No consigo eliminar un virus


#1

Tengo un problema desde hace unos días. Intenté bajarme el kmspico para activar el office y me entró un señor virus en el ordenador. Al principio, lo que hizo fue joderme el puerto Ethernet (volví a bajar los drivers y listo) y se abrían solas ventanas de chrome con cuatro 1s. Instalé el malwarebyte y me detectó 783 amenazas (troyanos y adwares sobretodo). A partir de ahí, parecía que iba todo bien, pues ya me funcionaba todo correctamente y eso, y en nuevas pasadas, ni el malwarebyte ni el spybot (que también lo descargué) encontraban nada de peligro. Pero el problema sigue en todos los buscadores, me sale mucha publicidad en cuanto busco algo. Las primeras lineas de las busquedas son paginas muy random que me pueden anunciar desde viagra hasta enlaces a “InfoJobs” “amazon” y cosas así. He probado a desinstalar todos los buscadores, probar más antivirus, borrar datos y configuración de chrome… Y nada, sigue apareciendo esa maldita publicidad. Alguien puede tener idea de cómo puedo deshacerme de ese maldito virus sin llegar a un formateo del ordenador? Gracias de antemano


#2

Hola

Desactiva temporalmente tu antivirus y cualquier programa de seguridad que tengas en funciones.

Descarga Farbar Recovery Scan Tool en el escritorio de Tu PC. Selecciona la versión adecuada para la arquitectura (32 o 64bits) de tu equipo.

Como saber si Mi Windows es de 32 0 64 Bits`

  • Ejecuta FRST.exe
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

En Tu próxima respuesta, debes pegar los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Envuelve cada uno de los informes con una etiqueta escrita CODE_Inicial al inicio del informe y otra como este CODE_Final al final del mismo.

Saludos


#3

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.11.2018
Ran by dpmse (29-11-2018 01:29:37)
Running from C:\Users\dpmse\Desktop
Windows 10 Home Version 1803 17134.407 (X64) (2018-10-27 11:28:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3832486466-1238722099-959229946-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3832486466-1238722099-959229946-503 - Limited - Disabled)
dpmse (S-1-5-21-3832486466-1238722099-959229946-1001 - Administrator - Enabled) => C:\Users\dpmse
Invitado (S-1-5-21-3832486466-1238722099-959229946-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3832486466-1238722099-959229946-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3038 - Acer Incorporated)
Acer Collection (HKLM-x32\...\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}) (Version: 1.01.3011 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Jumpstart (HKLM-x32\...\{8B441B85-0AFA-4EB3-A756-A47453481D2D}) (Version: 3.1.18240.4 - Acer)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3025 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.03.3010 - Acer Incorporated)
Actualización de NVIDIA 34.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 34.0.0.0 - NVIDIA Corporation) Hidden
Adobe (HKLM\...\{C547A830-37D1-4594-ACA7-B4793741DAD0}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
Dia (sólo eliminar) (HKLM-x32\...\Dia) (Version:  - )
eBay (HKLM-x32\...\{E4279723-430E-49F0-B14C-D7B36A74CA33}) (Version: 1.1.18018.1 - Acer)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4815 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation)
Java(TM) SE Development Kit 11 (64-bit) (HKLM\...\{E973EEA1-3C61-5347-8DF7-30494D4EC697}) (Version: 11.0.0.0 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office Profesional 2016 - es-es (HKLM\...\ProfessionalRetail - es-es) (Version: 16.0.11001.20108 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3832486466-1238722099-959229946-1001\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Firefox 63.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 63.0.1 (x86 en-US)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.12 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.16.0.122 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.122 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Oracle Database 11g Express Edition (HKLM\...\{05A7B662-80A3-4EB9-AE1D-89A62449431C}) (Version: 11.2.0 - Oracle Corporation) Hidden
Oracle Database 11g Express Edition (HKLM-x32\...\InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}) (Version: 11.2.0 - Oracle Corporation)
Panel de control de NVIDIA 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.73 - NVIDIA Corporation) Hidden
QOSUser2.r10 (HKU\S-1-5-21-3832486466-1238722099-959229946-1001\...\QOSUser2.r10) (Version:  - Alt0C10ud)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10434 - Qualcomm)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.312 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.13.1223.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8378 - Realtek Semiconductor Corp.)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.2.5.92 - EnigmaSoft Limited)
Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-3832486466-1238722099-959229946-1001\...\WhatsApp) (Version: 0.3.1475 - WhatsApp)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
XML Copy Editor version 1.2.1.3 (HKLM\...\XML Copy Editor_is1) (Version: 1.2.1.3 - Zane U. Ji)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3832486466-1238722099-959229946-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxDTCM.dll [2017-11-12] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {055237C1-754E-45AD-B20D-5CCFB32D521B} - System32\Tasks\CareCenter\SunJavaUpdateSched_Reg_HKLMWow6432Run => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-10-06] (Oracle Corporation)
Task: {06EB6F5A-81F3-4FC8-8F90-C77C94EA3216} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-11-16] (NVIDIA Corporation)
Task: {081B9636-B466-4D92-8F3C-202A430EB6F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {15D0554D-7729-4592-AA2E-840A548316AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-28] (Google Inc.)
Task: {1F19139E-7429-47C2-8FFB-E6A23ACB5556} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2D28F83D-4A14-4361-833A-28042568FE3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-29] (Microsoft Corporation)
Task: {308B74C9-A322-4F66-80CC-1F651BB6290C} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
Task: {36E7A6F1-B4E7-455A-A204-85FBA4604D69} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2018-03-09] (Acer Incorporated)
Task: {391C9686-AF40-4F2F-A0E6-D4410864198E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_pepper.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {3DBDC2AB-5F53-4909-823B-2F07ABF79944} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-15] (Microsoft Corporation)
Task: {457DF420-8978-4192-AF61-77CF6B0B8201} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {466B5BCC-FFF3-419D-8697-1E07F0E86B09} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2017-10-30] ()
Task: {48380CAA-2F97-4C07-946C-CDD108CBD4E5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-11-16] (NVIDIA Corporation)
Task: {4D168060-644B-4CFB-B8BE-68FF102D3308} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-29] (Microsoft Corporation)
Task: {4E5D7D80-F8C2-422B-954C-3549B431B050} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-11-16] (NVIDIA Corporation)
Task: {5238FD77-4345-4536-BC94-E0649477D594} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2017-10-30] ()
Task: {526AC5AA-10D1-4C2B-876C-5A049E1C93A2} - System32\Tasks\CareCenter\SecurityHealth_Reg_HKLMRun => C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12] (Microsoft Corporation)
Task: {610C41F4-F46B-47A4-AC9C-7F20FF6C7FB2} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [2018-09-26] (Acer)
Task: {61F9EB78-BB49-4176-BADD-E5A3740C37C5} - System32\Tasks\Acer Collection Monitor Application => C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe [2017-12-13] (Acer Incorporated)
Task: {659B70FF-A282-4760-BD6D-C40835C73723} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-28] (Google Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {65D42E67-1228-4532-BEED-8B5121B57258} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {79BA0128-B808-41BE-8A57-56EC03B8930C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-29] (Microsoft Corporation)
Task: {7A988F12-58DC-4545-8782-9B026E02FD2E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-15] (Microsoft Corporation)
Task: {7D675183-CDB1-4EAC-981E-6EA998E80770} - System32\Tasks\UEIPInvitation => C:\Program Files\Acer\User Experience Improvement Program\Framework\UEIPOOBECheck.exe [2018-03-07] (acer)
Task: {8F772B5F-634A-43E3-92BD-8E3976E42564} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-11-16] (NVIDIA Corporation)
Task: {91590BB3-B8BF-4327-983A-E572198AC8B4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-11-16] (NVIDIA Corporation)
Task: {94BAF760-1D82-4B1D-9C61-DFD6487D59E1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-11-16] (NVIDIA Corporation)
Task: {AA437EC8-453C-4C88-BFFB-E9B23AF64DEA} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-02-20] (Realtek Semiconductor)
Task: {B077CCD8-F8F6-47F0-A13D-8ECC418F9477} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2018-05-28] ()
Task: {B385BD38-E6CF-4F02-B775-358948D1BFE4} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-09-20] (Intel(R) Corporation)
Task: {D85C36E9-1F18-487C-A519-09B30D65A9C4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {D9E565B1-0B98-4927-9DCC-538D24BE8C7D} - System32\Tasks\RtHDVBg_ASC => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-02-20] (Realtek Semiconductor)
Task: {DD075B39-F856-4DD3-B312-C0D365EAB39A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-11-16] (NVIDIA Corporation)
Task: {E18FB243-D330-431D-9C97-FAF470961DA4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {E3D53312-D677-4910-904A-BF04133E03F1} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-11-16] (NVIDIA Corporation)
Task: {E5182249-2781-4F3E-BC62-599845BA5991} - System32\Tasks\Acer Collection Application => C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe [2017-12-14] ()
Task: {E51E14A2-17F5-49D4-B8B5-CC27B39D6166} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-11-16] (NVIDIA Corporation)
Task: {EA258390-E296-41B7-988C-BEF2726375F5} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2018-03-05] (TODO: <Company name>)
Task: {EBADC239-E552-42AF-9121-ACD267BBB025} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-11-16] (NVIDIA Corporation)
Task: {EDBE8E47-C63A-4DF9-B320-4D9D8E0BF645} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-11-16] (NVIDIA Corporation)
Task: {EDF92A57-D725-40CF-B1B3-ADAC3A607D79} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2017-10-30] (Acer Incorporated)
Task: {F014F08E-5A3F-41A5-9485-07F94F298D66} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-15] (Microsoft Corporation)
Task: {F0E44AA3-0B0E-4E3A-8DA7-59EAA05C6D56} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F34363C3-D1D7-4BF8-B3F5-AE1990B0F61E} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {F5AAE986-0921-4AE9-84F2-06AF78B848D6} - System32\Tasks\CareCenter\AdobeGCInvoker-1.0_Reg_HKLMRun => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {F9E2B939-60BC-4A79-A540-3146D6A4194F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-15] (Microsoft Corporation)
Task: {FED88050-435A-4077-9A41-19A92A2D2644} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {FF5D6017-A59B-4A3B-A3F1-8F451842A565} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-29] (Microsoft Corporation)
Task: {FFB6D047-F5D3-4029-A1EA-59EB01D4AB4E} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2018-03-09] (Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\dpmse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\2048.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jcjbnkncddbeomhaacaeokhfnefibpde

==================== Loaded Modules (Whitelisted) ==============

2018-06-28 09:13 - 2018-01-15 06:25 - 000197120 _____ () c:\windows\system32\drivers\umdf\detectionverificationdrv.dll
2018-06-28 09:13 - 2018-01-15 06:25 - 000197120 _____ () C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\DetectionVerificationDrv.dll
2018-06-28 09:13 - 2018-01-15 06:25 - 000386008 _____ () C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\WppLoggerDll.dll
2018-11-08 00:04 - 2018-11-16 12:55 - 001314672 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-11-26 16:28 - 2018-11-26 16:47 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-26 16:28 - 2018-11-26 16:47 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-26 01:52 - 2017-09-26 01:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-14 17:16 - 2018-11-01 07:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-04 08:36 - 2018-10-04 08:36 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-11-13 15:48 - 2018-11-13 15:48 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-11-13 15:48 - 2018-11-13 15:49 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-11-13 15:48 - 2018-11-13 15:49 - 010873344 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-11-13 15:48 - 2018-11-13 15:49 - 002834432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\skypert.dll
2018-11-13 15:48 - 2018-11-13 15:49 - 000685568 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-11-13 15:48 - 2018-11-13 15:49 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-05-28 19:00 - 2018-05-28 19:00 - 004696880 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-12-14 17:10 - 2017-12-14 17:10 - 000479024 _____ () C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
2018-11-07 19:27 - 2018-11-07 19:27 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-07 19:27 - 2018-11-07 19:27 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-07 19:27 - 2018-11-07 19:27 - 001754112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-10-27 12:50 - 2018-10-27 12:50 - 004183040 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-10-27 12:50 - 2018-10-27 12:50 - 004472952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-28 17:06 - 2018-11-16 06:43 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libglesv2.dll
2018-11-28 17:06 - 2018-11-16 06:43 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libegl.dll
2018-11-08 00:04 - 2018-11-16 12:55 - 001032560 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-10-26 16:10 - 2017-10-26 16:10 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\dpmse\Desktop\1º DAM:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3832486466-1238722099-959229946-1001\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 14:46 - 2018-11-26 16:15 - 000000933 _____ C:\WINDOWS\system32\Drivers\etc\hosts

5.149.253.142 www.gstatic.com
5.149.253.142 www.google-analytics.com
5.149.253.142 adservice.google.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3832486466-1238722099-959229946-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5297ABD3-62CF-45AC-8D7A-E28054EDDF15}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0865FE96-ED4D-4B94-A7D9-B52CFF69A7E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7CD559E3-ED87-4F60-ACF4-40D6FD98F7AC}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe
FirewallRules: [UDP Query User{B286CB39-EE25-45F6-9041-2D211D250E45}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe
FirewallRules: [TCP Query User{69259041-6E36-4BFB-8D7E-F502610272DE}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe
FirewallRules: [UDP Query User{324A8F01-3415-4BD4-A4AD-BD04D0D0ED56}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe
FirewallRules: [TCP Query User{F310FC87-3228-406D-BAD8-5A84BB73CAF2}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe
FirewallRules: [UDP Query User{9BD9D6B1-A37F-4299-9BDE-F9C47CB0819B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe
FirewallRules: [TCP Query User{DB9ADEF4-CA99-4977-98C8-4EAD9104A099}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe
FirewallRules: [UDP Query User{B9F4B932-C47B-4DB8-81D4-9248B029F6D7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe
FirewallRules: [TCP Query User{F772F436-22D6-4F56-9DF4-F9EDAB1A5C3B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3E6258D6-58A3-4154-AA75-994708AD03F1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe
FirewallRules: [{E30181A5-6A00-4989-8743-D4C6D1056B1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{61F2B7AC-CCDF-49F7-8310-47581C93485B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5EF21F74-D191-44A8-BFAE-755E14411EE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{2540033F-935F-4630-A1B8-8896FC9240AC}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe
FirewallRules: [UDP Query User{73107675-F341-4D3C-B808-3DEA7EBC9E45}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe
FirewallRules: [{473570A8-C538-4579-81DA-2ADF6504BD14}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{79DFD26D-8E97-4C96-B0D8-6200564E66DC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{09F0D2E3-1F03-4987-BC0E-E1F2CBE08A0D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{374A8583-3177-4F40-82C1-B982596A08DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4A2B3297-D3CC-411C-B538-DF094D59F191}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{444EBE1D-7EEB-4A85-978A-84C6607AC20B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe
FirewallRules: [UDP Query User{BC8E7C53-0913-4047-994A-475AC29EE36C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe
FirewallRules: [{CCC23325-B098-445F-9272-CD899E5AB2B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/28/2018 09:09:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: IntelAudioService.exe, versión: 1.0.84.0, marca de tiempo: 0x5a561b72
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.376, marca de tiempo: 0x60d78cf9
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000001d979
Identificador del proceso con errores: 0xf20
Hora de inicio de la aplicación con errores: 0x01d4875644cc620a
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: 199702c9-03d8-4ab9-a5f8-7697e82d22e9
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/28/2018 09:09:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: IntelAudioService.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: código de la excepción c0000005, dirección de la excepción 00007FFBED6BD979
Pila:

Error: (11/28/2018 04:48:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: IntelAudioService.exe, versión: 1.0.84.0, marca de tiempo: 0x5a561b72
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.376, marca de tiempo: 0x60d78cf9
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000001d979
Identificador del proceso con errores: 0xf30
Hora de inicio de la aplicación con errores: 0x01d48731c22a8969
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: f8371486-52f5-489b-ae76-9e2526896f92
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/28/2018 04:48:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: IntelAudioService.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: código de la excepción c0000005, dirección de la excepción 00007FFD578BD979
Pila:

Error: (11/28/2018 02:43:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa SDScan.exe, versión 2.4.40.181, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 33a0

Hora de inicio: 01d4871e86265535

Hora de finalización: 8

Ruta de la aplicación: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Identificador de informe: 42d813cc-12f8-41fd-86a6-faeb533c9333

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (11/27/2018 07:59:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa eclipse.exe, versión 0.0.0.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 2924

Hora de inicio: 01d48681349ff9ac

Hora de finalización: 32

Ruta de la aplicación: C:\Users\dpmse\eclipse\jee-photon\eclipse\eclipse.exe

Identificador de informe: c3e59c7b-b895-4aa9-9098-c8ff810c6379

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (11/27/2018 05:55:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: IntelAudioService.exe, versión: 1.0.84.0, marca de tiempo: 0x5a561b72
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.376, marca de tiempo: 0x60d78cf9
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000001d979
Identificador del proceso con errores: 0xfa4
Hora de inicio de la aplicación con errores: 0x01d48671eca861a0
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: 489e9943-3bc7-4f7a-af04-e60cb189c7f8
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/27/2018 05:55:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: IntelAudioService.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: código de la excepción c0000005, dirección de la excepción 00007FFC53A2D979
Pila:


System errors:
=============
Error: (11/29/2018 01:29:40 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-721TR5KC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/29/2018 01:27:40 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-721TR5KC)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/29/2018 01:25:40 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-721TR5KC)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/29/2018 01:23:40 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-721TR5KC)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/29/2018 01:22:47 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-721TR5KC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario LAPTOP-721TR5KC\dpmse con SID (S-1-5-21-3832486466-1238722099-959229946-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/29/2018 01:21:40 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-721TR5KC)
Description: El servidor {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/29/2018 01:19:40 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-721TR5KC)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/29/2018 01:17:40 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-721TR5KC)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.


Windows Defender:
===================================
Date: 2018-11-27 18:15:41.259
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CryptInject&threatid=2147725859&enterprise=0
Nombre: Trojan:Win32/CryptInject
Id.: 2147725859
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\dpmse\AppData\Local\Temp\is-MQ27K.tmp\dwddfu.dll
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Versión de firma: AV: 1.281.933.0, AS: 1.281.933.0, NIS: 1.281.933.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-27 17:30:25.269
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {796E06E1-93B1-4285-85F0-4FEDF2026CEF}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: LAPTOP-721TR5KC\dpmse

Date: 2018-11-27 16:57:39.311
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {33C9AF7E-745B-4C77-A314-31E491BA00BA}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: LAPTOP-721TR5KC\dpmse

Date: 2018-11-27 16:50:24.528
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {28B38F3B-1C2F-4392-BC9C-230669E6CBCE}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: LAPTOP-721TR5KC\dpmse

Date: 2018-11-27 16:49:12.150
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {5F0C5A9A-C1AF-4ED6-B173-5E461C04A459}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: LAPTOP-721TR5KC\dpmse

Date: 2018-11-26 16:54:21.877
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.281.806.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15400.5
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-10-30 19:50:09.444
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.279.764.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15400.4
Código de error: 0x800704cf
Descripción del error: No es posible el acceso a la ubicación de red. Para obtener información para solucionar problemas de red, vea la Ayuda de Windows. 

Date: 2018-10-30 18:57:43.955
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.279.764.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15400.4
Código de error: 0x800704cf
Descripción del error: No es posible el acceso a la ubicación de red. Para obtener información para solucionar problemas de red, vea la Ayuda de Windows. 

Date: 2018-10-30 18:02:16.818
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.279.764.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15400.4
Código de error: 0x800704cf
Descripción del error: No es posible el acceso a la ubicación de red. Para obtener información para solucionar problemas de red, vea la Ayuda de Windows. 

CodeIntegrity:
===================================

Date: 2018-11-28 23:27:44.498
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-28 23:27:44.497
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-28 23:14:55.687
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-28 23:14:55.663
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-28 21:10:55.541
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-28 21:10:55.229
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-28 21:10:47.870
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-28 21:10:47.864
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 57%
Total physical RAM: 8067.6 MB
Available physical RAM: 3445.28 MB
Total Virtual: 9347.6 MB
Available Virtual: 3326.34 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:118.13 GB) (Free:41.76 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:931.26 GB) NTFS

\\?\Volume{03d13c6e-f910-4e6e-b8c3-003ae67d7770}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.57 GB) NTFS
\\?\Volume{316e0aa6-f08c-431f-9a64-383841b7a49d}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C2AC0FCB)

Partition: GPT.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: C2AC0F2D)

Partition: GPT.

==================== End of Addition.txt ============================

#4

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.11.2018
Ran by dpmse (administrator) on LAPTOP-721TR5KC (29-11-2018 01:28:10)
Running from C:\Users\dpmse\Desktop
Loaded Profiles: dpmse (Available Profiles: dpmse)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxCUIService.exe
(Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHDCPSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Oracle Corporation) C:\oraclexe\app\oracle\product\11.2.0\server\bin\oracle.exe
(Oracle Corporation) C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
() C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3832486466-1238722099-959229946-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0705a6ae-14ed-4310-8b08-a4b26a41257f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{407cf264-87af-4f4e-a09e-f43153d53921}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5d210c39-cafb-4de0-84c7-647cba5fd1c6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{aca3aed8-c4f7-4bb5-832e-90414d0d85bf}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{d9a37436-d16c-402a-99e0-c5fd0c74ad06}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{d9a37436-d16c-402a-99e0-c5fd0c74ad06}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{e2a2adbb-7aaf-11e8-a679-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f186e084-6d58-4f2b-bb19-c5d414b412a8}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-3832486466-1238722099-959229946-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3832486466-1238722099-959229946-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-11-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-10-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-21] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-08] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-08] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-08] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-08] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: hxxqzs5t.default
FF ProfilePath: C:\Users\dpmse\AppData\Roaming\Mozilla\Firefox\Profiles\hxxqzs5t.default [2018-11-28]
FF Homepage: Mozilla\Firefox\Profiles\hxxqzs5t.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (AdBlocker Ultimate) - C:\Users\dpmse\AppData\Roaming\Mozilla\Firefox\Profiles\hxxqzs5t.default\Extensions\[email protected] [2018-11-27]
FF Extension: (Telemetry coverage) - C:\Users\dpmse\AppData\Roaming\Mozilla\Firefox\Profiles\hxxqzs5t.default\features\{dffa62ef-165b-485c-aff7-b51ef5acdc67}\[email protected] [2018-11-12] [Legacy]
FF SearchPlugin: C:\Users\dpmse\AppData\Roaming\Mozilla\Firefox\Profiles\hxxqzs5t.default\searchplugins\bing-lavasoft-ff59.xml [2018-11-26]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{733ED5DC-6D54-4A04-900B-CA85BF4B9A1B}.xpi [2018-11-26] [not signed]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2018-06-28]
FF Extension: (Español (España) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2018-06-28] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2018-06-28] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-21] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-11-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-11-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.es/
CHR StartupUrls: Default -> "hxxps://www.google.es/"
CHR Profile: C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default [2018-11-29]
CHR Extension: (Presentaciones) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-28]
CHR Extension: (Documentos) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-28]
CHR Extension: (Google Drive) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-28]
CHR Extension: (YouTube) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-28]
CHR Extension: (Honey) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-11-28]
CHR Extension: (Adblock Plus) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-28]
CHR Extension: (Drive Chess) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehofpakliohjgnmoooiaeklglehlloja [2018-11-28]
CHR Extension: (Hojas de cálculo) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-28]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-28]
CHR Extension: (Batalla naval) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjgmfhnanfbghmpcbdfgpigcgdbaggfm [2018-11-28]
CHR Extension: (2048) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcjbnkncddbeomhaacaeokhfnefibpde [2018-11-28]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-28]
CHR Extension: (Gmail) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [347024 2017-06-01] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9669920 2018-11-02] (Microsoft Corporation)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2018-09-25] (EasyAntiCheat Ltd)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [10065712 2018-11-28] (EnigmaSoft Limited)
S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2593848 2018-03-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-20] (Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-20] (Intel(R) Corporation)
R2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [204248 2018-01-15] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-10-26] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-11-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-11-16] (NVIDIA Corporation)
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe [45568 2014-05-29] () [File not signed]
S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [81408 2014-05-29] (Oracle Corporation) [File not signed]
R2 OracleServiceXE; c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [147110912 2014-05-30] (Oracle Corporation) [File not signed]
S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [83968 2014-05-29] (Oracle Corporation) [File not signed]
R2 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [522240 2014-05-29] (Oracle Corporation) [File not signed]
S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [466224 2018-03-09] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [508208 2018-03-09] (Acer Incorporated)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [537904 2018-11-28] (EnigmaSoft Limited)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [301872 2018-03-05] (acer)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-29] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30112 2018-10-18] (Acer Incorporated)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [605584 2017-06-01] (Qualcomm)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [69232 2018-11-28] (EnigmaSoft Limited)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-11-26] (Malwarebytes)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [942136 2018-03-01] (Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [72248 2018-03-01] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-11-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-11-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-11-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-28] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-11-29] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvac.inf_amd64_2fc0d3600c3c3d39\nvlddmkm.sys [17036560 2018-01-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-11] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782304 2017-04-11] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-29 01:28 - 2018-11-29 01:28 - 000021682 _____ C:\Users\dpmse\Desktop\FRST.txt
2018-11-29 01:27 - 2018-11-29 01:28 - 000000000 ____D C:\FRST
2018-11-29 01:27 - 2018-11-29 01:27 - 002416640 _____ (Farbar) C:\Users\dpmse\Desktop\FRST64.exe
2018-11-29 01:27 - 2018-11-29 01:27 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-11-29 01:27 - 2018-11-29 01:27 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-11-29 01:27 - 2018-11-29 01:27 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-11-29 01:13 - 2018-11-29 01:13 - 000000276 _____ C:\Users\dpmse\Desktop\eset.txt
2018-11-28 23:39 - 2018-11-28 23:42 - 000000000 ___HD C:\$SysReset
2018-11-28 20:44 - 2018-11-28 20:44 - 006985848 _____ (ESET spol. s r.o.) C:\Users\dpmse\Desktop\esetonlinescanner_esn.exe
2018-11-28 20:44 - 2018-11-28 20:44 - 000000000 ____D C:\Users\dpmse\AppData\Local\ESET
2018-11-28 18:03 - 2018-11-28 18:03 - 000000000 ____D C:\Users\dpmse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome
2018-11-28 18:02 - 2018-11-28 23:40 - 000069232 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2018-11-28 18:01 - 2018-11-28 20:51 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2018-11-28 18:01 - 2018-11-28 18:01 - 000000000 ____D C:\sh5ldr
2018-11-28 18:01 - 2018-11-28 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2018-11-28 18:01 - 2018-11-28 18:01 - 000000000 ____D C:\Program Files\EnigmaSoft
2018-11-28 17:06 - 2018-11-28 17:06 - 000002335 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-28 17:06 - 2018-11-28 17:06 - 000002294 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-28 17:05 - 2018-11-28 17:05 - 000003556 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-28 17:05 - 2018-11-28 17:05 - 000003432 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-28 16:48 - 2018-11-28 23:19 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-28 16:45 - 2018-11-28 16:45 - 007321808 _____ (Malwarebytes) C:\Users\dpmse\Downloads\adwcleaner_7.2.5.0.exe
2018-11-28 16:45 - 2018-11-28 16:45 - 000000000 ____D C:\AdwCleaner
2018-11-28 14:31 - 2015-07-28 17:52 - 000821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2018-11-28 14:25 - 2018-11-28 14:42 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-11-28 14:25 - 2018-11-28 14:31 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-11-28 14:25 - 2018-11-28 14:25 - 000001424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-11-28 14:25 - 2018-11-28 14:25 - 000001412 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-11-28 14:25 - 2018-11-28 14:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-11-28 14:25 - 2018-11-28 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-11-28 14:25 - 2013-09-20 10:49 - 000021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2018-11-28 14:24 - 2018-11-28 14:24 - 046525608 _____ (Safer-Networking Ltd. ) C:\Users\dpmse\Downloads\spybot-2-4.exe
2018-11-27 16:05 - 2018-11-28 16:47 - 100139008 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-11-27 16:00 - 2018-11-27 16:05 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-11-26 19:33 - 2018-11-26 19:34 - 010641438 _____ C:\Users\dpmse\Downloads\Lan_Realtek_10.16.323.2017_W10x64_A.zip
2018-11-26 19:28 - 2018-11-26 19:28 - 010616720 _____ C:\Users\dpmse\Downloads\Lan_Realtek_10.013.1223.2016_W10x64_A.zip
2018-11-26 19:16 - 2018-11-26 19:16 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-11-26 18:57 - 2018-11-26 18:57 - 041176512 _____ C:\Users\dpmse\Downloads\gigavid-network-Winx64.exe
2018-11-26 16:59 - 2018-11-26 16:59 - 001130840 _____ (Google Inc.) C:\Users\dpmse\Downloads\ChromeSetup.exe
2018-11-26 16:59 - 2018-11-26 16:59 - 001130840 _____ (Google Inc.) C:\Users\dpmse\Downloads\ChromeSetup(1).exe
2018-11-26 16:37 - 2018-11-26 16:37 - 000000282 __RSH C:\Users\dpmse\ntuser.pol
2018-11-26 16:29 - 2018-11-26 16:29 - 000000000 ____D C:\Users\dpmse\AppData\Local\mbam
2018-11-26 16:28 - 2018-11-26 16:47 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-26 16:28 - 2018-11-26 16:28 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-26 16:28 - 2018-11-26 16:28 - 000000000 ____D C:\Users\dpmse\AppData\Local\mbamtray
2018-11-26 16:28 - 2018-11-26 16:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-26 16:28 - 2018-11-26 16:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-26 16:28 - 2018-11-26 16:28 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-26 16:17 - 2018-11-26 16:17 - 000000282 __RSH C:\ProgramData\ntuser.pol
2018-11-26 16:15 - 2018-11-26 16:37 - 000000000 ____D C:\Users\dpmse\AppData\Roaming\jtknloenw2h
2018-11-26 16:14 - 2018-11-26 16:36 - 000000000 ____D C:\Program Files (x86)\Live
2018-11-26 16:14 - 2018-11-26 16:14 - 000000000 ____D C:\Users\dpmse\AppData\Roaming\Python
2018-11-26 16:14 - 2018-11-26 16:14 - 000000000 ____D C:\Users\dpmse\AppData\Local\Chrome
2018-11-26 16:12 - 2018-11-26 16:37 - 000000000 ____D C:\Users\dpmse\AppData\Local\William
2018-11-26 16:12 - 2018-11-26 16:36 - 000000000 ____D C:\Program Files\Klukwan
2018-11-26 16:12 - 2018-11-26 16:12 - 000140800 _____ C:\Users\dpmse\AppData\Local\installer.dat
2018-11-26 16:08 - 2018-11-27 15:55 - 000000000 ____D C:\ProgramData\Lifh
2018-11-26 16:08 - 2018-11-26 16:08 - 000000000 ____D C:\ProgramData\Bloger
2018-11-26 16:07 - 2018-11-26 16:36 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.2.1 Final
2018-11-26 16:07 - 2018-11-26 16:07 - 000000000 ____D C:\Users\dpmse\AppData\Local\AdvinstAnalytics
2018-11-25 12:56 - 2018-11-25 12:56 - 000098199 _____ C:\WINDOWS\uninstaller.dat
2018-11-19 16:27 - 2018-11-19 16:27 - 000000000 ____D C:\Users\dpmse\AppData\Roaming\sqldeveloper
2018-11-19 16:27 - 2018-11-19 16:27 - 000000000 ____D C:\Users\dpmse\AppData\Roaming\SQL Developer
2018-11-19 16:19 - 2018-11-19 16:19 - 000000000 ____D C:\Program Files\sqldeveloper
2018-11-19 16:17 - 2018-11-19 16:17 - 000002157 _____ C:\Users\Public\Desktop\Get Started With Oracle Database 11g Express Edition .lnk
2018-11-19 16:17 - 2018-11-19 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle Database 11g Express Edition
2018-11-19 16:11 - 2018-11-19 16:12 - 331923533 _____ C:\Users\dpmse\Downloads\OracleXE112_Win64.zip
2018-11-19 16:02 - 2018-11-19 16:02 - 000000000 ____D C:\Users\dpmse\Oracle
2018-11-19 16:01 - 2018-11-19 16:01 - 000000000 ____D C:\oraclexe
2018-11-16 18:57 - 2018-11-16 19:02 - 445059873 _____ C:\Users\dpmse\Downloads\sqldeveloper-18.3.0.277.2354-x64.zip
2018-11-15 19:55 - 2018-11-15 19:55 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-11-15 19:55 - 2018-11-15 19:55 - 000002476 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-11-15 19:55 - 2018-11-15 19:55 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-11-15 19:55 - 2018-11-15 19:55 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-11-15 19:55 - 2018-11-15 19:55 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-11-15 19:55 - 2018-11-15 19:55 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-11-15 19:55 - 2018-11-15 19:55 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-11-15 19:55 - 2018-11-15 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2018-11-14 17:17 - 2018-11-01 12:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-14 17:17 - 2018-11-01 10:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-14 17:17 - 2018-11-01 10:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-14 17:17 - 2018-11-01 08:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 17:17 - 2018-11-01 08:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-14 17:17 - 2018-11-01 08:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-14 17:17 - 2018-11-01 08:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-14 17:17 - 2018-11-01 05:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-14 17:17 - 2018-11-01 05:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-14 17:16 - 2018-11-01 12:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-14 17:16 - 2018-11-01 12:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-14 17:16 - 2018-11-01 12:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-14 17:16 - 2018-11-01 12:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 17:16 - 2018-11-01 12:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-14 17:16 - 2018-11-01 12:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-14 17:16 - 2018-11-01 12:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-14 17:16 - 2018-11-01 12:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 17:16 - 2018-11-01 12:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-14 17:16 - 2018-11-01 12:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-14 17:16 - 2018-11-01 12:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-14 17:16 - 2018-11-01 12:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-14 17:16 - 2018-11-01 12:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-14 17:16 - 2018-11-01 12:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-14 17:16 - 2018-11-01 12:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-14 17:16 - 2018-11-01 12:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-14 17:16 - 2018-11-01 12:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-14 17:16 - 2018-11-01 12:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-14 17:16 - 2018-11-01 12:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-14 17:16 - 2018-11-01 11:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-14 17:16 - 2018-11-01 10:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-14 17:16 - 2018-11-01 10:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-14 17:16 - 2018-11-01 10:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-14 17:16 - 2018-11-01 10:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-14 17:16 - 2018-11-01 10:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-14 17:16 - 2018-11-01 10:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-14 17:16 - 2018-11-01 10:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-14 17:16 - 2018-11-01 10:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-14 17:16 - 2018-11-01 08:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-14 17:16 - 2018-11-01 08:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-14 17:16 - 2018-11-01 08:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-14 17:16 - 2018-11-01 08:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-14 17:16 - 2018-11-01 08:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-14 17:16 - 2018-11-01 08:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-14 17:16 - 2018-11-01 08:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-14 17:16 - 2018-11-01 08:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-14 17:16 - 2018-11-01 08:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-14 17:16 - 2018-11-01 08:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-14 17:16 - 2018-11-01 08:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-14 17:16 - 2018-11-01 08:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-14 17:16 - 2018-11-01 08:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 17:16 - 2018-11-01 08:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-14 17:16 - 2018-11-01 08:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 17:16 - 2018-11-01 08:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-14 17:16 - 2018-11-01 08:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-14 17:16 - 2018-11-01 08:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-14 17:16 - 2018-11-01 08:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-14 17:16 - 2018-11-01 08:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-14 17:16 - 2018-11-01 08:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-14 17:16 - 2018-11-01 08:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-14 17:16 - 2018-11-01 08:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-14 17:16 - 2018-11-01 08:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-14 17:16 - 2018-11-01 08:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-14 17:16 - 2018-11-01 08:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 17:16 - 2018-11-01 08:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-14 17:16 - 2018-11-01 08:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-14 17:16 - 2018-11-01 08:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-14 17:16 - 2018-11-01 08:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-14 17:16 - 2018-11-01 08:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-14 17:16 - 2018-11-01 08:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-14 17:16 - 2018-11-01 08:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-14 17:16 - 2018-11-01 08:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-14 17:16 - 2018-11-01 08:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-14 17:16 - 2018-11-01 08:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-14 17:16 - 2018-11-01 08:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-14 17:16 - 2018-11-01 08:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-14 17:16 - 2018-11-01 08:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-14 17:16 - 2018-11-01 08:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-14 17:16 - 2018-11-01 08:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-14 17:16 - 2018-11-01 08:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-14 17:16 - 2018-11-01 08:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-14 17:16 - 2018-11-01 08:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-14 17:16 - 2018-11-01 08:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-14 17:16 - 2018-11-01 08:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-14 17:16 - 2018-11-01 08:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-14 17:16 - 2018-11-01 08:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-14 17:16 - 2018-11-01 08:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-14 17:16 - 2018-11-01 07:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-14 17:16 - 2018-11-01 07:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-14 17:16 - 2018-11-01 07:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 17:16 - 2018-11-01 07:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-14 17:16 - 2018-11-01 07:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-14 17:16 - 2018-11-01 07:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-14 17:16 - 2018-11-01 07:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-14 17:16 - 2018-11-01 07:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-14 17:16 - 2018-11-01 07:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-14 17:16 - 2018-11-01 07:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-14 17:16 - 2018-11-01 07:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-14 17:16 - 2018-11-01 07:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-14 17:16 - 2018-11-01 07:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-14 17:16 - 2018-11-01 07:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-14 17:16 - 2018-11-01 07:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-14 17:16 - 2018-11-01 07:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 17:16 - 2018-11-01 07:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-14 17:16 - 2018-11-01 07:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-14 17:16 - 2018-11-01 07:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-14 17:16 - 2018-11-01 07:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-14 17:16 - 2018-11-01 07:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-14 17:16 - 2018-11-01 07:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-14 17:16 - 2018-11-01 07:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-14 17:16 - 2018-11-01 07:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-14 17:16 - 2018-11-01 07:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-14 17:16 - 2018-11-01 07:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-14 17:16 - 2018-11-01 07:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-14 17:16 - 2018-11-01 07:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-14 17:16 - 2018-11-01 07:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-14 17:16 - 2018-11-01 07:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-14 17:16 - 2018-11-01 07:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-14 17:16 - 2018-11-01 07:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-14 17:16 - 2018-11-01 07:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-14 17:16 - 2018-11-01 07:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-14 17:16 - 2018-11-01 07:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-14 17:16 - 2018-11-01 07:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-14 17:16 - 2018-11-01 07:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-14 17:16 - 2018-11-01 07:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-14 17:16 - 2018-11-01 07:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-14 17:16 - 2018-11-01 07:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-14 17:16 - 2018-11-01 07:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-14 17:16 - 2018-11-01 07:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-14 17:16 - 2018-11-01 07:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-14 17:16 - 2018-11-01 07:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-14 17:16 - 2018-11-01 07:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-14 17:16 - 2018-11-01 07:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-14 17:16 - 2018-11-01 07:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 17:16 - 2018-11-01 07:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-14 17:16 - 2018-11-01 07:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-14 17:16 - 2018-11-01 07:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-14 17:16 - 2018-11-01 06:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-14 17:16 - 2018-11-01 06:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-14 17:16 - 2018-11-01 05:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-14 17:16 - 2018-11-01 05:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-14 17:16 - 2018-11-01 05:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-14 17:16 - 2018-11-01 05:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-14 17:16 - 2018-11-01 05:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-14 17:16 - 2018-11-01 05:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-14 17:16 - 2018-11-01 05:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-14 17:16 - 2018-11-01 05:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-14 17:16 - 2018-11-01 05:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-14 17:16 - 2018-11-01 05:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-14 17:16 - 2018-11-01 05:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-14 17:16 - 2018-11-01 05:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-14 17:16 - 2018-11-01 05:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-14 17:16 - 2018-11-01 05:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-14 17:16 - 2018-11-01 05:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-14 17:16 - 2018-11-01 05:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-14 17:16 - 2018-11-01 05:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-14 17:16 - 2018-11-01 05:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-14 17:16 - 2018-11-01 05:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-14 17:16 - 2018-11-01 05:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-14 17:16 - 2018-11-01 05:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-14 17:16 - 2018-11-01 05:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-14 17:16 - 2018-11-01 05:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-14 17:16 - 2018-11-01 05:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-14 17:16 - 2018-11-01 05:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-14 17:16 - 2018-11-01 05:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-14 17:16 - 2018-11-01 05:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-14 17:16 - 2018-11-01 05:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-14 17:16 - 2018-11-01 05:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-14 17:16 - 2018-11-01 05:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-14 17:16 - 2018-11-01 05:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-14 17:16 - 2018-11-01 05:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-14 17:16 - 2018-11-01 05:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-14 17:16 - 2018-11-01 05:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-14 17:16 - 2018-11-01 05:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-14 17:16 - 2018-11-01 05:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-14 17:16 - 2018-11-01 05:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-14 17:16 - 2018-11-01 05:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-14 17:16 - 2018-11-01 05:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-14 17:16 - 2018-11-01 05:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-14 17:16 - 2018-11-01 05:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-14 17:16 - 2018-11-01 05:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-14 17:16 - 2018-11-01 05:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-14 17:16 - 2018-11-01 05:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-14 17:16 - 2018-11-01 05:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-14 17:16 - 2018-11-01 05:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-14 17:16 - 2018-11-01 05:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-14 17:16 - 2018-11-01 05:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-12 16:48 - 2018-11-12 16:48 - 000000000 ____D C:\Users\Public\Downloads\Norton
2018-11-09 17:53 - 2018-11-09 17:53 - 000904978 _____ C:\Users\dpmse\Downloads\trabajo.zip
2018-11-08 21:00 - 2018-11-08 21:00 - 000008270 _____ C:\Users\dpmse\AppData\Local\recently-used.xbel
2018-11-08 19:52 - 2018-11-18 15:45 - 000001416 _____ C:\Users\dpmse\Desktop\Agenda.lnk
2018-11-08 15:45 - 2018-11-08 15:45 - 000000931 _____ C:\Users\dpmse\Desktop\Sublime Text 3.lnk
2018-11-08 15:43 - 2018-11-08 15:43 - 009142656 _____ (Sublime HQ Pty Ltd ) C:\Users\dpmse\Downloads\Sublime Text Build 3176 x64 Setup.exe
2018-11-08 15:43 - 2018-11-08 15:43 - 000000931 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2018-11-08 15:43 - 2018-11-08 15:43 - 000000000 ____D C:\Program Files\Sublime Text 3
2018-11-08 00:29 - 2018-11-08 00:29 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-11-08 00:28 - 2018-11-08 00:29 - 005129120 _____ (Microsoft Corporation) C:\Users\dpmse\Downloads\Setup.x86.es-es_ProfessionalRetail_NKGG6-WBPCC-HXWMY-6DQGJ-CPQVG_act_1_.exe
2018-11-08 00:04 - 2018-11-26 19:27 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-08 00:04 - 2018-11-26 19:27 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-08 00:04 - 2018-11-26 19:27 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-08 00:04 - 2018-11-26 19:27 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-08 00:04 - 2018-11-26 19:27 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-08 00:04 - 2018-11-26 19:27 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-08 00:04 - 2018-11-26 19:27 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-08 00:04 - 2018-11-26 19:27 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-08 00:04 - 2018-11-26 19:27 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-08 00:04 - 2018-11-26 19:27 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-08 00:04 - 2018-11-26 19:27 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-08 00:04 - 2018-11-16 12:55 - 002864496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-11-08 00:04 - 2018-11-16 12:55 - 002264432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-11-08 00:04 - 2018-11-16 12:55 - 001322864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-11-08 00:04 - 2018-11-08 00:04 - 000000000 ____D C:\Users\dpmse\ansel
2018-11-08 00:04 - 2018-11-08 00:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-11-08 00:04 - 2018-10-04 13:33 - 000203760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2018-11-08 00:04 - 2018-10-04 13:33 - 000179696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2018-11-08 00:04 - 2018-08-03 23:40 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-11-08 00:03 - 2018-10-01 19:47 - 000070024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-11-08 00:03 - 2018-10-01 16:47 - 000074576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-11-07 21:01 - 2018-11-07 21:01 - 000000000 ____D C:\Users\dpmse\AppData\Local\ElevatedDiagnostics
2018-11-07 20:21 - 2018-11-07 20:21 - 000000000 ____D C:\Users\dpmse\AppData\LocalLow\Temp
2018-10-31 19:22 - 2018-10-31 19:22 - 000115950 _____ C:\Users\dpmse\Downloads\descarga.html
2018-10-30 17:57 - 2018-10-30 17:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\CareCenter
2018-10-30 15:41 - 2018-09-04 23:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-29 01:21 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-29 01:06 - 2018-09-25 14:32 - 000000000 ____D C:\Users\dpmse\AppData\Local\Packages
2018-11-29 00:06 - 2018-10-27 12:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-28 23:24 - 2018-10-27 12:31 - 001774736 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-28 23:24 - 2018-04-12 17:18 - 000789822 _____ C:\WINDOWS\system32\perfh00A.dat
2018-11-28 23:24 - 2018-04-12 17:18 - 000156162 _____ C:\WINDOWS\system32\perfc00A.dat
2018-11-28 23:24 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-28 23:21 - 2018-10-27 12:28 - 000003508 _____ C:\WINDOWS\System32\Tasks\DashlaneUpgradeCheck
2018-11-28 23:21 - 2018-06-28 09:09 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-28 23:19 - 2018-10-27 12:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-28 23:19 - 2018-10-27 12:23 - 000000000 ____D C:\Users\dpmse
2018-11-28 23:19 - 2018-09-25 14:32 - 000000000 __SHD C:\Users\dpmse\IntelGraphicsProfiles
2018-11-28 21:09 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-28 20:19 - 2018-09-27 17:00 - 000000000 ____D C:\Users\dpmse\Desktop\1º DAM
2018-11-28 18:16 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-28 17:19 - 2018-09-25 14:35 - 000000000 ____D C:\Users\dpmse\AppData\LocalLow\Mozilla
2018-11-28 17:06 - 2018-09-25 14:41 - 000000000 ____D C:\Users\dpmse\AppData\Local\Google
2018-11-28 17:06 - 2018-09-25 14:41 - 000000000 ____D C:\Program Files (x86)\Google
2018-11-28 17:04 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-28 16:47 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-11-28 16:45 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-11-28 14:31 - 2018-09-25 15:11 - 000000000 ____D C:\Program Files\Common Files\AV
2018-11-27 20:00 - 2018-10-01 16:56 - 000000000 ____D C:\Users\dpmse\AppData\Local\Eclipse
2018-11-27 20:00 - 2018-10-01 16:53 - 000000000 ____D C:\Users\dpmse\.p2
2018-11-27 19:57 - 2018-10-05 16:04 - 000000000 ____D C:\Users\dpmse\eclipse-workspace
2018-11-27 17:48 - 2018-10-05 16:03 - 000001084 _____ C:\Users\dpmse\Desktop\Eclipse Jee Photon.lnk
2018-11-27 16:46 - 2018-09-28 17:54 - 000000000 ____D C:\Users\dpmse\AppData\Roaming\WhatsApp
2018-11-27 16:16 - 2018-10-05 20:05 - 000592416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-27 15:43 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-26 19:36 - 2018-06-28 09:09 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-11-26 19:35 - 2018-06-28 08:52 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-11-26 19:27 - 2018-06-28 09:09 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-11-26 19:27 - 2018-06-28 09:09 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-11-26 19:09 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-26 16:17 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-11-26 16:15 - 2018-06-28 09:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-23 19:54 - 2018-09-25 17:53 - 000000000 ____D C:\Users\dpmse\AppData\Local\CrashDumps
2018-11-20 17:38 - 2018-10-11 16:26 - 000000000 ____D C:\Users\dpmse\Desktop\Untitled Export
2018-11-20 17:25 - 2018-10-27 12:28 - 000004626 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-11-20 17:24 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-20 17:24 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-19 16:25 - 2018-06-28 09:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-19 16:17 - 2018-06-28 08:52 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-11-19 16:15 - 2018-06-28 09:21 - 000001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-17 19:52 - 2018-09-28 16:16 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-17 00:00 - 2018-04-12 00:41 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-17 00:00 - 2018-04-12 00:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-16 16:42 - 2018-10-27 12:28 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3832486466-1238722099-959229946-1001
2018-11-16 16:42 - 2018-10-27 12:23 - 000002401 _____ C:\Users\dpmse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-16 16:38 - 2018-09-25 14:44 - 000000000 ____D C:\Program Files\rempl
2018-11-15 20:28 - 2018-06-28 09:09 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-11-15 19:54 - 2018-09-26 10:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-14 23:28 - 2018-10-27 12:21 - 000406328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-14 19:16 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-14 19:16 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 19:16 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 19:16 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-14 19:16 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 19:16 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-14 18:25 - 2018-09-25 14:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-14 18:16 - 2018-09-25 14:43 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-14 00:22 - 2018-10-27 12:28 - 000004430 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-12 17:05 - 2018-06-28 09:25 - 000000000 ____D C:\ProgramData\Norton
2018-11-12 17:04 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-12 17:04 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-12 16:49 - 2018-06-28 09:25 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-11-09 17:53 - 2018-09-28 17:56 - 000000000 ____D C:\Users\dpmse\AppData\Local\WhatsApp
2018-11-09 17:53 - 2018-09-28 17:54 - 000002265 _____ C:\Users\dpmse\Desktop\WhatsApp.lnk
2018-11-09 17:53 - 2018-09-28 17:54 - 000000000 ____D C:\Users\dpmse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-11-09 17:51 - 2018-09-28 17:54 - 000000000 ____D C:\Users\dpmse\AppData\Local\SquirrelTemp
2018-11-09 17:14 - 2018-09-25 14:53 - 000000000 ____D C:\Users\dpmse\AppData\Local\PlaceholderTileLogoFolder
2018-11-08 00:29 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-11-08 00:05 - 2018-09-25 14:32 - 000000000 ____D C:\Users\dpmse\AppData\Local\NVIDIA Corporation
2018-11-08 00:04 - 2018-10-23 16:37 - 000000000 ____D C:\Users\dpmse\AppData\Local\NVIDIA
2018-11-08 00:04 - 2018-06-28 08:54 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-05 16:53 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-10-30 23:01 - 2018-09-25 20:25 - 000000000 ____D C:\ProgramData\Packages

==================== Files in the root of some directories =======

2018-11-26 16:12 - 2018-11-26 16:12 - 000140800 _____ () C:\Users\dpmse\AppData\Local\installer.dat
2018-11-08 21:00 - 2018-11-08 21:00 - 000008270 _____ () C:\Users\dpmse\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2018-11-26 16:16 - 2018-11-26 16:16 - 000101888 _____ () C:\Users\dpmse\AppData\Local\Temp\Heart.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-27 12:21

==================== End of FRST.txt ============================

#5

Cabe destacar también que en los programas, me aparece uno que se llama “QUOSUser2.r10”, el cual desconozco lo que es y apareció el día de la infección, y que al intentarlo desinstalar no me lo permite. (He intentado adjuntar foto pero no puedo).

Lo que me pone es como que ese archivo. exe no se encuentra en la carpeta de Appdata de mi usuario o que ha cambiado de nombre y me salta un error. Imagino que algo tendrá que ver con todo esto

Igual me pasa con el archivo de spyhunter ty es algo que me extraña mucho la verdad :confused:


#7

Hola

Por este programa:

QOSUser2.r10 (HKU\S-1-5-21-3832486466-1238722099-959229946-1001…\QOSUser2.r10) (Version: - Alt0C10ud)

No hay evidencia de nada, por lo cual seguramente es parte del malware.

NOTA: El siguiente paso, hacelo con mucha atención

vas a Inicio - Ejecutar y escribís Regedit para abrir el editor del registro.

Bajas por la siguiente ruta: HKEY_USERS

y dentro de esta buscas la clave: S-1-5-21-3832486466-1238722099-959229946-1001

Clic derecho sobre ella y dale a eliminar.

Abrí un nuevo archivo Notepad y copia y pega este contenido:

Start
CreateRestorePoint:
CloseProcesses
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
C:\Program Files\EnigmaSoft
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3832486466-1238722099-959229946-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF DefaultProfile: hxxqzs5t.default
FF ProfilePath: C:\Users\dpmse\AppData\Roaming\Mozilla\Firefox\Profiles\hxxqzs5t.default [2018-11-28]
FF SearchPlugin: C:\Users\dpmse\AppData\Roaming\Mozilla\Firefox\Profiles\hxxqzs5t.default\searchplugins\bing-lavasoft-ff59.xml [2018-11-26]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{733ED5DC-6D54-4A04-900B-CA85BF4B9A1B}.xpi [2018-11-26] [not signed]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2018-06-28]
CHR Extension: (2048) - C:\Users\dpmse\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcjbnkncddbeomhaacaeokhfnefibpde [2018-11-28]
DisableService: ShKernel.exe
DisableService: ShMonitor.exe
DisableService: EnigmaFileMonDriver.sys
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [10065712 2018-11-28] (EnigmaSoft Limited)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [537904 2018-11-28] (EnigmaSoft Limited)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [69232 2018-11-28] (EnigmaSoft Limited)
DeleteKey: HKU\S-1-5-21-3832486466-1238722099-959229946-1001
DeleteValue: HKU\S-1-5-21-3832486466-1238722099-959229946-1001
2018-11-28 23:39 - 2018-11-28 23:42 - 000000000 ___HD C:\$SysReset
2018-11-28 18:01 - 2018-11-28 20:51 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2018-11-28 18:01 - 2018-11-28 18:01 - 000000000 ____D C:\sh5ldr
2018-11-28 18:01 - 2018-11-28 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2018-11-28 18:01 - 2018-11-28 18:01 - 000000000 ____D C:\Program Files\EnigmaSoft
2018-11-26 16:12 - 2018-11-26 16:12 - 000140800 _____ () C:\Users\dpmse\AppData\Local\installer.dat
2018-11-08 21:00 - 2018-11-08 21:00 - 000008270 _____ () C:\Users\dpmse\AppData\Local\recently-used.xbel
2018-11-26 16:16 - 2018-11-26 16:16 - 000101888 _____ () C:\Users\dpmse\AppData\Local\Temp\Heart.exe
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Task: {308B74C9-A322-4F66-80CC-1F651BB6290C} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
ShortcutWithArgument: C:\Users\dpmse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\2048.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jcjbnkncddbeomhaacaeokhfnefibpde
AlternateDataStreams: C:\Users\dpmse\Desktop\1º DAM:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Saludos


#8

Y en cuanto al spyhunter? Tampoco me deja desinstalarlo


#9

Espero el resultado del procedimiento que te indique en Mi anterior respuesta.

Saludos


#10

Está complicado, se me ha quedado todo en negro y solo me sale la papelera de reciclaje. Me salta error en win32. Me da a mí que la he liado, que puedo hacer?


#11

Reinicia el sistema y Nos comentas …


#12

Ya he reiniciado y nada. Creo que voy a tener que formatear el ordenador


#13

O esto tiene alguna solución?


#14

Hola

Yo no soy adepto a hacer reparaciones cuando el sistema ha tenido una falla tan grande, posterior a multiples infecciones.

Si sabes como hacerlo, y si tenes los medios para hacerlo, Formatear el disco e instalar el sistema limpio, es la mejor opción.

Claro que después tenes que cuidar mucho lo que instalas para no volver a tener este tipo de problemas …