: Software potencialmente no deseado
Ruta de acceso: file:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2C2AE1-C69C-40AD-8AAD-7F100C1BB380}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FB90BE6-E075-4EDB-892C-58E8AA462B5A}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA; service:_gupdate; service:_gupdatem; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Usuario
Usuario: Lenovo-PC\Caro
Nombre de proceso: Unknown
Versión de firma: AV: 1.285.1247.0, AS: 1.285.1247.0, NIS: 1.285.1247.0
Versión de motor: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-10 04:07:06.839
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Unwaders.C!ml&threatid=242874&enterprise=0
Nombre: Program:Win32/Unwaders.C!ml
Id.: 242874
Gravedad: Grave
Categoría: Software potencialmente no deseado
Ruta de acceso: file:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2C2AE1-C69C-40AD-8AAD-7F100C1BB380}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FB90BE6-E075-4EDB-892C-58E8AA462B5A}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA; service:_gupdate; service:_gupdatem; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de firma: AV: 1.285.1247.0, AS: 1.285.1247.0, NIS: 1.285.1247.0
Versión de motor: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-10 04:04:55.083
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Unwaders.C!ml&threatid=242874&enterprise=0
Nombre: Program:Win32/Unwaders.C!ml
Id.: 242874
Gravedad: Grave
Categoría: Software potencialmente no deseado
Ruta de acceso: file:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de firma: AV: 1.285.1247.0, AS: 1.285.1247.0, NIS: 1.285.1247.0
Versión de motor: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-03-10 17:26:27.748
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Supervisión de comportamiento
Código de error: 0x80508023
Descripción del error: El programa no encontró malware ni otro software potencialmente no deseado en este dispositivo. 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-02-18 00:53:46.415
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.285.1563.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15700.8
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-01-21 00:26:07.047
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.3310.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-12-15 20:36:14.789
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.320.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80240022
Descripción del error: El programa no puede buscar actualizaciones de definiciones. 

Date: 2018-12-15 20:36:14.789
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.320.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80240022
Descripción del error: El programa no puede buscar actualizaciones de definiciones. 

CodeIntegrity:
===================================

Date: 2019-03-10 23:14:24.606
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-10 03:48:10.913
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-22 01:15:26.225
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-30 15:01:25.585
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-07 23:52:36.313
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-17 01:06:01.679
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-12 16:58:48.835
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-09-25 22:45:20.449
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 74%
Total physical RAM: 8104.27 MB
Available physical RAM: 2026.58 MB
Total Virtual: 17320.27 MB
Available Virtual: 10107.04 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:890.27 GB) (Free:650.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.33 GB) NTFS
Drive g: (CDROM) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

\\?\Volume{a952e48a-011d-491b-b9cc-10f42f2f561f}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.68 GB) NTFS
\\?\Volume{19b15c48-1489-4267-85aa-446ab421d461}\ (PBR_DRV) (Fixed) (Total:13.91 GB) (Free:3.08 GB) NTFS
\\?\Volume{edf34597-8577-491a-a98e-38b5a892180e}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 24332868)

Partition: GPT.

==================== End of Addition.txt ============================

esto es lo que continua del adittion . Salu2

#13

Hola @Carolina_Saggio

Desinstala con su Herramienta Especifica >>> McAffe, por que aunque lo creas desinstalado aun se ve mucho de el.

Luego:

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Caro\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-03-21]
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
S1 ZmQ1OTY5NzQ2MmViZjA0; \??\C:\WINDOWS\system32\drivers\ZmQ1OTY5NzQ2MmViZjA0 [X]
2019-02-10 04:52 - 2019-03-11 02:12 - 000000000 ____D () C:\Users\Caro\AppData\Local\Temp\ImagingEngine.dll
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL -> No File
ContextMenuHandlers1: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {5E1F9D01-1F53-47CF-89E6-303C4E5107EC} - no filepath
Task: {A8893BE7-F8EA-4F68-AA71-446252EB2BD2} - no filepath
Task: {B8AFEEA4-E809-479B-8555-D02183ECA6F6} - no filepath
Task: {F84AE722-1E42-4351-B7BE-3DEF1499004C} - no filepath
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\CyberLink:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\Lenovo:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\Plantillas personalizadas de Office:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\WBS Schedule Pro:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
FirewallRules: [{4964FC4B-F48F-4934-9E84-65641CB9287D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{AD90C594-2F9E-412E-87A3-9D49110727B6}] => (Allow) C:\Program Files (x86)\lXAYLUeDDfS.exe No File
FirewallRules: [{3AAFFCE5-D672-45B3-AAE9-051CE33B9229}] => (Allow) C:\Program Files (x86)\TZEA.exe No File
Task: {A8095E53-C258-4B9F-AC53-55A50622B67D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {8C4298DB-5950-4E87-AC81-36679A0AF032} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Caro\AppData\Local\GoToMeeting\8953\G2MOutlookAddin64.dll => No File
2019-02-10 03:48 - 2019-02-18 01:07 - 000000000 ____D C:\Users\Caro\AppData\Local\Mail.Ru
2019-02-10 03:48 - 2019-02-10 03:48 - 000000000 ____D C:\ProgramData\Mail.Ru

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.

#14

Hola San , como estas? Espero que bien, gracias por tu respuesta.

Te cuento que cada vez que quiero entrar al ONEDRIVE que me marcaste en el msj anterior la pc se me queda tildada " no responde" no pudiendo ingresar a la carpeta para ir a borrar documentos escritos en ruso por lo cual eso no pude hacerlo , que fue un pedido tuyo, ya que no puedo acceder a ninguna carpeta y a simple vista no se ve nada raro.

En una carpeta de ingles tengo unos archivos de audio que estan escritos “15 Ścieżka 15” pero a esa carpeta sí puedo acceder y no a onedrive.

Luego desde configuracion si vi que MCAffe tenia un aceeso Web advisor y una parte que no se desinstalaba por lo que termine bajando el desinstalador y ejecutandolo y lo elimino completamente.

Ahora bien cuanbdo corro el CCLeaner se me queda tildado y no avanza al 13 % , cosa que ayer habia ocurrido lo mismo. Cuando lo inicio pasa que me pide una actualizacion, y cuando accedo a la pagina me pide comprar asi no lo actualizo, no se porque me ocurre eso. Y tarda una eternidad siendo que habia sido ejecutado ayer. Con lo que me genera la duda si esta borrando lo que esta tildado que borre porque en la paelera de reciclaje no borro nada automaticamente por lo que acabo de chequear recien manualmente.

Asi que creo no esta funcionando … que hago ? porque en el paso del enlace de desinstalacion del antivirus dice que ay que ejecutar el CCLeaner para limpiar los archivos.

Aun no ejecute el DELFIX, pero quisiera saber tu opinion al respecto ya que eres quien sabe de estas coas… y muy agradecida por ello . Un beso espero tu comentario :star_struck:

#15

Hola Caro:

Todo bien por aqui :+1: .

No te preocupes, te dejo un enlace que yo utilizo habitualmente, cuando el programa anuncia que hay nueva versión, no actualizo directamente desde el programa si no que voy a la pagina, y me evito las confusiones de las publicidades pidiéndote que lo compres, guárdala en tus marcadores o bien la encuentras buscando en Google escribiendo Cclener + build.:+1:

https://www.ccleaner.com/es-es/ccleaner/builds

La instalas, ejecutas y sigues con los pasos.

Sobre Ondrive, logueate con tu cuenta desde tu navegador, y revisa si desde allí puedes eliminar los archivos que comentas.

Salu2.

#16

Querida San, elimine el CCLeaner que tenia instalado, descargue el de la pagina que me dijiste y me vuelve a pasar lo mismo, se queda en el 13% tildado ahi , por ahora lleva como 2 horas ahi, y no avanza. Si me das el ok sigo con los pasos del DELFIX sin terminar lo de la limpieza.

Por otro lado abri online el ONEDRIVE sin ningun problema y no veo en la nube nada raro. Tu me habias dicho que veias archivos con escritura en ruso… yo aqui no veo nada. Por otro lado cuando accedo adonde esta esta la carpeta en mi equipo, al onedrive y paso el cursor por encima tilda la pc y no me deja abrir ningun archivo . Respecto a los archivos de musica escritos con z y algun caracter raro estan en la nube y en mi equipo y son audios de ingles que necesito y que habia bajado. Pero no estan en onedrive sino en box- De acuerdo a lo que me indiques continuo Saludos

#17

Hola:

Sigue con los pasos de DelFix y el Fixlist, luego eliminaremos los otros restos y veremos lo de Ccleaner.

Salu2.

#18

Hola San como andas? Pcon un monton de problemas para descargar el DELFIX , ya que no se porque no lo quiere descargar en el escritorio y ademas el escritorio se ve sin iconos— Cuando termino de ejecutarse me mostro un mensaje sin info… esta bien? Te copio y pego el Registro


# DelFix v1.013 - Logfile created 16/03/2019 at 01:58:30
# Updated 17/04/2016 by Xplode
# Username : Caro - LENOVO-PC
# Operating System : Windows 10 Home  (64 bits)

~ Creating registry backup ... OK

########## - EOF - ##########

Hasta aca el DElFIX no se porque no me lo descarga en el escritorio … ninguno pude y ahora quiero bajar el FIXLIST y no me anda la pagina ´para poder descargarlo … estoy teniendo muchos problemas , primero pense que era internet pero con la descarga y que el escritorio se ve raro tal vez sea pc. La pregunta es si sirve tener el software de la carpeta de descarga y no en el escritorio … quise cambiarle el lugar donde descargar pero algo impide bajarlo con el DELFIX me fue imposible, por eso tarde tanto en responderte Sandra. Te mando un beso y que tengas un hermoso fin de semana

#19

Hola Caro:

Puedes descargar cualquier ejecutable a la carpeta Descargas y luego lo seleccionas con un clic, presionas botón derecho sobre el >>> cortar, y lo pegas en el escritorio.

Delfix esta perfecto.

quise cambiarle el lugar donde descargar pero algo impide bajarlo

Seguramente tu navegador esta configurado para que todo se descargue allí.

Solo tienes que copiar y pegar el Fixlist a un notepad, lee bien los pasos.

Ya hace tres días que te lo indique y te podrías estar re-infectando.

Salu2

#20

Hola, hice lo de copiar y pegar y funciono , pero el txt no me responde al guardar … esto esta andando muy mal y no me deja trabajar, si no lo hubiera antes Sandra… la maquina no responde… aparentemente el explorador de windows. Creo que el problema es que guarda una copia en el onedrive y si esa carpeta esta infectada en mi pc , cada vez que quiero guardar algo lo hace en ese lugar … desactive la sincronizacion con Onedrive pero aun asi el guardar como NO FUNCIONA por lo que no me deja guardar el archivo txt que tengo que guardar para ejecutar el FRST — ¿como lo soluciono?

#21

Hola @Carolina_Saggio

Algo similar me paso con Onedrive y no fue por infección es un error que puede suceder, cuando presionas en su carpeta se cuelga el explorador de archivos, tuve que desinstalar.

Prueba desinstalarlo desde el listado secreto de aplicaciones

Presionas sobre Onedrive, se te despliga la opción desinstalar. No perderás tus archivos ya que están en la nube.

No la reinstales aun hasta terminar.

Nos comentas.

Salu2

#22

Hola San , como estas? imposible lo que me decis, ya que ni abre el explorador de Windows… lo unico que pude hacer es desactivar onedrive que lo hice cuando te mande el mensaje. ahora quiero abrir explorador y no abre , quiero abrir configuracion y tampoco , ya no responde tardo miles de años para que reaccione y no ya no se que hacer … me falto crear el txt porque no me deja guardarlo el del FRST… la realidad es que ya necesito usarla y no puedo . :cry:

#23

Hola @Carolina_Saggio

Lo que mencionas no parecen síntomas del virus, ademas cuando mas tardes mas se complica, podrías estar en otros problemas del tipo hardware.

Ya han pasado varios días desde que te indique el Fixlist y los reportes cambian con cada reinicio por el momento suspendemos ese paso.

Inicia el equipo en Modo Seguro con funciones de red, prepararlo así:

"Modo a prueba de fallos".

Para activar dicho menú, debe realizar los siguientes pasos:

1.- Presione la lupa en su “Barra de Tareas” o el icono de “Cortana” según su caso. Escriba cmd

2.- En la pantalla que aparece, sobre “Símbolo del Sistema” presione:

Botón derecho >>> “Ejecutar como Administrador”.

45
45.png862×660 87 KB


Verá la ventana del Control de cuentas de usuario, presione en “Si”

46


3.- Se abrirá la interfaz de línea de comandos escriba tal cual:

bcdedit /set bootmenupolicy Legacy

Luego presione Enter. (esto activará el arranque con el F8 tal como en Windows Seven)

47
47.png1009×542 39.4 KB


4.- Cerrar la interfaz de línea de comandos y reiniciar el ordenador.

5.- Como en Windows 7 al comienzo, presionar la tecla F8 para entrar a Modo Seguro a prueba de fallos.

Prueba si de ese modo se te cuelga, o te permite realizar alguna acción.

Si el ordenador esta mas fluido ejecuta FRST nuevamente y traes un reporte fresco, que es necesario eliminar lo que aun tienes en ese ordenador, si no puedes vienes y lo comentas no dejes pasar tanto tiempo.

Salu2

#24

Hola, intenté 3 veces iniciar en el modo seguro desde lo que me dijiste y con f8 no entro , probé por otro lado desde una página de Windows pero me pidió la contraseña y no me la reconoció … si quiero acceder a una carpeta no me deja … no prendo la pc hasta que tengo un rato a la noche pero ahora se me hizo tarde y seguiré Maná a a ver si vuelvo a intentar porque pierdo mucho tiempo y no avanzo con nada … se que me lo pediste hace mucho tiempo pero el tiempo que le dedico son 2 o 3 horas exclusivamente y no estoy avanzando … abrir una carpeta me pone la mano y no abre , quise descargar el FRST y me abre la página me mostró que la iba a descargar pero no lo hizo … mañana veo de nuevo … gracias

#25

Hola @Carolina_Saggio

Hola:

No se entiende que método intentaste utilizar para entrar a Modo Seguro.

Intenta de la siguiente manera:

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

Solo intenta entrar, prueba como va el Sistema, si te pide contraseña será la misma que para tu cuenta.

Luego vienes y lo comentas para darte pasos a seguir.

Salu2

#26

Buenas noches SAN, hoy no se pero la pc nduvo mejor y pude ejecutar el FRST, y te lo dejo … aviso que solo lo ejecute, y pego los reportes …


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Caro (administrator) on LENOVO-PC (21-03-2019 22:59:22)
Running from C:\Users\Caro\Downloads
Loaded Profiles: Caro &  (Available Profiles: Caro)
Platform: Windows 10 Home Single Language Version 1803 17134.648 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Panda Security S.L -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(LENOVO -> LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
(Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Windows -> Microsoft Corporation) C:\Config.Msi\9a2fecc.rbf
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(LENOVO -> ) C:\Program Files\Lenovo\iMController\AutoUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(LENOVO -> ) C:\Program Files\Lenovo\iMController\LegacyFeatures.exe
(LENOVO -> ) C:\Program Files\Lenovo\iMController\PluginCommunication.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MpCmdRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Fortemedia Inc. -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\3.42.7\LogiOptionsMgr.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Box, Inc. -> ) C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-230baff8.exe
() [File not signed] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\43194FD4-B49C-461E-A887-B91E75B48D03\MpSigStub.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5060864 2015-11-11] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo (Beijing) Limited -> Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [8235848 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1553528 2015-11-13] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-11-11] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5968600 2018-11-30] (Box, Inc. -> Box, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [153296 2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223047748\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223049002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46504696 2018-12-07] (Google Inc -> )
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46504696 2018-12-07] (Google Inc -> )
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2386384 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1587680 2018-12-12] (Google Inc -> Google Inc.)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\RunOnce: [Application Restart #4] => C:\Windows\RTFTrack.exe [5060864 2015-11-11] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-27] (Google Inc -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{447344c8-26eb-42e9-b091-d3e108ad6180}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{d8f4dff3-7823-4d7c-ae85-8e67426a664c}: [DhcpNameServer] 200.42.4.199 200.49.130.41 200.49.130.41

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

Edge: 
======
Edge Session Restore: HKU\S-1-5-21-4145286444-108475074-2886558672-1009 -> is enabled.
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.14.0_neutral__d55gg7py3s0m0 [2019-03-15]
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.9.0.0_neutral__c1wakc4j0nefm [2019-03-01]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-26] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-26] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-4145286444-108475074-2886558672-1009: SkypeForBusinessPlugin-16.2 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4145286444-108475074-2886558672-1009: SkypeForBusinessPlugin64-16.2 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi-x64.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082: SkypeForBusinessPlugin-16.2 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082: SkypeForBusinessPlugin64-16.2 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi-x64.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default [2019-03-21]
CHR Extension: (Presentaciones) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (File Converter) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk [2017-03-30]
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2019-02-14]
CHR Extension: (Documentos) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2019-03-21]
CHR Extension: (YouTube) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-28]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-03-13]
CHR Extension: (PDF to Word Converter - PDF Online) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\eombmhnnhbilmgdkbkeccclcadjffgjd [2017-03-30]
CHR Extension: (Hojas de cálculo) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Word Online) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2017-03-30]
CHR Extension: (PDF to Word Doc Converter) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjhedcdiaeighcnidfhegnmfieiejmdj [2017-03-30]
CHR Extension: (Favoritos de iCloud) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-10-10]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (AdBlock) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-26]
CHR Extension: (Bloqueador de anuncios para Youtube ™) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2019-01-09]
CHR Extension: (Video Ads Blocker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijelnahiojlfbmiihbmgkaldffppfelp [2019-01-19]
CHR Extension: (Excel Online) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2017-03-30]
CHR Extension: (Save to Facebook) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2018-01-02]
CHR Extension: (Hangouts de Google) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2019-03-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-21]
CHR Extension: (Hangouts de Google) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2019-03-06]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (uBlock Plus Adblocker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijekkjcicg [2019-01-19]
CHR Extension: (Outlook.com) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2017-03-30]
CHR Extension: (Gmail) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-28]
CHR Extension: (Chrome Media Router) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-27]
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Caro\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-03-21]
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Caro\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-03-21]
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36688 2018-11-30] (Box, Inc. -> Box, Inc.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] (Lenovo (Beijing) Limited -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-06] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel(R) pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO -> LENOVO INCORPORATED.)
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-11-08] (Panda Security S.L. -> Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-19] (AnchorFree Inc -> )
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security S.L -> Panda Security, S.L.)
S2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-25] (PointGrab Ltd -> PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-25] (PointGrab Ltd -> PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> )
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [33224 2016-04-15] (LENOVO -> SHAREit Technologies Co.Ltd)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-09-06] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
S2 0134591532030241mcinstcleanup; C:\WINDOWS\TEMP\013459~1.EXE -cleanup -nolog [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-03-10] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-03-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-03-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-03-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [108000 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211936 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [121312 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [126432 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [99512 2017-09-26] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [118240 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [91616 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135648 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [336352 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [249312 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123360 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [281056 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [125920 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [191448 2017-11-08] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [153992 2018-01-22] (Panda Security S.L. -> Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207248 2018-01-30] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [146912 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [159200 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [129504 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72648 2017-05-22] (Panda Security S.L. -> Panda Security, S.L.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-11-11] (Realtek Semiconductor Corp -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [600832 2015-08-29] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-06-15] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-11-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2018-04-11] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-11] (Synaptics Incorporated -> Synaptics Incorporated)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
S1 ZmQ1OTY5NzQ2MmViZjA0; \??\C:\WINDOWS\system32\drivers\ZmQ1OTY5NzQ2MmViZjA0 [X]

==================== NetSvcs (Whitelisted) ===================

en el otro te dejo el adittion -

#27

2 parte FRST


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-21 22:59 - 2019-03-21 22:59 - 000000000 ____D C:\Users\Caro\Downloads\FRST-OlderVersion
2019-03-21 22:31 - 2019-03-21 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-03-20 01:42 - 2019-03-20 01:42 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-20 01:42 - 2019-03-20 01:42 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-03-20 01:42 - 2019-03-20 01:42 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-03-20 01:42 - 2019-03-20 01:42 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-03-20 01:13 - 2019-03-20 01:25 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-03-20 01:12 - 2019-03-20 01:26 - 000504098 _____ C:\WINDOWS\ntbtlog.txt
2019-03-19 16:48 - 2019-03-19 16:48 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-03-19 16:48 - 2019-03-19 16:48 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-03-19 16:48 - 2019-03-19 16:48 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-03-19 16:48 - 2019-03-19 16:48 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-03-19 00:57 - 2019-03-19 00:57 - 000002591 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002550 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002542 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-03-16 03:11 - 2019-03-16 03:11 - 000000000 ____D C:\Users\Caro\AppData\Local\OneDrive
2019-03-16 01:50 - 2019-03-16 01:50 - 000797760 _____ C:\Users\Caro\Downloads\delfix (3).exe
2019-03-16 01:50 - 2019-03-16 01:50 - 000797760 _____ C:\Users\Caro\Downloads\delfix (2).exe
2019-03-15 01:05 - 2019-03-15 01:05 - 000000000 ____D C:\WINDOWS\ERUNT
2019-03-15 00:54 - 2019-03-15 01:02 - 000797760 _____ C:\Users\Caro\Downloads\delfix.exe
2019-03-13 23:11 - 2019-03-13 23:11 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-03-13 23:11 - 2019-03-13 23:11 - 000002874 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-03-13 23:11 - 2019-03-13 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-03-13 23:11 - 2019-03-13 23:11 - 000000000 ____D C:\Program Files\CCleaner
2019-03-13 23:10 - 2019-03-13 23:11 - 021205512 _____ (Piriform Software Ltd) C:\Users\Caro\Downloads\ccsetup555.exe
2019-03-13 00:05 - 2019-03-13 00:05 - 010607000 _____ (McAfee, Inc.) C:\Users\Caro\Downloads\MCPR.exe
2019-03-12 23:26 - 2019-03-06 12:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-12 23:26 - 2019-03-06 12:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-12 23:26 - 2019-03-06 12:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-12 23:26 - 2019-03-06 12:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-12 23:26 - 2019-03-06 12:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-12 23:26 - 2019-03-06 12:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-12 23:26 - 2019-03-06 12:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-12 23:26 - 2019-03-06 12:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-12 23:26 - 2019-03-06 09:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-12 23:26 - 2019-03-06 09:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-12 23:26 - 2019-03-06 09:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-12 23:26 - 2019-03-06 06:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-12 23:26 - 2019-03-06 06:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-12 23:26 - 2019-03-06 06:16 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-12 23:26 - 2019-03-06 06:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-12 23:26 - 2019-03-06 06:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-12 23:26 - 2019-03-06 06:07 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-12 23:26 - 2019-03-06 06:07 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-12 23:26 - 2019-03-06 06:06 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-12 23:26 - 2019-03-06 06:04 - 002765856 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-12 23:26 - 2019-03-06 06:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-12 23:26 - 2019-03-06 06:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-12 23:26 - 2019-03-06 06:03 - 002719544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-12 23:26 - 2019-03-06 06:03 - 002465784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-12 23:26 - 2019-03-06 06:02 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-12 23:26 - 2019-03-06 06:02 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-12 23:26 - 2019-03-06 05:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-12 23:26 - 2019-03-06 05:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-12 23:26 - 2019-03-06 05:36 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-12 23:26 - 2019-03-06 05:34 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-12 23:26 - 2019-03-06 05:32 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-12 23:26 - 2019-03-06 05:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-12 23:26 - 2019-03-06 05:29 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-12 23:26 - 2019-03-06 05:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-12 23:26 - 2019-03-06 05:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-12 23:26 - 2019-03-06 05:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-12 23:26 - 2019-03-06 05:27 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-12 23:26 - 2019-03-06 05:27 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-12 23:26 - 2019-03-06 05:27 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-12 23:26 - 2019-03-06 03:17 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-12 23:26 - 2019-03-06 03:15 - 002253488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-12 23:26 - 2019-03-06 03:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-12 23:26 - 2019-03-06 03:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-12 23:26 - 2019-03-06 03:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-12 23:26 - 2019-03-06 03:05 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-12 23:26 - 2019-03-06 02:56 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-12 23:26 - 2019-03-06 02:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-12 23:26 - 2019-03-06 02:53 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-12 23:26 - 2019-03-06 02:52 - 005790720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-12 23:26 - 2019-03-06 02:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-12 23:26 - 2019-03-06 02:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-12 23:26 - 2019-03-06 02:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-12 23:26 - 2019-03-06 02:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-12 23:26 - 2019-03-06 02:48 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-12 23:26 - 2019-03-06 02:48 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-12 23:26 - 2019-02-21 00:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-12 23:26 - 2019-02-16 10:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-12 23:26 - 2019-02-16 09:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-12 23:26 - 2019-02-16 09:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-12 23:26 - 2019-02-16 09:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-12 23:26 - 2019-02-16 09:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-12 23:26 - 2019-02-16 09:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-12 23:26 - 2019-02-16 09:32 - 003646976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-03-12 23:26 - 2019-02-16 09:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-12 23:26 - 2019-02-16 09:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-12 23:26 - 2019-02-16 09:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-12 23:26 - 2019-02-16 09:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-12 23:26 - 2019-02-16 09:06 - 002890752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-03-12 23:26 - 2019-02-16 09:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-12 23:26 - 2019-02-16 07:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-12 23:26 - 2019-02-16 07:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-12 23:26 - 2019-02-16 05:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-12 23:26 - 2019-02-16 05:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-12 23:26 - 2019-02-16 05:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-12 23:26 - 2019-02-16 05:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-12 23:26 - 2019-02-16 05:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-12 23:26 - 2019-02-16 05:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-12 23:26 - 2019-02-16 05:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-12 23:26 - 2019-02-16 05:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-12 23:26 - 2019-02-16 05:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-12 23:26 - 2019-02-16 05:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-12 23:26 - 2019-02-16 05:01 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-12 23:26 - 2019-02-16 05:01 - 000735464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-12 23:26 - 2019-02-16 05:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-12 23:26 - 2019-02-16 05:01 - 000480840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-12 23:26 - 2019-02-16 04:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-12 23:26 - 2019-02-16 04:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-12 23:26 - 2019-02-16 04:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-12 23:26 - 2019-02-16 04:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-12 23:26 - 2019-02-16 04:50 - 001171336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-12 23:26 - 2019-02-16 04:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-12 23:26 - 2019-02-16 04:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-12 23:26 - 2019-02-16 04:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-12 23:26 - 2019-02-16 04:36 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-03-12 23:26 - 2019-02-16 04:35 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-12 23:26 - 2019-02-16 04:35 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-12 23:26 - 2019-02-16 04:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-12 23:26 - 2019-02-16 04:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-12 23:26 - 2019-02-16 04:33 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-03-12 23:26 - 2019-02-16 04:32 - 002969088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-12 23:26 - 2019-02-16 04:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-12 23:26 - 2019-02-16 04:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-12 23:26 - 2019-02-16 04:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-12 23:26 - 2019-02-16 04:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-12 23:26 - 2019-02-16 04:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-12 23:26 - 2019-02-16 04:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-12 23:26 - 2019-02-16 04:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-12 23:26 - 2019-02-16 04:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-12 23:26 - 2019-02-16 04:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-12 23:26 - 2019-02-16 04:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-12 23:26 - 2019-02-16 04:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-12 23:26 - 2019-02-16 04:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-12 23:25 - 2019-03-06 12:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-12 23:25 - 2019-03-06 12:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-12 23:25 - 2019-03-06 12:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-12 23:25 - 2019-03-06 12:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-12 23:25 - 2019-03-06 12:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-12 23:25 - 2019-03-06 12:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-12 23:25 - 2019-03-06 12:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-12 23:25 - 2019-03-06 12:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-12 23:25 - 2019-03-06 09:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-12 23:25 - 2019-03-06 09:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-12 23:25 - 2019-03-06 09:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-12 23:25 - 2019-03-06 09:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-12 23:25 - 2019-03-06 09:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-12 23:25 - 2019-03-06 09:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-12 23:25 - 2019-03-06 08:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-12 23:25 - 2019-03-06 06:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-12 23:25 - 2019-03-06 06:16 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-12 23:25 - 2019-03-06 06:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-12 23:25 - 2019-03-06 06:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-12 23:25 - 2019-03-06 06:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-12 23:25 - 2019-03-06 06:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-12 23:25 - 2019-03-06 06:06 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-03-12 23:25 - 2019-03-06 06:06 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-03-12 23:25 - 2019-03-06 06:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-12 23:25 - 2019-03-06 06:05 - 000436240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-12 23:25 - 2019-03-06 06:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-12 23:25 - 2019-03-06 06:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-12 23:25 - 2019-03-06 06:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-12 23:25 - 2019-03-06 06:03 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-03-12 23:25 - 2019-03-06 06:03 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-12 23:25 - 2019-03-06 06:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-12 23:25 - 2019-03-06 06:02 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-12 23:25 - 2019-03-06 06:02 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-12 23:25 - 2019-03-06 06:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-12 23:25 - 2019-03-06 05:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-12 23:25 - 2019-03-06 05:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-12 23:25 - 2019-03-06 05:32 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-12 23:25 - 2019-03-06 05:31 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-12 23:25 - 2019-03-06 05:31 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-12 23:25 - 2019-03-06 05:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-12 23:25 - 2019-03-06 05:31 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-03-12 23:25 - 2019-03-06 05:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-12 23:25 - 2019-03-06 05:31 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-03-12 23:25 - 2019-03-06 05:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-12 23:25 - 2019-03-06 05:27 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-12 23:25 - 2019-03-06 05:26 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-12 23:25 - 2019-03-06 05:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-12 23:25 - 2019-03-06 05:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-12 23:25 - 2019-03-06 05:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-12 23:25 - 2019-03-06 04:08 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-03-12 23:25 - 2019-03-06 03:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-12 23:25 - 2019-03-06 03:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-12 23:25 - 2019-03-06 03:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-12 23:25 - 2019-03-06 03:14 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-12 23:25 - 2019-03-06 03:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-12 23:25 - 2019-03-06 02:52 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-12 23:25 - 2019-03-06 02:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-12 23:25 - 2019-03-06 02:51 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-12 23:25 - 2019-03-06 02:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-12 23:25 - 2019-03-06 02:50 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-12 23:25 - 2019-03-06 02:49 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-12 23:25 - 2019-03-06 02:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-03-12 23:25 - 2019-02-16 10:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-12 23:25 - 2019-02-16 09:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-12 23:25 - 2019-02-16 09:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-12 23:25 - 2019-02-16 09:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-12 23:25 - 2019-02-16 09:36 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-03-12 23:25 - 2019-02-16 09:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-12 23:25 - 2019-02-16 09:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-12 23:25 - 2019-02-16 09:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-12 23:25 - 2019-02-16 09:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-12 23:25 - 2019-02-16 09:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-12 23:25 - 2019-02-16 09:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-12 23:25 - 2019-02-16 09:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-12 23:25 - 2019-02-16 09:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-12 23:25 - 2019-02-16 09:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-12 23:25 - 2019-02-16 09:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-12 23:25 - 2019-02-16 09:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-12 23:25 - 2019-02-16 09:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-12 23:25 - 2019-02-16 09:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-12 23:25 - 2019-02-16 09:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-12 23:25 - 2019-02-16 09:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-12 23:25 - 2019-02-16 05:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-12 23:25 - 2019-02-16 05:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-12 23:25 - 2019-02-16 05:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-12 23:25 - 2019-02-16 05:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-12 23:25 - 2019-02-16 05:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-12 23:25 - 2019-02-16 05:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-12 23:25 - 2019-02-16 05:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-12 23:25 - 2019-02-16 05:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-12 23:25 - 2019-02-16 04:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-12 23:25 - 2019-02-16 04:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-12 23:25 - 2019-02-16 04:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-12 23:25 - 2019-02-16 04:50 - 000560384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-03-12 23:25 - 2019-02-16 04:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-12 23:25 - 2019-02-16 04:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-03-12 23:25 - 2019-02-16 04:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-03-12 23:25 - 2019-02-16 04:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-12 23:25 - 2019-02-16 04:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-12 23:25 - 2019-02-16 04:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-12 23:25 - 2019-02-16 04:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-03-12 23:25 - 2019-02-16 04:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-12 23:25 - 2019-02-16 04:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-12 23:25 - 2019-02-16 04:31 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-12 23:25 - 2019-02-16 04:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-12 23:25 - 2019-02-16 04:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-12 23:25 - 2019-02-16 04:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-12 23:25 - 2019-02-16 04:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-12 23:25 - 2019-02-16 04:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-12 23:25 - 2019-02-16 04:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-12 23:25 - 2019-02-16 04:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-12 23:25 - 2019-02-16 04:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-03-11 23:28 - 2019-03-11 23:31 - 000085630 _____ C:\Users\Caro\Downloads\Addition.txt
2019-03-11 23:26 - 2019-03-21 23:01 - 000046792 _____ C:\Users\Caro\Downloads\FRST.txt
2019-03-11 23:25 - 2019-03-21 22:59 - 000000000 ____D C:\FRST
2019-03-11 23:24 - 2019-03-21 22:59 - 002434048 _____ (Farbar) C:\Users\Caro\Downloads\FRST64.exe
2019-03-11 16:19 - 2019-03-11 16:19 - 000001752 _____ C:\Users\Caro\Downloads\marzo11 malware.txt
2019-03-10 23:13 - 2019-03-10 23:13 - 019384632 _____ (Piriform Software Ltd) C:\Users\Caro\Downloads\ccsetup553.exe
2019-03-10 20:25 - 2019-03-10 21:00 - 000000000 ____D C:\Users\Caro\AppData\Roaming\ZHP
2019-03-10 20:25 - 2019-03-10 20:25 - 000000000 ____D C:\Users\Caro\AppData\Local\ZHP
2019-03-10 20:21 - 2019-03-10 20:21 - 003321728 _____ C:\Users\Caro\Downloads\ZHPCleaner.exe
2019-03-10 20:16 - 2019-03-10 20:16 - 007316688 _____ (Malwarebytes) C:\Users\Caro\Downloads\adwcleaner_7.2.7.0 (1).exe
2019-03-10 19:35 - 2019-03-10 19:37 - 000000000 ____D C:\AdwCleaner
2019-03-10 19:33 - 2019-03-10 19:34 - 007316688 _____ (Malwarebytes) C:\Users\Caro\Downloads\adwcleaner_7.2.7.0.exe
2019-03-10 19:08 - 2019-03-10 19:08 - 000042734 _____ C:\Users\Caro\Downloads\marzo10Malware.txt
2019-03-10 18:07 - 2019-03-10 18:07 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-03-10 18:07 - 2019-03-10 18:07 - 000000000 ____D C:\Users\Caro\AppData\Local\mbam
2019-03-10 18:06 - 2019-03-10 18:06 - 000000000 ____D C:\Users\Caro\AppData\Local\mbamtray
2019-03-10 18:05 - 2019-03-10 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-10 18:05 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-10 18:05 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-10 18:01 - 2019-03-10 18:01 - 062400056 _____ (Malwarebytes ) C:\Users\Caro\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9618.exe
2019-03-07 22:54 - 2019-03-07 22:54 - 000000012 _____ C:\Users\Caro\setup_01.ini

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-21 22:57 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-21 22:57 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-21 22:54 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-21 22:48 - 2018-05-29 02:41 - 000004204 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C6F4BD55-6BCC-4B51-BBE7-346301359930}
2019-03-21 22:45 - 2016-04-28 01:30 - 000000000 ___RD C:\Users\Caro\Google Drive
2019-03-21 22:41 - 2016-01-25 23:32 - 000000000 ___RD C:\Users\Caro\Dropbox
2019-03-21 22:39 - 2016-11-03 14:16 - 000000000 ___RD C:\Users\Caro\iCloudDrive
2019-03-21 22:36 - 2018-11-16 22:28 - 000000000 ____D C:\Program Files\rempl
2019-03-21 22:33 - 2016-01-25 23:20 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-03-21 22:26 - 2017-06-02 15:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-21 22:26 - 2016-01-25 15:01 - 000000000 __SHD C:\Users\Caro\IntelGraphicsProfiles
2019-03-20 01:42 - 2016-08-22 22:09 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-20 01:41 - 2018-05-29 02:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-20 01:41 - 2018-04-11 18:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2019-03-20 01:07 - 2018-05-29 02:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-19 00:55 - 2015-08-15 06:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-03-19 00:50 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-16 01:58 - 2017-03-29 22:53 - 000000240 _____ C:\DelFix.txt
2019-03-15 01:28 - 2016-01-25 15:03 - 000000000 ___RD C:\Users\Caro\OneDrive
2019-03-14 00:08 - 2018-07-26 22:05 - 000000000 ____D C:\Users\Caro\AppData\Local\GoToMeeting
2019-03-13 00:52 - 2018-05-29 02:26 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-13 00:52 - 2018-04-12 13:18 - 000787744 _____ C:\WINDOWS\system32\perfh00A.dat
2019-03-13 00:52 - 2018-04-12 13:18 - 000155340 _____ C:\WINDOWS\system32\perfc00A.dat
2019-03-13 00:47 - 2018-05-29 02:06 - 000464120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-13 00:11 - 2018-05-29 02:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-03-13 00:10 - 2018-04-11 18:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-13 00:09 - 2016-01-25 23:37 - 000000000 ____D C:\Users\Caro\AppData\Roaming\Skype
2019-03-12 23:44 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-11 02:12 - 2018-05-20 14:45 - 000000000 ___DC C:\WINDOWS\Panther
2019-03-11 02:12 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-03-10 18:54 - 2018-07-26 22:05 - 000000648 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009.job
2019-03-10 18:54 - 2018-07-26 22:05 - 000000552 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009.job
2019-03-10 18:53 - 2018-05-29 02:14 - 000000000 ____D C:\Users\Caro
2019-03-10 18:05 - 2018-04-11 20:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-09 01:45 - 2018-07-26 22:05 - 000003802 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009
2019-03-09 01:45 - 2018-07-26 22:05 - 000003706 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009
2019-03-07 23:28 - 2017-12-15 02:08 - 000000000 ____D C:\Users\Caro\AppData\Local\PlaceholderTileLogoFolder
2019-03-07 23:28 - 2017-12-01 14:57 - 000000000 ____D C:\Users\Caro\AppData\Local\Packages
2019-03-07 23:08 - 2015-11-10 23:51 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-07 22:56 - 2016-01-25 23:20 - 000000966 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-03-07 22:56 - 2016-01-25 23:20 - 000000962 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-03-07 22:16 - 2016-05-16 23:47 - 000000000 ____D C:\Users\Caro\AppData\Local\ElevatedDiagnostics
2019-03-06 20:12 - 2018-05-29 02:14 - 000002445 _____ C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-03 13:54 - 2018-12-03 00:56 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-03 13:54 - 2018-12-03 00:56 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-23 23:35 - 2018-02-27 00:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories =======

2016-10-24 20:07 - 2016-11-24 15:21 - 000000033 _____ () C:\Users\Caro\AppData\Roaming\AdobeWLCMCache.dat
2019-02-10 04:54 - 2019-02-10 04:54 - 006161408 _____ () C:\Users\Caro\AppData\Local\dump007.dat
2018-10-05 22:20 - 2018-10-05 22:20 - 000000000 _____ () C:\Users\Caro\AppData\Local\oobelibMkey.log
2019-02-10 03:49 - 2019-02-10 03:49 - 000000003 _____ () C:\Users\Caro\AppData\Local\wbem.ini

Some zero byte size files/folders:
==========================
C:\Windows\System32\mysqld.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-29 02:06

==================== End of FRST.txt ============================