No puedo eliminar el PUP.Optional.Legacy


#1
Hola, espero poder conseguir ayuda aca, esto me esta pasando hace diría aproximado de 1 mes o 1 mes y medio, apareció de pronto y sin aviso, considero soy un usuario medio y mido lo que descargo, de donde y como lo descargo, cuando inicio este problema lo primero que hice fue intentar resolverlo con 360antivirus, me recomendaron malwarebytes, adwCleaner, junto al 360antivirus, los mismos detectaron el malware y les procedi con lo recomendado que era montar en cuarentena y reparar, hice eso, escanee nuevamente y listo no aparecia, entro a una web con HTTP (sin el Secure de HTTPS) y noto que la pc lagea, al abrir el administrador de tarea me percato que el CPU esta trabajando al 100% y me fijo que al cerrar esa web todo se repara sin mas problemas, es decir el malware aun seguía en mi pc por que? no se, decidi formatear el pc para salir del problema de raíz donde como resultado que siga aun el malware!!! como es posible esto? asumo que esta en alguno de los 5 discos que tengo(tengo instalado el SO en el ssd y tengo 5 HDD apartes), necesito realmente que me ayuden y me guien en lo posible como eliminar y salir de esto que ya se vuelve insoportable.
Se ejecuta únicamente hasta ahora en webs HTTP y me bombardea de publicidad y usa mi CPU al 100%(asumiendo que minan algo).
  • Instalados en el Pc
Malwarebytes
AdwCleanner
Saludos y espero realmente me puedan ayudar a resolver esta problema, como nota para agregar tengo 1h con el Windows instalado y no he metido nada mas hasta que no salga de ese malware no quiero llenar el SO de cosas que luego quizás compliquen la manera a eliminarlo, gracias, saludos.

#2

Hola @kenichi3000

Bienvenido al nuevo InfoSpyware…!!

No comentaste cual es tu SO?

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. >> ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Envuelve cada uno de los reportes con la etiqueta escrita [Code] tal como se muestra en la imagen.

Nos comentas.

Esperamos esos reporte.

Salu2.


#3

Hola muchas gracias por su pronta asistencia, realmente olvide el SO, perdón, uso w10 pro versión 64 bits.

PD: no estoy seguro si el defender se desactivo porque mientras el programa analizaba, el defender se activo varias veces y lei como desactivarlo pero no se porque no surtio efecto.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.11.2018
Ran by Miguel (administrator) on DESKTOP-JRGGCVQ (27-11-2018 10:18:57)
Running from G:\Programas 64 bits
Loaded Profiles: Miguel (Available Profiles: Miguel)
Platform: Windows 10 Pro Version 1809 17763.134 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
() C:\Program Files\KMSpico\Service_KMS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18052.20211.0_x64__8wekyb3d8bbwe\Music.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.21218.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\WINDOWS\system32\SecurityHealthSystray.exe [83968 2018-09-15] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\Run: [Speccy] => C:\Program Files\Speccy\Speccy64.exe [7067048 2015-12-02] (Piriform Ltd)
HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4035696 2017-05-25] (Tonec Inc.)
HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\RunOnce: [Uninstall 18.143.0717.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Miguel\AppData\Local\Microsoft\OneDrive\18.143.0717.0002\amd64"
HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\RunOnce: [Uninstall 18.143.0717.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Miguel\AppData\Local\Microsoft\OneDrive\18.143.0717.0002"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.200.254
Tcpip\..\Interfaces\{e7736c1c-a824-4eca-b66d-1dea4c085d67}: [DhcpNameServer] 192.168.200.254

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1107566908-2914427673-2006857480-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)

Edge: 
======
Edge Extension: (BookReader) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets [2018-09-15]
Edge Extension: (PinJSAPI) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [2018-09-15]

FireFox:
========
FF HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Miguel\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Miguel\AppData\Roaming\IDM\idmmzcc5 [2018-11-26] [Legacy] [not signed]
FF HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Legacy]
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-11-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-11-26] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default [2018-11-26]
CHR Extension: (Presentaciones) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-26]
CHR Extension: (Documentos) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-26]
CHR Extension: (Google Drive) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-26]
CHR Extension: (YouTube) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-26]
CHR Extension: (Hojas de cálculo) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-26]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-26]
CHR Extension: (IDM Integration Module) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-11-26]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-26]
CHR Extension: (Gmail) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-26]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrokerInfrastructure; C:\WINDOWS\System32\psmsrv.dll [241664 2018-11-27] (Microsoft Corporation)
S3 cbdhsvc; C:\WINDOWS\System32\cbdhsvc.dll [961024 2018-09-15] (Microsoft Corporation)
S3 ConsentUxUserSvc; C:\WINDOWS\System32\ConsentUxClient.dll [157696 2018-09-15] (Microsoft Corporation)
R3 DisplayEnhancementService; C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [914944 2018-09-15] (Microsoft Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 perceptionsimulation; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [78848 2018-09-15] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381624 2018-09-15] (Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] ()
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-27] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-27] (Microsoft Corporation)
S3 WManSvc; C:\WINDOWS\system32\Windows.Management.Service.dll [370176 2018-09-15] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0315159.inf_amd64_b01c1e8cccf04a67\atikmdag.sys [36571640 2017-06-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0315159.inf_amd64_b01c1e8cccf04a67\atikmpag.sys [529912 2017-06-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
R1 BasicDisplay; C:\WINDOWS\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys [68096 2018-09-15] (Microsoft Corporation)
R1 BasicRender; C:\WINDOWS\System32\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys [37376 2018-09-15] (Microsoft Corporation)
S3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [34816 2018-09-15] (Microsoft Corporation)
S3 cpuz138; C:\Users\Miguel\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2018-11-27] (CPUID) <==== ATTENTION
S3 hidspi; C:\WINDOWS\System32\drivers\hidspi.sys [60928 2018-09-15] (Microsoft Corporation)
S3 iaLPSS2i_GPIO2_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys [180736 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2018-09-15] (Intel Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-09-15] (Qualcomm Atheros, Inc.)
S3 MbbCx; C:\WINDOWS\System32\drivers\MbbCx.sys [290816 2018-09-15] (Microsoft Corporation)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [53760 2018-09-15] (Microsoft Corporation)
S3 PktMon; C:\WINDOWS\System32\drivers\PktMon.sys [85504 2018-09-15] (Microsoft Corporation)
S0 SmartSAMD; C:\WINDOWS\System32\drivers\SmartSAMD.sys [219960 2018-09-15] (Microsemi Corportation)
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [171520 2018-09-15] (Microsoft Corporation)
S3 UcmUcsiAcpiClient; C:\WINDOWS\System32\drivers\UcmUcsiAcpiClient.sys [31232 2018-09-15] (Microsoft Corporation)
S3 UcmUcsiCx0101; C:\WINDOWS\System32\Drivers\UcmUcsiCx.sys [99840 2018-09-15] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-11-27] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-11-27] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-27] (Microsoft Corporation)
R3 WinQuic; C:\WINDOWS\System32\drivers\winquic.sys [156984 2018-09-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: WManSvc -> C:\Windows\system32\Windows.Management.Service.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-27 10:17 - 2018-11-27 10:18 - 000000000 ____D C:\FRST
2018-11-27 03:17 - 2018-11-27 03:17 - 026804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 024616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 023440384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 020808704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 019284480 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 019024384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 009696264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 007857152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 006543224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 006059008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 005440016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 004886016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 004588752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 003981312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003951192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003744256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003662336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 003550592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003379216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 003337800 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002985328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002879488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002721792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 002702536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002689024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002617856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002594872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002488320 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002429752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-27 03:17 - 2018-11-27 03:17 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002186752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002185728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002160160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-11-27 03:17 - 2018-11-27 03:17 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002072384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001843432 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001751080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001749504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001715200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001671680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001641608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001612808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001402408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001395248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001387496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001289400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001255736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001221528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 001212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001181824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001097312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001064248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 001053352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 001050936 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001026992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000918304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000828936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000783696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000743432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000667152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000649736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000604336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000582248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-27 03:17 - 2018-11-27 03:17 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000506392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000495624 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000402568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000398400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 000373768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-27 03:12 - 2018-11-27 03:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-27 03:11 - 2018-11-27 03:11 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-27 01:57 - 2018-11-27 01:57 - 000000446 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-11-27 01:04 - 2018-11-27 01:16 - 000002280 ____H C:\Users\Miguel\Documents\Default.rdp
2018-11-27 01:01 - 2018-11-27 01:01 - 000000876 _____ C:\Users\Miguel\Desktop\ZHPCleaner.lnk
2018-11-27 01:01 - 2018-11-27 01:01 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\ZHP
2018-11-27 01:01 - 2018-11-27 01:01 - 000000000 ____D C:\Users\Miguel\AppData\Local\ZHP
2018-11-27 00:50 - 2018-11-27 00:50 - 000000000 ____D C:\Users\Miguel\AppData\Local\ESET
2018-11-27 00:25 - 2018-11-27 02:33 - 000592416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-27 00:07 - 2018-11-27 00:17 - 000001870 _____ C:\Users\Miguel\Desktop\Rkill.txt
2018-11-27 00:02 - 2018-11-27 00:03 - 000000000 ____D C:\Users\Miguel\Documents\Grabaciones de sonido
2018-11-27 00:01 - 2018-11-27 00:01 - 000000279 _____ C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papelera de reciclaje.lnk
2018-11-26 23:51 - 2018-11-26 23:51 - 000000000 ____D C:\Users\Miguel\AppData\Local\DBG
2018-11-26 23:42 - 2018-11-26 23:42 - 000002006 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-11-26 23:41 - 2018-11-26 23:42 - 000000000 ____D C:\Program Files\HitmanPro
2018-11-26 23:40 - 2018-11-27 00:00 - 000000000 ____D C:\ProgramData\HitmanPro
2018-11-26 23:10 - 2018-11-26 23:10 - 000000000 ____D C:\Users\Miguel\AppData\Local\mbamtray
2018-11-26 23:10 - 2018-11-26 23:10 - 000000000 ____D C:\Users\Miguel\AppData\Local\mbam
2018-11-26 23:09 - 2018-11-27 00:23 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-26 23:09 - 2018-11-26 23:09 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-26 23:09 - 2018-11-26 23:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-26 23:09 - 2018-11-26 23:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-26 23:09 - 2018-11-26 23:09 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-26 23:07 - 2018-11-26 23:07 - 000003478 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2018-11-26 23:07 - 2018-11-26 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2018-11-26 23:07 - 2018-11-26 23:07 - 000000000 ____D C:\Program Files\KMSpico
2018-11-26 23:07 - 2010-12-05 22:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2018-11-26 23:03 - 2018-11-26 23:03 - 000000000 ____D C:\Users\Miguel\AppData\Local\PeerDistRepub
2018-11-26 23:02 - 2018-11-26 23:03 - 000000000 ____D C:\AdwCleaner
2018-11-26 22:54 - 2018-11-26 22:54 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-26 22:54 - 2018-11-26 22:54 - 000002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-26 22:54 - 2018-11-26 22:54 - 000000000 ____D C:\Users\Miguel\AppData\LocalLow\AMD
2018-11-26 22:50 - 2018-11-26 22:53 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\vlc
2018-11-26 22:49 - 2018-11-26 22:54 - 000000000 ____D C:\Users\Miguel\AppData\Local\Google
2018-11-26 22:49 - 2018-11-26 22:54 - 000000000 ____D C:\Program Files (x86)\Google
2018-11-26 22:49 - 2018-11-26 22:49 - 000003620 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-26 22:49 - 2018-11-26 22:49 - 000003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-26 22:46 - 2018-11-26 22:46 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\WinRAR
2018-11-26 22:43 - 2018-11-26 22:47 - 000000000 ____D C:\Users\Miguel\Documents\PS Portable
2018-11-26 22:42 - 2018-11-27 04:05 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\DMCache
2018-11-26 22:42 - 2018-11-27 00:50 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\IDM
2018-11-26 22:42 - 2018-11-26 22:42 - 000000000 ____D C:\Users\Miguel\Downloads\Video
2018-11-26 22:42 - 2018-11-26 22:42 - 000000000 ____D C:\Users\Miguel\Downloads\Compressed
2018-11-26 22:42 - 2018-11-26 22:42 - 000000000 ____D C:\ProgramData\IDM
2018-11-26 22:40 - 2018-11-26 22:42 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-11-26 22:40 - 2018-11-26 22:40 - 000000927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2018-11-26 22:40 - 2018-11-26 22:40 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-11-26 22:40 - 2018-11-26 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-11-26 22:40 - 2018-11-26 22:40 - 000000000 ____D C:\Program Files\Sublime Text 3
2018-11-26 22:35 - 2018-11-26 22:35 - 000000000 ____D C:\Program Files\Speccy
2018-11-26 22:34 - 2018-11-26 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-11-26 22:34 - 2018-11-26 22:34 - 000001948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\SumatraPDF
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\Program Files\WinRAR
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\Program Files\VideoLAN
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\Program Files\SumatraPDF
2018-11-26 22:15 - 2018-11-26 22:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1107566908-2914427673-2006857480-1001
2018-11-26 22:12 - 2018-11-27 02:21 - 000000000 ____D C:\Users\Miguel\AppData\Local\PlaceholderTileLogoFolder
2018-11-26 22:10 - 2018-11-27 02:58 - 000000000 ____D C:\ProgramData\Packages
2018-11-26 22:10 - 2018-11-26 22:10 - 000000000 ____D C:\Users\Miguel\AppData\Local\Comms
2018-11-26 20:59 - 2018-11-26 22:09 - 000000000 ____D C:\Users\Miguel\AppData\Local\AMD
2018-11-26 20:56 - 2018-11-27 04:05 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-11-26 20:56 - 2018-11-26 20:56 - 000003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-11-26 20:56 - 2018-11-26 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asistente de informe de problemas de AMD
2018-11-26 20:56 - 2018-11-26 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2018-11-26 20:56 - 2018-11-26 20:56 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-11-26 20:56 - 2018-11-26 20:56 - 000000000 ____D C:\Program Files (x86)\AMD
2018-11-26 20:55 - 2018-11-26 20:55 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-26 20:55 - 2018-11-26 20:55 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-11-26 20:55 - 2017-01-27 18:05 - 000103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-11-26 20:55 - 2017-01-27 18:04 - 000326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-11-26 20:55 - 2017-01-27 18:02 - 000118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-11-26 20:55 - 2017-01-27 18:01 - 000322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-11-26 20:53 - 2018-11-26 20:53 - 000000000 ____D C:\Users\Miguel\AppData\Local\D3DSCache
2018-11-26 20:52 - 2018-11-26 20:56 - 000000000 ____D C:\Program Files\AMD
2018-11-26 20:51 - 2018-11-26 20:53 - 000000000 ____D C:\AMD
2018-11-26 20:46 - 2018-11-27 04:18 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1107566908-2914427673-2006857480-1001
2018-11-26 20:46 - 2018-11-27 04:18 - 000000000 ___RD C:\Users\Miguel\OneDrive
2018-11-26 20:46 - 2018-11-26 20:46 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-11-26 20:45 - 2018-11-26 20:45 - 000001446 _____ C:\Users\Miguel\Desktop\Microsoft Edge.lnk
2018-11-26 20:45 - 2018-11-26 20:45 - 000000000 ___HD C:\Users\Miguel\MicrosoftEdgeBackups
2018-11-26 20:44 - 2018-11-27 02:21 - 000000000 ____D C:\Users\Miguel\AppData\Local\Packages
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ___RD C:\Users\Miguel\3D Objects
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\Adobe
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ____D C:\Users\Miguel\AppData\Local\VirtualStore
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ____D C:\Users\Miguel\AppData\Local\Publishers
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ____D C:\Users\Miguel\AppData\Local\MicrosoftEdge
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ____D C:\Users\Miguel\AppData\Local\ConnectedDevicesPlatform
2018-11-26 20:42 - 2018-11-27 04:18 - 000002404 _____ C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-26 20:42 - 2018-11-26 20:46 - 000000000 ____D C:\Users\Miguel
2018-11-26 20:42 - 2018-11-26 20:42 - 000000020 ___SH C:\Users\Miguel\ntuser.ini
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Reciente
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Plantillas
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Mis documentos
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Menú Inicio
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Impresoras
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Entorno de red
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Documents\Mis vídeos
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Documents\Mis imágenes
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Documents\Mi música
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Datos de programa
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Configuración local
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\AppData\Local\Historial
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\AppData\Local\Datos de programa
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\AppData\Local\Archivos temporales de Internet
2018-11-26 20:37 - 2018-11-27 04:10 - 001684176 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-26 20:35 - 2018-11-26 20:35 - 000000000 ____D C:\WINDOWS\CSC
2018-11-26 20:35 - 2018-11-26 20:35 - 000000000 ____D C:\ProgramData\USOShared
2018-11-26 20:35 - 2018-09-15 03:28 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Public\Documents\Mis vídeos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Public\Documents\Mis imágenes
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Public\Documents\Mi música
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Reciente
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Plantillas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Mis documentos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Menú Inicio
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Impresoras
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Entorno de red
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Documents\Mis vídeos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Documents\Mis imágenes
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Documents\Mi música
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Datos de programa
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Configuración local
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\AppData\Local\Historial
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\AppData\Local\Datos de programa
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\AppData\Local\Archivos temporales de Internet
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\Documents\Mis vídeos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\Documents\Mis imágenes
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\Documents\Mi música
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Historial
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Datos de programa
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Archivos temporales de Internet
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Plantillas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Menú Inicio
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Escritorio
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Documentos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Datos de programa
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Program Files\Archivos comunes
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Documents and Settings
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Archivos de programa
2018-11-26 20:29 - 2018-11-27 09:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-26 20:29 - 2018-11-27 04:06 - 000258144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-26 20:29 - 2018-11-27 04:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-26 20:29 - 2018-11-27 02:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-11-26 20:29 - 2018-11-26 20:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-11-26 20:29 - 2018-11-26 20:29 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-11-26 15:28 - 2018-11-26 20:30 - 000000000 ____D C:\WINDOWS\Panther
2018-10-29 19:01 - 2018-10-29 19:01 - 022112072 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 012857856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 012151296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 011744256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 009951744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 005584056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 004245280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-10-29 19:01 - 2018-10-29 19:01 - 003730352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-10-29 19:01 - 2018-10-29 19:01 - 003600896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 003556864 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002988544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002927096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 002893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002832896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002625552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 002435488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002020560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001884672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001863168 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001830912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001824768 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001797128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001672072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001590288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001520208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001476096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001466992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001391096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-10-29 19:01 - 2018-10-29 19:01 - 001360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 001279000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2018-10-29 19:01 - 2018-10-29 19:01 - 001048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000863752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000850960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000818832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.applicationmodel.datatransfer.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000604248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.applicationmodel.datatransfer.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000298488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000175096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-27 09:54 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-27 04:10 - 2018-09-15 12:37 - 000752322 _____ C:\WINDOWS\system32\perfh00A.dat
2018-11-27 04:10 - 2018-09-15 12:37 - 000147902 _____ C:\WINDOWS\system32\perfc00A.dat
2018-11-27 04:10 - 2018-09-15 03:31 - 000000000 ____D C:\WINDOWS\INF
2018-11-27 04:06 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-27 04:05 - 2018-09-15 12:40 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-11-27 04:05 - 2018-09-15 12:40 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-11-27 04:05 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-27 04:05 - 2018-09-15 02:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-11-27 03:18 - 2018-09-15 03:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-27 03:18 - 2018-09-15 02:09 - 000000000 ____D C:\WINDOWS\servicing
2018-11-27 03:14 - 2018-09-15 03:33 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-27 03:14 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-27 03:11 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\appcompat
2018-11-27 02:21 - 2018-09-15 03:33 - 000000000 ____D C:\Program Files\Windows Defender
2018-11-26 22:25 - 2018-09-15 12:39 - 000000000 ____D C:\WINDOWS\OCR
2018-11-26 22:25 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-11-26 22:10 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ServiceState
2018-11-26 20:49 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-11-26 20:35 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\spool
2018-11-26 20:35 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-11-26 20:35 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\USOPrivate
2018-11-26 20:33 - 2018-09-15 03:33 - 000000000 ____D C:\Program Files\windows nt
2018-11-26 20:29 - 2018-09-15 03:33 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-11-26 20:29 - 2018-09-15 03:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-26 20:29 - 2018-09-15 02:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-26 15:28 - 2018-09-15 03:31 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-11-16 19:48 - 2018-09-15 03:36 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-16 19:48 - 2018-09-15 03:36 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-29 19:01 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\appraiser

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

#4

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.11.2018
Ran by Miguel (27-11-2018 10:19:44)
Running from G:\Programas 64 bits
Windows 10 Pro Version 1809 17763.134 (X64) (2018-11-27 00:33:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1107566908-2914427673-2006857480-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1107566908-2914427673-2006857480-503 - Limited - Disabled)
Invitado (S-1-5-21-1107566908-2914427673-2006857480-501 - Limited - Disabled)
Miguel (S-1-5-21-1107566908-2914427673-2006857480-1001 - Administrator - Enabled) => C:\Users\Miguel
WDAGUtilityAccount (S-1-5-21-1107566908-2914427673-2006857480-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{15979E65-792E-474B-BC5D-42257709D4D9}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{D6ACA0E4-2488-AE52-E73D-24DB98F9AD65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B8C421E8-BDF9-F598-832C-659A513F79EB}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{83D75873-9603-EA5A-948F-A5AEE78082C1}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{DD3A9C85-51E9-854D-EB9B-F0AE8E5B2F7C}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A00A5425-8899-055A-404C-8F96C2EC647F}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{CB71E054-00CF-182D-6C78-F9D85D10B7BA}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{30B97DD0-3646-AD22-2E77-3792B11BB5E6}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{8342F234-A97E-D691-3C01-F060CB7DA175}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{CD47D86C-737D-4818-F059-CF8A53F37B76}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DB0E2806-DE62-D60E-9BD9-E3A89FB2A5A8}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{D4EF1657-8835-A5AE-DBA0-658EF2869048}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED71C4B4-4C00-F7C9-9151-60411373DC35}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{28FFCD28-01FF-9792-B1A9-B944D44FB37D}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{DAEF66AB-6EA7-B0A8-96FB-243A2F33B8B2}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{3DBC48E0-7DE6-295B-448E-5F53D1491AC3}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{CAF3DAD2-A7E8-5472-F8E3-D71E92B7FA65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E7666716-625F-9E54-ECB3-39CC3C7FFB14}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{30A5B188-80AB-2CF5-22D8-8E20D66907D4}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A38C8B57-D3E6-5748-F2D3-FDC383D1203A}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{1CD84FD4-26F3-08FC-32F5-17DA9E8A4ED7}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-06-12] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5FC8DD4B-130E-4413-BD96-6E256BA14412} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-26] (Google Inc.)
Task: {7A35A2E3-3CB4-4E28-B98D-832C02003592} - System32\Tasks\Microsoft\Windows\Flighting\OneSettings\RefreshCache
Task: {7D0252C3-A848-4535-8A55-090BC66F9596} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-06-12] (Advanced Micro Devices, Inc.)
Task: {8FA1554C-7A10-41C3-BEFA-B8D8A82DD4D3} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2016-01-11] ()
Task: {AD4E8AFB-A48C-4E13-BE83-B8D87600CFB4} - System32\Tasks\Microsoft\Windows\WlanSvc\CDSSync
Task: {BD21C377-5B30-4E5A-B6F2-37D2086885E5} - System32\Tasks\Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives
Task: {CD32B7F9-D179-4CFD-A62B-5DB6BF2D3E15} - System32\Tasks\S-1-5-21-1107566908-2914427673-2006857480-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-09-15] (Microsoft Corporation)
Task: {E39F8E32-F4B6-44B2-B8AF-D84A6CFEB7B8} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-09-15] ()
Task: {E76866B7-D3C2-42C1-BD5F-0F11F324B062} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-26] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-11-26 23:07 - 2016-01-11 18:33 - 000745664 _____ () C:\Program Files\KMSpico\Service_KMS.exe
2018-09-15 03:28 - 2018-09-15 03:28 - 000834088 _____ () C:\Windows\System32\InputHost.dll
2018-09-15 03:28 - 2018-09-15 03:28 - 000474624 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-09-15 03:28 - 2018-09-15 03:28 - 002801152 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2016-09-13 14:37 - 2016-09-13 14:37 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 14:37 - 2016-09-13 14:37 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 14:37 - 2016-09-13 14:37 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 14:37 - 2016-09-13 14:37 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 14:36 - 2016-09-13 14:36 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 14:36 - 2016-09-13 14:36 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 14:37 - 2016-09-13 14:37 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-09-15 03:28 - 2018-09-15 03:28 - 001740288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-27 02:34 - 2018-11-27 02:57 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-09-15 12:41 - 2018-09-15 12:41 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-11-27 02:34 - 2018-11-27 02:35 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-11-26 22:37 - 2018-11-26 22:43 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-26 22:37 - 2018-11-26 22:39 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-26 22:37 - 2018-11-26 22:39 - 001754112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-09-15 12:42 - 2018-09-15 12:42 - 024893952 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18052.20211.0_x64__8wekyb3d8bbwe\Music.UI.exe
2018-09-15 12:42 - 2018-09-15 12:42 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18052.20211.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-09-15 12:42 - 2018-09-15 12:42 - 006736384 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18052.20211.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-09-15 12:44 - 2018-09-15 12:44 - 000475136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.21218.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-09-15 12:44 - 2018-09-15 12:44 - 024116736 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.21218.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-09-15 12:44 - 2018-09-15 12:44 - 014214144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.21218.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-09-15 12:44 - 2018-09-15 12:44 - 002803712 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.21218.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-09-15 12:44 - 2018-09-15 12:44 - 001405440 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.21218.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-09-15 12:44 - 2018-09-15 12:44 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.21218.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 03:31 - 2018-09-15 03:31 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.200.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-DeviceManagement-CertificateInstall-TCP-Out] => (Allow) %SystemRoot%\system32\dmcertinst.exe
FirewallRules: [Microsoft-Windows-DeviceManagement-OmaDmClient-TCP-Out] => (Allow) %SystemRoot%\system32\omadmclient.exe
FirewallRules: [{3220D0B5-9872-45C3-B09E-CA2E717E918A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E2A75B4F-11E2-4DDE-BF7E-D845DC81C62F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{F40DE747-DBE6-4611-87B5-8B754F841EE1}] => (Allow) %systemroot%\system32\alg.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2018 10:16:22 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.

Error: (11/27/2018 10:08:06 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.

Error: (11/27/2018 04:05:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.2.0.704, marca de tiempo: 0x5b9acf90
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17763.1, marca de tiempo: 0xa369e897
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000001982b
Identificador del proceso con errores: 0xe90
Hora de inicio de la aplicación con errores: 0x01d48607106b302e
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: ca0d7179-9118-49fa-872f-ecaf13ac278f
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/27/2018 02:04:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa MicrosoftEdge.exe (versión 11.0.17763.107) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

Id. de proceso: 2c90

Hora de Inicio: 01d48616199645c2

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

Id. de informe: d8159146-34ed-4771-98fe-72822cdd8479

Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe

Id. de la aplicación relativa al paquete con errores: MicrosoftEdge

Tipo de bloqueo: Quiesce

Error: (11/26/2018 11:51:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: taskmgr.exe, versión: 10.0.17763.107, marca de tiempo: 0x0528fd0c
Nombre del módulo con errores: taskmgr.exe, versión: 10.0.17763.107, marca de tiempo: 0x0528fd0c
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000001ec94
Identificador del proceso con errores: 0x2974
Hora de inicio de la aplicación con errores: 0x01d48600ba80f411
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\taskmgr.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\system32\taskmgr.exe
Identificador del informe: df1e8e5f-1b15-402e-bd29-33433afc461f
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/26/2018 11:14:52 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.

Error: (11/26/2018 11:12:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.2.0.704, marca de tiempo: 0x5b9acf90
Nombre del módulo con errores: SelfProtectionSdk.dll, versión: 3.0.0.360, marca de tiempo: 0x5b995ba2
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000014e2a9
Identificador del proceso con errores: 0x1c1c
Hora de inicio de la aplicación con errores: 0x01d485feabcda4da
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Ruta de acceso del módulo con errores: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
Identificador del informe: 18e67d9e-192c-4a72-abae-ea552dd304a2
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/26/2018 11:10:12 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.


System errors:
=============
Error: (11/27/2018 10:05:28 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-JRGGCVQ)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{08728914-3F57-4D52-9E31-49DAECA5A80A}
 y APPID 
{4FE95D37-3459-4ECC-AC3E-F7ABBE4E8AED}
 al usuario DESKTOP-JRGGCVQ\Miguel con SID (S-1-5-21-1107566908-2914427673-2006857480-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/27/2018 10:05:23 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-JRGGCVQ)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{08728914-3F57-4D52-9E31-49DAECA5A80A}
 y APPID 
{4FE95D37-3459-4ECC-AC3E-F7ABBE4E8AED}
 al usuario DESKTOP-JRGGCVQ\Miguel con SID (S-1-5-21-1107566908-2914427673-2006857480-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/27/2018 10:05:20 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-JRGGCVQ)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{08728914-3F57-4D52-9E31-49DAECA5A80A}
 y APPID 
{4FE95D37-3459-4ECC-AC3E-F7ABBE4E8AED}
 al usuario DESKTOP-JRGGCVQ\Miguel con SID (S-1-5-21-1107566908-2914427673-2006857480-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/27/2018 10:00:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (11/27/2018 10:00:46 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Miguel\AppData\Local\Temp\ehdrv.sys

Error: (11/27/2018 10:00:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (11/27/2018 10:00:46 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Miguel\AppData\Local\Temp\ehdrv.sys

Error: (11/27/2018 10:00:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador


Windows Defender:
===================================
Date: 2018-11-27 10:19:46.037
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\AutoPico.exe->[MSILRES:AutoPico.SECOH-QAD.x64.dll]; file:_C:\Program Files\KMSpico\Service_KMS.exe->[MSILRES:Service_KMS.SECOH-QAD.x64.dll]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-JRGGCVQ\Miguel
Nombre de proceso: G:\Programas 64 bits\FRST64.exe
Versión de firma: AV: 1.281.899.0, AS: 1.281.899.0, NIS: 1.281.899.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-27 10:19:10.667
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\Service_KMS.exe->[MSILRES:Service_KMS.SECOH-QAD.x64.dll]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-JRGGCVQ\Miguel
Nombre de proceso: G:\Programas 64 bits\FRST64.exe
Versión de firma: AV: 1.281.899.0, AS: 1.281.899.0, NIS: 1.281.899.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-27 10:18:58.545
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\Service_KMS.exe->[MSILRES:Service_KMS.SECOH-QAD.x64.dll]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-JRGGCVQ\Miguel
Nombre de proceso: G:\Programas 64 bits\FRST64.exe
Versión de firma: AV: 1.281.899.0, AS: 1.281.899.0, NIS: 1.281.899.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-27 10:02:34.516
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\AutoPico.exe->[MSILRES:AutoPico.SECOH-QAD.x64.dll]; file:_C:\Program Files\KMSpico\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x64.dll]; file:_C:\Program Files\KMSpico\Service_KMS.exe->[MSILRES:Service_KMS.SECOH-QAD.x64.dll]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-JRGGCVQ\Miguel
Nombre de proceso: C:\Users\Miguel\Downloads\Programs\ESETOnlineScanner_ESL.exe
Versión de firma: AV: 1.281.899.0, AS: 1.281.899.0, NIS: 1.281.899.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-27 10:02:34.238
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\AutoPico.exe->[MSILRES:AutoPico.SECOH-QAD.x64.dll]; file:_C:\Program Files\KMSpico\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x64.dll]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-JRGGCVQ\Miguel
Nombre de proceso: C:\Users\Miguel\Downloads\Programs\ESETOnlineScanner_ESL.exe
Versión de firma: AV: 1.281.899.0, AS: 1.281.899.0, NIS: 1.281.899.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

CodeIntegrity:
===================================

Date: 2018-11-27 10:07:59.042
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 10:03:08.768
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 09:57:41.968
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 09:57:31.790
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 09:57:02.475
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 09:56:57.141
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 09:56:47.102
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 09:56:30.237
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 38%
Total physical RAM: 7403.03 MB
Available physical RAM: 4589.12 MB
Total Virtual: 9259.03 MB
Available Virtual: 6009.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:50.14 GB) NTFS
Drive d: (HDD 2) (Fixed) (Total:298.09 GB) (Free:96.64 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Anime Rules) (Fixed) (Total:931.51 GB) (Free:160.49 GB) NTFS
Drive f: (Jdownloader) (Fixed) (Total:298.09 GB) (Free:170.28 GB) NTFS
Drive g: (HDD 1) (Fixed) (Total:232.88 GB) (Free:62.62 GB) NTFS
Drive h: (Adicional) (Fixed) (Total:298.09 GB) (Free:262.02 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 0000AF2C)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0BFE2AD1)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: BE148A9B)
Partition 1: (Active) - (Size=350 MB) - (Type=17)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: DE3D8E1C)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: A2844685)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 298.1 GB) (Disk ID: 5DE72161)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Ultimo reporte ya que en el anterior mensaje no entraban ambos


#5

Hola @kenichi3000:

Mientras reviso los reportes de FRST, algunas cuestiones:

2018-11-27 y 26 >> Veo que ejecutaste algunas herramientas, como Rkill Eset Online, ZhpCleaner, Hitmanpro, Adwercleaner y alguna seguro se me escapa, pega todos sus reportes por favor.

Salu2.


#6

si yo antes de pedir ayuda en el foro estaba leyendo otro problema similar y vi que ejecutaron esos programas pero ninguno me sirvió para nada, asi que decidi pedir ayuda directa para evitar estar divagando, que me estas pidiendo que ejecute todos los programas y te de reporte de todos? justo ahora tengo el eset online que consiguió 6 potenciales no deseados quieres reporte de eso también? esperare por ti para tomar acciones


#7
|C:\Program Files\KMSpico\AutoPico.exe|una variante de MSIL/HackTool.IdleKMS.E aplicación potencialmente no segura|desinfectado por eliminación|
|---|---|---|
|C:\Program Files\KMSpico\KMSELDI.exe|MSIL/HackTool.IdleKMS.I aplicación potencialmente no segura|desinfectado por eliminación|
|C:\Program Files\KMSpico\Service_KMS.exe|una variante de MSIL/HackTool.IdleKMS.E aplicación potencialmente no segura|desinfectado por eliminación (tras el próximo reinicio)|
|G:\Windows\w10 64 bits\231W10ME1607J16MX64SDC\KP1020\KMSpico v10.2.0 Final Portable\AutoPico.exe|una variante de MSIL/HackTool.IdleKMS.E aplicación potencialmente no segura|desinfectado por eliminación|
|G:\Windows\w10 64 bits\231W10ME1607J16MX64SDC\KP1020\KMSpico v10.2.0 Final Portable\KMSELDI.exe|MSIL/HackTool.IdleKMS.I aplicación potencialmente no segura|desinfectado por eliminación|
|Ubicaciones de inicio automático|una variante de MSIL/HackTool.IdleKMS.E aplicación potencialmente no segura|contenía archivos infectados|

Esto es lo que consiguió el ESET Online y para mi entender no tiene que ver con lo que me ocurre porque solo es el activador de Windows, igualmente estoy esperando por tu veredicto para ejecutar acciones


#8

Hola:

Efectivamente te han detectado el activador.

No ejecutes más nada o cambiara el reporte de FRST.

En un rato te pongo pasos a seguir.

Salu2


#9
~ ZHPCleaner v2018.11.24.199 by Nicolas Coolman (2018/11/24) ~ Run by Miguel (Administrator) (27/11/2018 15:10:40) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Reparar ~ Report : C:\Users\Miguel\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Miguel\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 17763) **---\ Alternate Data Stream (ADS). (0)** ~ No malintencionados o innecesarios artículos encontrados. (ADS) **---\ Servicios (0)** ~ No malintencionados o innecesarios artículos encontrados. (Servicio) **---\ Navegadores de Internet (0)** ~ No malintencionados o innecesarios artículos encontrados. (Navegador) **---\ Hosts carpeta (1)** ~ El archivo hosts es legítimo (21) **---\ Tareas automáticas programadas. (0)** ~ No malintencionados o innecesarios artículos encontrados. (Tarea) **---\ Explorador ( Archivos, Carpetas ) (28)** MOVIDO carpeta: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-45BD14F4.pf =&gt;HackTool.KMSpico MOVIDO carpeta: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-9DC856F1.pf =&gt;HackTool.KMSpico MOVIDO carpeta: C:\Windows\Prefetch\WINDOWS LOADER.EXE-FB479160.pf =&gt;HackTool.WinActivator MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\AppValuePropositionPage_App_intro_2_guys_no_text_1_.png =&gt;.SUP.Temporary.Picture MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\aria-debug-11692.log =&gt;.SUP.Temporary.OneDrive MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\aria-debug-1400.log =&gt;.SUP.Temporary.OneDrive MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\aria-debug-1596.log =&gt;.SUP.Temporary.OneDrive MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\aria-debug-2220.log =&gt;.SUP.Temporary.OneDrive MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\aria-debug-5916.log =&gt;.SUP.Temporary.OneDrive MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\aria-debug-7044.log =&gt;.SUP.Temporary.OneDrive MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\aria-debug-7464.log =&gt;.SUP.Temporary.OneDrive MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\aria-debug-7900.log =&gt;.SUP.Temporary.OneDrive MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\aria-debug-9680.log =&gt;.SUP.Temporary.OneDrive MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\NODAAB6.tmp =&gt;.SUP.Temporary.Empty MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\sa.EEE53744-2BB9-BCA2-A50A-C6A1C5B0A0ED_5__.Public.AppUpdate.dat =&gt;.SUP.Temporary.WindowsApps MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\wct8834.tmp =&gt;.SUP.Temporary.Office MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\wctA693.tmp =&gt;.SUP.Temporary.Office MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\wctACAE.tmp =&gt;.SUP.Temporary.Office MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\wctBF31.tmp =&gt;.SUP.Temporary.Office MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\wctC2E5.tmp =&gt;.SUP.Temporary.Office MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\~DFA1E724DB2C9A68DB.TMP =&gt;.SUP.Temporary.Other MOVIDO carpeta^: C:\Users\Miguel\AppData\Local\Temp\~DFA60D5D468B140CF5.TMP =&gt;.SUP.Temporary.Other MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\~DFAECDEDC228B04AAA.TMP =&gt;.SUP.Temporary.Other MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\~DFD877A11CDDDFB446.TMP =&gt;.SUP.Temporary.Other MOVIDO carpeta: C:\Users\Miguel\AppData\Local\Temp\~DFF5BA58D9E04B3125.TMP =&gt;.SUP.Temporary.Other MOVIDO archivo: C:\Program Files\KMSpico =&gt;HackTool.KMSpico MOVIDO archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =&gt;HackTool.KMSpico MOVIDO archivo: C:\Users\Miguel\AppData\LocalLow\AMD =&gt;.SUP.Empty **---\ Registro ( Claves, Valores, Datos) (0)** ~ No malintencionados o innecesarios artículos encontrados. (Register) **---\ Resumen de elementos en su estación de trabajo (9)** https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ =&gt;HackTool.KMSpico https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =&gt;HackTool.WinActivator https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =&gt;.SUP.Temporary.Picture https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =&gt;.SUP.Temporary.OneDrive https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =&gt;.SUP.Temporary.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =&gt;.SUP.Temporary.WindowsApps https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =&gt;.SUP.Temporary.Office https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =&gt;.SUP.Temporary.Other https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =&gt;.SUP.Empty **---\ Limpieza adicional. (5)** ~ Clave de registro Tracing borrados (5) ~ Quitar los antiguos informes de ZHPCleaner. (0) **---\ Resultado de la reparación.** ~ Reparación llevada a cabo con éxito ~ falta este navegador! (Mozilla Firefox) ~ falta este navegador! (Opera Software) ~ El sistema ha sido reiniciado. **---\ STATISTIQUES** ~ Items escaneado : 393 ~ Items encontrado : 0 ~ artículos cancelados : 0 ~ Items opciones : 12/12 ~ Ahorro de espacio (bytes) : 28145895 ~ End of clean in 00h00mn12s **---\ Reporte (2)** ZHPCleaner-[S]-27112018-15_07_24.txt ZHPCleaner-[R]-27112018-15_10_52.txt

Esto lo acabo de efectuar antes de recibir tu respuesta, no tocare mas nada hasta que me digas paso a paso que hacer y no entorpecer tus consejos :worried:


#10

Hola @kenichi3000:

El hacer pasos tan desordenados no solucionan ningún problema.

Ademas haces pasos erróneos.

Te pedi descargues y ejecutes Farbar a y desde tu escritorio.

Y tu lo ejecutaste desde :

Runing from **G:**Programas 64 bits

Comencemos de nuevo.

1.- Desinstalar todas las herramientas de limpieza:

  • Descargas >> Delfix, a tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)

  • Marca solamente la casilla Remove disinfection tools

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt) lo guardas.

2.- Reestablece la configuración de todos tus navegadores siguiendo los pasos de este enlace: https://forospyware.com/t/guia-de-como-eliminar-adwares-pups/166/4

3.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

4.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. >> ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Envuelve cada uno de los reportes con la etiqueta escrita [Code] tal como se muestra en la imagen.

Lee bien cada paso, cuando termines con todos nos pegas los reportes, no descargues nada extra, navega lo menos posible.

Salu2.


#11
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.11.2018
Ran by Miguel (administrator) on DESKTOP-JRGGCVQ (27-11-2018 17:23:20)
Running from C:\Users\Miguel\Desktop
Loaded Profiles: Miguel (Available Profiles: Miguel)
Platform: Windows 10 Pro Version 1809 17763.134 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\WINDOWS\system32\SecurityHealthSystray.exe [83968 2018-09-15] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\RunOnce: [ZHPCleaner_File1] => CMD /c DEL "C:\Users\Miguel\AppData\Local\Temp\~DFA60D5D468B140CF5.TMP" /F /Q <==== ATTENTION
HKLM\...\RunOnce: [ZHPCleaner] => Notepad C:\Users\Miguel\AppData\Roaming\ZHP\ZHPCleaner.txt
HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\Run: [Speccy] => C:\Program Files\Speccy\Speccy64.exe [7067048 2015-12-02] (Piriform Ltd)
HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4035696 2017-05-25] (Tonec Inc.)
HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\RunOnce: [Uninstall 18.143.0717.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Miguel\AppData\Local\Microsoft\OneDrive\18.143.0717.0002\amd64"
HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\RunOnce: [Uninstall 18.143.0717.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Miguel\AppData\Local\Microsoft\OneDrive\18.143.0717.0002"
HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\RunOnce: [Uninstall 18.192.0920.0015\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Miguel\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64"
HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\RunOnce: [Uninstall 18.192.0920.0015] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Miguel\AppData\Local\Microsoft\OneDrive\18.192.0920.0015"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.200.254
Tcpip\..\Interfaces\{e7736c1c-a824-4eca-b66d-1dea4c085d67}: [DhcpNameServer] 192.168.200.254

Internet Explorer:
==================
HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\S-1-5-21-1107566908-2914427673-2006857480-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-1107566908-2914427673-2006857480-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)

Edge: 
======
Edge Extension: (BookReader) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets [2018-09-15]
Edge Extension: (PinJSAPI) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [2018-09-15]

FireFox:
========
FF HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Miguel\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Miguel\AppData\Roaming\IDM\idmmzcc5 [2018-11-26] [Legacy] [not signed]
FF HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Legacy]
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-11-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-11-26] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default [2018-11-26]
CHR Extension: (Presentaciones) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-26]
CHR Extension: (Documentos) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-26]
CHR Extension: (Google Drive) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-26]
CHR Extension: (YouTube) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-26]
CHR Extension: (Hojas de cálculo) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-26]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-26]
CHR Extension: (IDM Integration Module) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-11-26]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-26]
CHR Extension: (Gmail) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-26]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrokerInfrastructure; C:\WINDOWS\System32\psmsrv.dll [241664 2018-11-27] (Microsoft Corporation)
S3 cbdhsvc; C:\WINDOWS\System32\cbdhsvc.dll [961024 2018-09-15] (Microsoft Corporation)
S3 ConsentUxUserSvc; C:\WINDOWS\System32\ConsentUxClient.dll [157696 2018-09-15] (Microsoft Corporation)
R3 DisplayEnhancementService; C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [914944 2018-09-15] (Microsoft Corporation)
S3 perceptionsimulation; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [78848 2018-09-15] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381624 2018-09-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-27] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-27] (Microsoft Corporation)
S3 WManSvc; C:\WINDOWS\system32\Windows.Management.Service.dll [370176 2018-09-15] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0315159.inf_amd64_b01c1e8cccf04a67\atikmdag.sys [36571640 2017-06-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0315159.inf_amd64_b01c1e8cccf04a67\atikmpag.sys [529912 2017-06-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
R1 BasicDisplay; C:\WINDOWS\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys [68096 2018-09-15] (Microsoft Corporation)
R1 BasicRender; C:\WINDOWS\System32\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys [37376 2018-09-15] (Microsoft Corporation)
S3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [34816 2018-09-15] (Microsoft Corporation)
S3 cpuz138; C:\Users\Miguel\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2018-11-27] (CPUID) <==== ATTENTION
S3 hidspi; C:\WINDOWS\System32\drivers\hidspi.sys [60928 2018-09-15] (Microsoft Corporation)
S3 iaLPSS2i_GPIO2_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys [180736 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2018-09-15] (Intel Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-09-15] (Qualcomm Atheros, Inc.)
S3 MbbCx; C:\WINDOWS\System32\drivers\MbbCx.sys [290816 2018-09-15] (Microsoft Corporation)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [53760 2018-09-15] (Microsoft Corporation)
S3 PktMon; C:\WINDOWS\System32\drivers\PktMon.sys [85504 2018-09-15] (Microsoft Corporation)
S0 SmartSAMD; C:\WINDOWS\System32\drivers\SmartSAMD.sys [219960 2018-09-15] (Microsemi Corportation)
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [171520 2018-09-15] (Microsoft Corporation)
S3 UcmUcsiAcpiClient; C:\WINDOWS\System32\drivers\UcmUcsiAcpiClient.sys [31232 2018-09-15] (Microsoft Corporation)
S3 UcmUcsiCx0101; C:\WINDOWS\System32\Drivers\UcmUcsiCx.sys [99840 2018-09-15] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-11-27] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-11-27] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-27] (Microsoft Corporation)
R3 WinQuic; C:\WINDOWS\System32\drivers\winquic.sys [156984 2018-09-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: WManSvc -> C:\Windows\system32\Windows.Management.Service.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-27 17:23 - 2018-11-27 17:23 - 000014229 _____ C:\Users\Miguel\Desktop\FRST.txt
2018-11-27 17:23 - 2018-11-27 17:23 - 000000000 ____D C:\FRST
2018-11-27 17:21 - 2018-11-27 17:22 - 002416640 _____ (Farbar) C:\Users\Miguel\Desktop\FRST64.exe
2018-11-27 17:19 - 2018-11-27 17:19 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\Macromedia
2018-11-27 17:18 - 2018-11-27 17:18 - 000000000 ____D C:\Users\Miguel\AppData\LocalLow\AMD
2018-11-27 17:17 - 2018-11-27 17:17 - 000000300 _____ C:\DelFix.txt
2018-11-27 11:59 - 2018-11-27 11:59 - 000000000 ____D C:\tportable.1.1.23
2018-11-27 03:17 - 2018-11-27 03:17 - 026804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 024616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 023440384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 020808704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 019284480 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 019024384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 009696264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 007857152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 006543224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 006059008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 005440016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 004886016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 004588752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 003981312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003951192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003744256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003662336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 003550592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003379216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 003337800 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002985328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002879488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002721792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 002702536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002689024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002617856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002594872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002488320 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002429752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-27 03:17 - 2018-11-27 03:17 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002186752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002185728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002160160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-11-27 03:17 - 2018-11-27 03:17 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002072384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001843432 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001751080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001749504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001715200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001671680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001641608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001612808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001402408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001395248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001387496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001289400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001255736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001221528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 001212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001181824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001097312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001064248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 001053352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 001050936 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001026992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000918304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000828936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000783696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000743432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000667152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000649736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000604336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000582248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-27 03:17 - 2018-11-27 03:17 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000506392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000495624 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000402568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000398400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 000373768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-27 03:12 - 2018-11-27 03:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-27 03:11 - 2018-11-27 03:11 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-27 01:57 - 2018-11-27 15:33 - 000000526 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-11-27 01:04 - 2018-11-27 01:16 - 000002280 ____H C:\Users\Miguel\Documents\Default.rdp
2018-11-27 01:01 - 2018-11-27 01:01 - 000000000 ____D C:\Users\Miguel\AppData\Local\ZHP
2018-11-27 00:50 - 2018-11-27 00:50 - 000000000 ____D C:\Users\Miguel\AppData\Local\ESET
2018-11-27 00:25 - 2018-11-27 02:33 - 000592416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-27 00:02 - 2018-11-27 00:03 - 000000000 ____D C:\Users\Miguel\Documents\Grabaciones de sonido
2018-11-27 00:01 - 2018-11-27 00:01 - 000000279 _____ C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papelera de reciclaje.lnk
2018-11-26 23:51 - 2018-11-26 23:51 - 000000000 ____D C:\Users\Miguel\AppData\Local\DBG
2018-11-26 23:41 - 2018-11-26 23:42 - 000000000 ____D C:\Program Files\HitmanPro
2018-11-26 23:40 - 2018-11-27 00:00 - 000000000 ____D C:\ProgramData\HitmanPro
2018-11-26 23:10 - 2018-11-26 23:10 - 000000000 ____D C:\Users\Miguel\AppData\Local\mbamtray
2018-11-26 23:10 - 2018-11-26 23:10 - 000000000 ____D C:\Users\Miguel\AppData\Local\mbam
2018-11-26 23:09 - 2018-11-26 23:09 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-26 23:07 - 2010-12-05 22:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2018-11-26 23:03 - 2018-11-26 23:03 - 000000000 ____D C:\Users\Miguel\AppData\Local\PeerDistRepub
2018-11-26 22:54 - 2018-11-26 22:54 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-26 22:54 - 2018-11-26 22:54 - 000002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-26 22:50 - 2018-11-27 11:58 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\vlc
2018-11-26 22:49 - 2018-11-26 22:54 - 000000000 ____D C:\Users\Miguel\AppData\Local\Google
2018-11-26 22:49 - 2018-11-26 22:54 - 000000000 ____D C:\Program Files (x86)\Google
2018-11-26 22:49 - 2018-11-26 22:49 - 000003620 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-26 22:49 - 2018-11-26 22:49 - 000003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-26 22:46 - 2018-11-26 22:46 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\WinRAR
2018-11-26 22:43 - 2018-11-26 22:47 - 000000000 ____D C:\Users\Miguel\Documents\PS Portable
2018-11-26 22:42 - 2018-11-27 17:10 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\DMCache
2018-11-26 22:42 - 2018-11-27 00:50 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\IDM
2018-11-26 22:42 - 2018-11-26 22:42 - 000000000 ____D C:\Users\Miguel\Downloads\Video
2018-11-26 22:42 - 2018-11-26 22:42 - 000000000 ____D C:\Users\Miguel\Downloads\Compressed
2018-11-26 22:42 - 2018-11-26 22:42 - 000000000 ____D C:\ProgramData\IDM
2018-11-26 22:40 - 2018-11-26 22:42 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-11-26 22:40 - 2018-11-26 22:40 - 000000927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2018-11-26 22:40 - 2018-11-26 22:40 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-11-26 22:40 - 2018-11-26 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-11-26 22:40 - 2018-11-26 22:40 - 000000000 ____D C:\Program Files\Sublime Text 3
2018-11-26 22:35 - 2018-11-26 22:35 - 000000000 ____D C:\Program Files\Speccy
2018-11-26 22:34 - 2018-11-27 10:46 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\SumatraPDF
2018-11-26 22:34 - 2018-11-26 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-11-26 22:34 - 2018-11-26 22:34 - 000001948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\Program Files\WinRAR
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\Program Files\VideoLAN
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\Program Files\SumatraPDF
2018-11-26 22:15 - 2018-11-26 22:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1107566908-2914427673-2006857480-1001
2018-11-26 22:12 - 2018-11-27 15:29 - 000000000 ____D C:\Users\Miguel\AppData\Local\PlaceholderTileLogoFolder
2018-11-26 22:10 - 2018-11-27 16:53 - 000000000 ____D C:\ProgramData\Packages
2018-11-26 22:10 - 2018-11-26 22:10 - 000000000 ____D C:\Users\Miguel\AppData\Local\Comms
2018-11-26 20:59 - 2018-11-26 22:09 - 000000000 ____D C:\Users\Miguel\AppData\Local\AMD
2018-11-26 20:56 - 2018-11-27 04:05 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-11-26 20:56 - 2018-11-26 20:56 - 000003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-11-26 20:56 - 2018-11-26 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asistente de informe de problemas de AMD
2018-11-26 20:56 - 2018-11-26 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2018-11-26 20:56 - 2018-11-26 20:56 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-11-26 20:56 - 2018-11-26 20:56 - 000000000 ____D C:\Program Files (x86)\AMD
2018-11-26 20:55 - 2018-11-26 20:55 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-26 20:55 - 2018-11-26 20:55 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-11-26 20:55 - 2017-01-27 18:05 - 000103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-11-26 20:55 - 2017-01-27 18:04 - 000326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-11-26 20:55 - 2017-01-27 18:02 - 000118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-11-26 20:55 - 2017-01-27 18:01 - 000322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-11-26 20:53 - 2018-11-26 20:53 - 000000000 ____D C:\Users\Miguel\AppData\Local\D3DSCache
2018-11-26 20:52 - 2018-11-26 20:56 - 000000000 ____D C:\Program Files\AMD
2018-11-26 20:51 - 2018-11-26 20:53 - 000000000 ____D C:\AMD
2018-11-26 20:46 - 2018-11-27 17:16 - 000000000 ___RD C:\Users\Miguel\OneDrive
2018-11-26 20:46 - 2018-11-26 20:46 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-11-26 20:45 - 2018-11-26 20:45 - 000000000 ___HD C:\Users\Miguel\MicrosoftEdgeBackups
2018-11-26 20:44 - 2018-11-27 15:30 - 000000000 ____D C:\Users\Miguel\AppData\Local\Packages
2018-11-26 20:44 - 2018-11-27 12:18 - 000000000 ____D C:\Users\Miguel\AppData\Local\ConnectedDevicesPlatform
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ___RD C:\Users\Miguel\3D Objects
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\Adobe
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ____D C:\Users\Miguel\AppData\Local\VirtualStore
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ____D C:\Users\Miguel\AppData\Local\Publishers
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ____D C:\Users\Miguel\AppData\Local\MicrosoftEdge
2018-11-26 20:42 - 2018-11-26 20:46 - 000000000 ____D C:\Users\Miguel
2018-11-26 20:42 - 2018-11-26 20:42 - 000000020 ___SH C:\Users\Miguel\ntuser.ini
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Reciente
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Plantillas
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Mis documentos
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Menú Inicio
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Impresoras
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Entorno de red
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Documents\Mis vídeos
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Documents\Mis imágenes
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Documents\Mi música
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Datos de programa
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Configuración local
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\AppData\Local\Historial
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\AppData\Local\Datos de programa
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\AppData\Local\Archivos temporales de Internet
2018-11-26 20:37 - 2018-11-27 12:15 - 001684176 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-26 20:35 - 2018-11-26 20:35 - 000000000 ____D C:\WINDOWS\CSC
2018-11-26 20:35 - 2018-11-26 20:35 - 000000000 ____D C:\ProgramData\USOShared
2018-11-26 20:35 - 2018-09-15 03:28 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Public\Documents\Mis vídeos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Public\Documents\Mis imágenes
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Public\Documents\Mi música
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Reciente
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Plantillas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Mis documentos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Menú Inicio
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Impresoras
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Entorno de red
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Documents\Mis vídeos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Documents\Mis imágenes
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Documents\Mi música
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Datos de programa
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Configuración local
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\AppData\Local\Historial
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\AppData\Local\Datos de programa
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\AppData\Local\Archivos temporales de Internet
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\Documents\Mis vídeos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\Documents\Mis imágenes
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\Documents\Mi música
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Historial
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Datos de programa
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Archivos temporales de Internet
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Plantillas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Menú Inicio
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Escritorio
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Documentos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Datos de programa
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Program Files\Archivos comunes
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Documents and Settings
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Archivos de programa
2018-11-26 20:29 - 2018-11-27 17:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-26 20:29 - 2018-11-27 04:06 - 000258144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-26 20:29 - 2018-11-27 04:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-26 20:29 - 2018-11-27 02:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-11-26 20:29 - 2018-11-26 20:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-11-26 20:29 - 2018-11-26 20:29 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-11-26 15:28 - 2018-11-26 20:30 - 000000000 ____D C:\WINDOWS\Panther
2018-10-29 19:01 - 2018-10-29 19:01 - 022112072 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 012857856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 012151296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 011744256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 009951744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 005584056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 004245280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-10-29 19:01 - 2018-10-29 19:01 - 003730352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-10-29 19:01 - 2018-10-29 19:01 - 003600896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 003556864 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002988544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002927096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 002893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002832896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002625552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 002435488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002020560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001884672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001863168 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001830912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001824768 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001797128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001672072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001590288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001520208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001476096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001466992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001391096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-10-29 19:01 - 2018-10-29 19:01 - 001360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 001279000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2018-10-29 19:01 - 2018-10-29 19:01 - 001048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000863752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000850960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000818832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.applicationmodel.datatransfer.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000604248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.applicationmodel.datatransfer.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000298488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000175096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-27 17:06 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-27 16:53 - 2018-09-15 03:33 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-27 16:53 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-27 12:15 - 2018-09-15 12:37 - 000752322 _____ C:\WINDOWS\system32\perfh00A.dat
2018-11-27 12:15 - 2018-09-15 12:37 - 000147902 _____ C:\WINDOWS\system32\perfc00A.dat
2018-11-27 12:15 - 2018-09-15 03:31 - 000000000 ____D C:\WINDOWS\INF
2018-11-27 09:54 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-27 04:05 - 2018-09-15 12:40 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-11-27 04:05 - 2018-09-15 12:40 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-11-27 04:05 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-27 04:05 - 2018-09-15 02:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-11-27 03:18 - 2018-09-15 03:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-27 03:18 - 2018-09-15 02:09 - 000000000 ____D C:\WINDOWS\servicing
2018-11-27 03:11 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\appcompat
2018-11-27 02:21 - 2018-09-15 03:33 - 000000000 ____D C:\Program Files\Windows Defender
2018-11-26 22:25 - 2018-09-15 12:39 - 000000000 ____D C:\WINDOWS\OCR
2018-11-26 22:25 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-11-26 22:10 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ServiceState
2018-11-26 20:49 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-11-26 20:35 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\spool
2018-11-26 20:35 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-11-26 20:35 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\USOPrivate
2018-11-26 20:33 - 2018-09-15 03:33 - 000000000 ____D C:\Program Files\windows nt
2018-11-26 20:29 - 2018-09-15 03:33 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-11-26 20:29 - 2018-09-15 03:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-26 20:29 - 2018-09-15 02:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-26 15:28 - 2018-09-15 03:31 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-11-16 19:48 - 2018-09-15 03:36 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-16 19:48 - 2018-09-15 03:36 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-29 19:01 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\appraiser

Some files in TEMP:
====================
2018-11-27 17:14 - 2018-11-26 23:39 - 011576808 _____ (SurfRight B.V.) C:\Users\Miguel\AppData\Local\Temp\HitmanPro.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

#12
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.11.2018
Ran by Miguel (27-11-2018 17:23:56)
Running from C:\Users\Miguel\Desktop
Windows 10 Pro Version 1809 17763.134 (X64) (2018-11-27 00:33:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1107566908-2914427673-2006857480-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1107566908-2914427673-2006857480-503 - Limited - Disabled)
Invitado (S-1-5-21-1107566908-2914427673-2006857480-501 - Limited - Disabled)
Miguel (S-1-5-21-1107566908-2914427673-2006857480-1001 - Administrator - Enabled) => C:\Users\Miguel
WDAGUtilityAccount (S-1-5-21-1107566908-2914427673-2006857480-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{15979E65-792E-474B-BC5D-42257709D4D9}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{D6ACA0E4-2488-AE52-E73D-24DB98F9AD65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B8C421E8-BDF9-F598-832C-659A513F79EB}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{83D75873-9603-EA5A-948F-A5AEE78082C1}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{DD3A9C85-51E9-854D-EB9B-F0AE8E5B2F7C}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A00A5425-8899-055A-404C-8F96C2EC647F}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{CB71E054-00CF-182D-6C78-F9D85D10B7BA}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{30B97DD0-3646-AD22-2E77-3792B11BB5E6}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{8342F234-A97E-D691-3C01-F060CB7DA175}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{CD47D86C-737D-4818-F059-CF8A53F37B76}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DB0E2806-DE62-D60E-9BD9-E3A89FB2A5A8}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{D4EF1657-8835-A5AE-DBA0-658EF2869048}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED71C4B4-4C00-F7C9-9151-60411373DC35}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{28FFCD28-01FF-9792-B1A9-B944D44FB37D}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{DAEF66AB-6EA7-B0A8-96FB-243A2F33B8B2}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{3DBC48E0-7DE6-295B-448E-5F53D1491AC3}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{CAF3DAD2-A7E8-5472-F8E3-D71E92B7FA65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E7666716-625F-9E54-ECB3-39CC3C7FFB14}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{30A5B188-80AB-2CF5-22D8-8E20D66907D4}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A38C8B57-D3E6-5748-F2D3-FDC383D1203A}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{1CD84FD4-26F3-08FC-32F5-17DA9E8A4ED7}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-06-12] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {27648EB5-311C-476B-A3A4-319331523A16} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-27] (Microsoft Corporation)
Task: {5FC8DD4B-130E-4413-BD96-6E256BA14412} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-26] (Google Inc.)
Task: {6908C2FB-C131-4EB5-A2C1-3ACEF084A7ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-27] (Microsoft Corporation)
Task: {7A35A2E3-3CB4-4E28-B98D-832C02003592} - System32\Tasks\Microsoft\Windows\Flighting\OneSettings\RefreshCache
Task: {7D0252C3-A848-4535-8A55-090BC66F9596} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-06-12] (Advanced Micro Devices, Inc.)
Task: {9F621643-0B80-4592-84D1-33849C830FC9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-27] (Microsoft Corporation)
Task: {AD4E8AFB-A48C-4E13-BE83-B8D87600CFB4} - System32\Tasks\Microsoft\Windows\WlanSvc\CDSSync
Task: {BD21C377-5B30-4E5A-B6F2-37D2086885E5} - System32\Tasks\Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives
Task: {CD32B7F9-D179-4CFD-A62B-5DB6BF2D3E15} - System32\Tasks\S-1-5-21-1107566908-2914427673-2006857480-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-09-15] (Microsoft Corporation)
Task: {D251A0E9-E7D9-46B4-94B5-8DC81A2530EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-27] (Microsoft Corporation)
Task: {E39F8E32-F4B6-44B2-B8AF-D84A6CFEB7B8} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-09-15] ()
Task: {E76866B7-D3C2-42C1-BD5F-0F11F324B062} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-26] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-09-15 03:28 - 2018-09-15 03:28 - 000834088 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-09-15 03:28 - 2018-09-15 03:28 - 000474624 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-09-15 03:28 - 2018-09-15 03:28 - 002801152 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2016-09-13 14:37 - 2016-09-13 14:37 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 14:37 - 2016-09-13 14:37 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 14:37 - 2016-09-13 14:37 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 14:37 - 2016-09-13 14:37 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 14:36 - 2016-09-13 14:36 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 14:36 - 2016-09-13 14:36 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 14:37 - 2016-09-13 14:37 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-09-15 03:28 - 2018-09-15 03:28 - 001740288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-27 02:34 - 2018-11-27 02:57 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-09-15 12:41 - 2018-09-15 12:41 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-11-27 02:34 - 2018-11-27 02:35 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-11-27 00:01 - 2018-11-27 15:33 - 032535040 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\Music.UI.exe
2018-11-27 00:01 - 2018-11-27 15:33 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-11-27 02:11 - 2018-11-27 02:14 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-26 23:39 - 2018-11-26 23:41 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-27 00:01 - 2018-11-27 00:04 - 005951488 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-11-26 22:37 - 2018-11-26 22:43 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-26 22:37 - 2018-11-26 22:39 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-26 22:37 - 2018-11-26 22:39 - 001754112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-11-26 23:49 - 2018-11-27 16:44 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-11-26 23:49 - 2018-11-27 16:44 - 066031104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-11-26 23:49 - 2018-11-27 16:51 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-11-26 23:49 - 2018-11-27 16:50 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-11-26 23:49 - 2018-11-27 16:23 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-11-26 23:49 - 2018-11-27 16:53 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-11-26 23:49 - 2018-11-27 16:47 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-11-26 23:49 - 2018-11-27 16:44 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-11-26 23:49 - 2018-11-27 16:51 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-11-26 23:49 - 2018-11-27 16:50 - 014097920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-11-26 23:49 - 2018-11-27 16:22 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-11-26 23:49 - 2018-11-27 00:00 - 002863616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-11-26 23:49 - 2018-11-27 16:51 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-09-15 12:44 - 2018-09-15 12:44 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-26 23:49 - 2018-11-27 16:51 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\SKU.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 03:31 - 2018-09-15 03:31 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\Control Panel\Desktop\\Wallpaper -> E:\Wallpapers Anime\36000-shino-aburame-naruto-1366x768-anime-wallpaper.jpg
DNS Servers: 192.168.200.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-DeviceManagement-CertificateInstall-TCP-Out] => (Allow) %SystemRoot%\system32\dmcertinst.exe
FirewallRules: [Microsoft-Windows-DeviceManagement-OmaDmClient-TCP-Out] => (Allow) %SystemRoot%\system32\omadmclient.exe
FirewallRules: [{3220D0B5-9872-45C3-B09E-CA2E717E918A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FC29CA23-2AAD-4189-8EAA-C4DDED296A5B}] => (Allow) %systemroot%\system32\alg.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2018 10:16:22 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.

Error: (11/27/2018 10:08:06 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.

Error: (11/27/2018 04:05:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.2.0.704, marca de tiempo: 0x5b9acf90
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17763.1, marca de tiempo: 0xa369e897
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000001982b
Identificador del proceso con errores: 0xe90
Hora de inicio de la aplicación con errores: 0x01d48607106b302e
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: ca0d7179-9118-49fa-872f-ecaf13ac278f
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/27/2018 02:04:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa MicrosoftEdge.exe (versión 11.0.17763.107) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

Id. de proceso: 2c90

Hora de Inicio: 01d48616199645c2

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

Id. de informe: d8159146-34ed-4771-98fe-72822cdd8479

Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe

Id. de la aplicación relativa al paquete con errores: MicrosoftEdge

Tipo de bloqueo: Quiesce

Error: (11/26/2018 11:51:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: taskmgr.exe, versión: 10.0.17763.107, marca de tiempo: 0x0528fd0c
Nombre del módulo con errores: taskmgr.exe, versión: 10.0.17763.107, marca de tiempo: 0x0528fd0c
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000001ec94
Identificador del proceso con errores: 0x2974
Hora de inicio de la aplicación con errores: 0x01d48600ba80f411
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\taskmgr.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\system32\taskmgr.exe
Identificador del informe: df1e8e5f-1b15-402e-bd29-33433afc461f
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/26/2018 11:14:52 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.

Error: (11/26/2018 11:12:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.2.0.704, marca de tiempo: 0x5b9acf90
Nombre del módulo con errores: SelfProtectionSdk.dll, versión: 3.0.0.360, marca de tiempo: 0x5b995ba2
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000014e2a9
Identificador del proceso con errores: 0x1c1c
Hora de inicio de la aplicación con errores: 0x01d485feabcda4da
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Ruta de acceso del módulo con errores: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
Identificador del informe: 18e67d9e-192c-4a72-abae-ea552dd304a2
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/26/2018 11:10:12 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.


System errors:
=============
Error: (11/27/2018 01:36:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (11/27/2018 01:36:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Miguel\AppData\Local\Temp\ehdrv.sys

Error: (11/27/2018 01:36:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (11/27/2018 01:36:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Miguel\AppData\Local\Temp\ehdrv.sys

Error: (11/27/2018 01:36:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (11/27/2018 01:36:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Miguel\AppData\Local\Temp\ehdrv.sys

Error: (11/27/2018 01:36:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (11/27/2018 01:36:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Miguel\AppData\Local\Temp\ehdrv.sys


Windows Defender:
===================================
Date: 2018-11-27 10:19:46.037
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\AutoPico.exe->[MSILRES:AutoPico.SECOH-QAD.x64.dll]; file:_C:\Program Files\KMSpico\Service_KMS.exe->[MSILRES:Service_KMS.SECOH-QAD.x64.dll]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-JRGGCVQ\Miguel
Nombre de proceso: G:\Programas 64 bits\FRST64.exe
Versión de firma: AV: 1.281.899.0, AS: 1.281.899.0, NIS: 1.281.899.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-27 10:19:10.667
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\Service_KMS.exe->[MSILRES:Service_KMS.SECOH-QAD.x64.dll]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-JRGGCVQ\Miguel
Nombre de proceso: G:\Programas 64 bits\FRST64.exe
Versión de firma: AV: 1.281.899.0, AS: 1.281.899.0, NIS: 1.281.899.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-27 10:18:58.545
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\Service_KMS.exe->[MSILRES:Service_KMS.SECOH-QAD.x64.dll]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-JRGGCVQ\Miguel
Nombre de proceso: G:\Programas 64 bits\FRST64.exe
Versión de firma: AV: 1.281.899.0, AS: 1.281.899.0, NIS: 1.281.899.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-27 10:02:34.516
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\AutoPico.exe->[MSILRES:AutoPico.SECOH-QAD.x64.dll]; file:_C:\Program Files\KMSpico\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x64.dll]; file:_C:\Program Files\KMSpico\Service_KMS.exe->[MSILRES:Service_KMS.SECOH-QAD.x64.dll]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-JRGGCVQ\Miguel
Nombre de proceso: C:\Users\Miguel\Downloads\Programs\ESETOnlineScanner_ESL.exe
Versión de firma: AV: 1.281.899.0, AS: 1.281.899.0, NIS: 1.281.899.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-27 10:02:34.238
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\AutoPico.exe->[MSILRES:AutoPico.SECOH-QAD.x64.dll]; file:_C:\Program Files\KMSpico\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x64.dll]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-JRGGCVQ\Miguel
Nombre de proceso: C:\Users\Miguel\Downloads\Programs\ESETOnlineScanner_ESL.exe
Versión de firma: AV: 1.281.899.0, AS: 1.281.899.0, NIS: 1.281.899.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

CodeIntegrity:
===================================

Date: 2018-11-27 10:07:59.042
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 10:03:08.768
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 09:57:41.968
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 09:57:31.790
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 09:57:02.475
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 09:56:57.141
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 09:56:47.102
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 09:56:30.237
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 37%
Total physical RAM: 7403.03 MB
Available physical RAM: 4646.8 MB
Total Virtual: 9259.03 MB
Available Virtual: 6015.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:50.1 GB) NTFS
Drive d: (HDD 2) (Fixed) (Total:298.09 GB) (Free:96.64 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Anime Rules) (Fixed) (Total:931.51 GB) (Free:159.58 GB) NTFS
Drive f: (Jdownloader) (Fixed) (Total:298.09 GB) (Free:170.28 GB) NTFS
Drive g: (HDD 1) (Fixed) (Total:232.88 GB) (Free:62.61 GB) NTFS
Drive h: (Adicional) (Fixed) (Total:298.09 GB) (Free:262.01 GB) NTFS
Drive i: (PLATINIUM) (Removable) (Total:29.98 GB) (Free:27.71 GB) FAT32


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 0000AF2C)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0BFE2AD1)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: BE148A9B)
Partition 1: (Active) - (Size=350 MB) - (Type=17)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: DE3D8E1C)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: A2844685)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 298.1 GB) (Disk ID: 5DE72161)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 30 GB) (Disk ID: 04BB8E05)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)

==================== End of Addition.txt ============================

Estare mas atento a las instrucciones dadas, por cierto entre tus instrucciones no apareció nada para eliminar las preferencias del Edge hice todo lo mas preciso posible, gracias por seguirme ayudando.


#13

Hola:

Sobre Edge revisa aquí:

https://www.softzone.es/2016/02/20/como-restablecer-microsoft-edge-en-windows-10/

Falta el reporte de Delfix.

Ademas, mientras analizo los reportes comenta como funciona el equipo.

Salu2.


#14

Hola @kenichi3000:

No se ve nada complicado solo restos.

Realiza lo siguiente:

Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
HKLM\...\RunOnce: [ZHPCleaner_File1] => CMD /c DEL "C:\Users\Miguel\AppData\Local\Temp\~DFA60D5D468B140CF5.TMP" /F /Q <==== ATTENTION
HKLM\...\RunOnce: [ZHPCleaner] => Notepad C:\Users\Miguel\AppData\Roaming\ZHP\ZHPCleaner.txt
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
S3 cpuz138; C:\Users\Miguel\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2018-11-27] (CPUID) <==== ATTENTION
2018-11-27 01:01 - 2018-11-27 01:01 - 000000000 ____D C:\Users\Miguel\AppData\Local\ZHP
2018-11-27 00:50 - 2018-11-27 00:50 - 000000000 ____D C:\Users\Miguel\AppData\Local\ESET
2018-11-26 23:41 - 2018-11-26 23:42 - 000000000 ____D C:\Program Files\HitmanPro
2018-11-26 23:40 - 2018-11-27 00:00 - 000000000 ____D C:\ProgramData\HitmanPro
2018-11-27 17:14 - 2018-11-26 23:39 - 011576808 _____ (SurfRight B.V.) C:\Users\Miguel\AppData\Local\Temp\HitmanPro.exe
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Salu2.


#15
# DelFix v1.013 - Logfile created 27/11/2018 at 19:36:17
# Updated 17/04/2016 by Xplode
# Username : Miguel - DESKTOP-JRGGCVQ
# Operating System : Windows 10 Enterprise  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Miguel\Desktop\Addition.txt
Deleted : C:\Users\Miguel\Desktop\FRST.txt
Deleted : C:\Users\Miguel\Desktop\FRST64.exe

########## - EOF - ##########

Este lo acabo de realizar no se que paso con el anterior reporte de ese programa :disappointed_relieved: el pc esta perfecto siempre, la problemática aparece justo cuando se ejecuta una web mediante http de resto todo bien.

Dejame probar lo que me acabas de dejar para hacer y te aviso


#16

Te dije que no hagas lo que no te pido…

Te había pedido el reporte anterior por favor lee los pasos siempre.

No hagas cosas por que si, y antes de meter la pata ven y pregunta.

Ahora quitaste FRST y tenias que ejecutar el Fixlist.

Salu2


#17

puedo solucionar el problema bajando nuevamente el FRST al escritorio con el Notepad que me pediste que haga? o no hago nada ya? :disappointed_relieved::sob:


#18

Si descargala nuevamente y realiza los pasos.

De todas maneras no hay malwares en ese equipo, siempre te conectas a la misma pagina?

Salu2


#19

no es la misma pagina, te puedo enumerar cuales son la web que me afectan, intercambiosvirtuales, spaste, acortadores, y en general todo dominio http es el causante del detonante y cuando bloqueo las ejecuciones del navegador de JavaScript dejan de ejecutarse ciertas cosas entre ellas esos bug, pero hay webs que requieren se ejecute el JavaScript, si tengo un malware porque el adwclear lo encontró, si gustas puedo hacer un análisis con ese y mandarte captura o no se si es posible con ese programa hacerte un reporte.

PD: este reporte es de anoche 27/11/2018 te iba a responder inmediatamente pero el foro me limito a esperar 14h por mi estatus en el mismo, no he realizado acción alguna luego de el Fixlist que me pediste y te lo dejo aca abajo.

PD2: Desde que hice el fixlist no he abierto ninguna pagina en http las estoy evitando en su máxima posibilidad para esperar por tus siguientes pasos a tomar, solo abri par de paginas bancarias para realizar unas transacciones y este foro, únicamente, como te digo: puedo hacer el test con adwclear y si aun asi no consigue nada puedo tratar de abrir las web en http y mostrar capturs de pantalla del cpu al momento de abrir dichas webs. Nuevamente Gracias por la ayuda brindada

REPORTE:

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.11.2018
Ran by Miguel (27-11-2018 20:20:00) Run:1
Running from C:\Users\Miguel\Desktop
Loaded Profiles: Miguel (Available Profiles: Miguel)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM\...\RunOnce: [ZHPCleaner_File1] => CMD /c DEL "C:\Users\Miguel\AppData\Local\Temp\~DFA60D5D468B140CF5.TMP" /F /Q <==== ATTENTION
HKLM\...\RunOnce: [ZHPCleaner] => Notepad C:\Users\Miguel\AppData\Roaming\ZHP\ZHPCleaner.txt
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
S3 cpuz138; C:\Users\Miguel\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2018-11-27] (CPUID) <==== ATTENTION
2018-11-27 01:01 - 2018-11-27 01:01 - 000000000 ____D C:\Users\Miguel\AppData\Local\ZHP
2018-11-27 00:50 - 2018-11-27 00:50 - 000000000 ____D C:\Users\Miguel\AppData\Local\ESET
2018-11-26 23:41 - 2018-11-26 23:42 - 000000000 ____D C:\Program Files\HitmanPro
2018-11-26 23:40 - 2018-11-27 00:00 - 000000000 ____D C:\ProgramData\HitmanPro
2018-11-27 17:14 - 2018-11-26 23:39 - 011576808 _____ (SurfRight B.V.) C:\Users\Miguel\AppData\Local\Temp\HitmanPro.exe
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ZHPCleaner_File1" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ZHPCleaner" => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} => removed successfully
HKLM\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} => removed successfully
cpuz138 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\cpuz138 => removed successfully
cpuz138 => service removed successfully
C:\Users\Miguel\AppData\Local\ZHP => moved successfully
C:\Users\Miguel\AppData\Local\ESET => moved successfully
C:\Program Files\HitmanPro => moved successfully
C:\ProgramData\HitmanPro => moved successfully
C:\Users\Miguel\AppData\Local\Temp\HitmanPro.exe => moved successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Wi-Fi mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 1 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 2 mientras los medios
est‚n desconectados.

Adaptador de LAN inal mbrica Wi-Fi:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 1:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Ethernet:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::250c:875f:23b6:bded%17
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.200.101
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.200.254

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{E8C3F2A6-D337-4043-882F-5A350DBBF003} canceled.
{39FE1967-D797-4010-A7DA-91C6AFF0948F} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34015688 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 753970 B
Edge => 349013888 B
Chrome => 12840387 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3580 B
LocalService => 0 B
NetworkService => 19010 B
NetworkService => 0 B
Miguel => 60145824 B

RecycleBin => 0 B
EmptyTemp: => 441.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:20:38 ====

#20

Hola @kenichi3000:

Te consulto tienes todas las actualizaciones instaladas?

1.- Realiza un análisis con AdwCleaner, te dejo su manual para que sepas ejecutarlo correctamente y guardar su reporte para pegarlo en tu próxima respuesta.

2.- Vuelve a ejecutar FRST como la primera vez que te indique (No olvides ejecutarlo como Administrador), ya no te dará el reporte de Addition,

Vienes y los pegas en tu próxima respuesta.

No te preocupes que seguiremos investigando.

Salu2.