No puedo eliminar el PUP.Optional.Legacy

#15
# DelFix v1.013 - Logfile created 27/11/2018 at 19:36:17
# Updated 17/04/2016 by Xplode
# Username : Miguel - DESKTOP-JRGGCVQ
# Operating System : Windows 10 Enterprise  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Miguel\Desktop\Addition.txt
Deleted : C:\Users\Miguel\Desktop\FRST.txt
Deleted : C:\Users\Miguel\Desktop\FRST64.exe

########## - EOF - ##########

Este lo acabo de realizar no se que paso con el anterior reporte de ese programa :disappointed_relieved: el pc esta perfecto siempre, la problemática aparece justo cuando se ejecuta una web mediante http de resto todo bien.

Dejame probar lo que me acabas de dejar para hacer y te aviso

#16

Te dije que no hagas lo que no te pido…

Te había pedido el reporte anterior por favor lee los pasos siempre.

No hagas cosas por que si, y antes de meter la pata ven y pregunta.

Ahora quitaste FRST y tenias que ejecutar el Fixlist.

Salu2

#17

puedo solucionar el problema bajando nuevamente el FRST al escritorio con el Notepad que me pediste que haga? o no hago nada ya? :disappointed_relieved::sob:

#18

Si descargala nuevamente y realiza los pasos.

De todas maneras no hay malwares en ese equipo, siempre te conectas a la misma pagina?

Salu2

#19

no es la misma pagina, te puedo enumerar cuales son la web que me afectan, intercambiosvirtuales, spaste, acortadores, y en general todo dominio http es el causante del detonante y cuando bloqueo las ejecuciones del navegador de JavaScript dejan de ejecutarse ciertas cosas entre ellas esos bug, pero hay webs que requieren se ejecute el JavaScript, si tengo un malware porque el adwclear lo encontró, si gustas puedo hacer un análisis con ese y mandarte captura o no se si es posible con ese programa hacerte un reporte.

PD: este reporte es de anoche 27/11/2018 te iba a responder inmediatamente pero el foro me limito a esperar 14h por mi estatus en el mismo, no he realizado acción alguna luego de el Fixlist que me pediste y te lo dejo aca abajo.

PD2: Desde que hice el fixlist no he abierto ninguna pagina en http las estoy evitando en su máxima posibilidad para esperar por tus siguientes pasos a tomar, solo abri par de paginas bancarias para realizar unas transacciones y este foro, únicamente, como te digo: puedo hacer el test con adwclear y si aun asi no consigue nada puedo tratar de abrir las web en http y mostrar capturs de pantalla del cpu al momento de abrir dichas webs. Nuevamente Gracias por la ayuda brindada

REPORTE:

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.11.2018
Ran by Miguel (27-11-2018 20:20:00) Run:1
Running from C:\Users\Miguel\Desktop
Loaded Profiles: Miguel (Available Profiles: Miguel)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM\...\RunOnce: [ZHPCleaner_File1] => CMD /c DEL "C:\Users\Miguel\AppData\Local\Temp\~DFA60D5D468B140CF5.TMP" /F /Q <==== ATTENTION
HKLM\...\RunOnce: [ZHPCleaner] => Notepad C:\Users\Miguel\AppData\Roaming\ZHP\ZHPCleaner.txt
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
S3 cpuz138; C:\Users\Miguel\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2018-11-27] (CPUID) <==== ATTENTION
2018-11-27 01:01 - 2018-11-27 01:01 - 000000000 ____D C:\Users\Miguel\AppData\Local\ZHP
2018-11-27 00:50 - 2018-11-27 00:50 - 000000000 ____D C:\Users\Miguel\AppData\Local\ESET
2018-11-26 23:41 - 2018-11-26 23:42 - 000000000 ____D C:\Program Files\HitmanPro
2018-11-26 23:40 - 2018-11-27 00:00 - 000000000 ____D C:\ProgramData\HitmanPro
2018-11-27 17:14 - 2018-11-26 23:39 - 011576808 _____ (SurfRight B.V.) C:\Users\Miguel\AppData\Local\Temp\HitmanPro.exe
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ZHPCleaner_File1" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ZHPCleaner" => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} => removed successfully
HKLM\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} => removed successfully
cpuz138 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\cpuz138 => removed successfully
cpuz138 => service removed successfully
C:\Users\Miguel\AppData\Local\ZHP => moved successfully
C:\Users\Miguel\AppData\Local\ESET => moved successfully
C:\Program Files\HitmanPro => moved successfully
C:\ProgramData\HitmanPro => moved successfully
C:\Users\Miguel\AppData\Local\Temp\HitmanPro.exe => moved successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Wi-Fi mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 1 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 2 mientras los medios
est‚n desconectados.

Adaptador de LAN inal mbrica Wi-Fi:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 1:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Ethernet:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::250c:875f:23b6:bded%17
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.200.101
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.200.254

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{E8C3F2A6-D337-4043-882F-5A350DBBF003} canceled.
{39FE1967-D797-4010-A7DA-91C6AFF0948F} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34015688 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 753970 B
Edge => 349013888 B
Chrome => 12840387 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3580 B
LocalService => 0 B
NetworkService => 19010 B
NetworkService => 0 B
Miguel => 60145824 B

RecycleBin => 0 B
EmptyTemp: => 441.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:20:38 ====
#20

Hola @kenichi3000:

Te consulto tienes todas las actualizaciones instaladas?

1.- Realiza un análisis con AdwCleaner, te dejo su manual para que sepas ejecutarlo correctamente y guardar su reporte para pegarlo en tu próxima respuesta.

2.- Vuelve a ejecutar FRST como la primera vez que te indique (No olvides ejecutarlo como Administrador), ya no te dará el reporte de Addition,

Vienes y los pegas en tu próxima respuesta.

No te preocupes que seguiremos investigando.

Salu2.

1 me gusta
#21

te hago una pregunta, en caso de no aparecer el malware quieres que abra una pagina donde aparezca el efecto que te digo y luego haga un escaneo nuevamente? para ver si eso es lo que lo activa y lo hace visible? como te dije ya no he abierto paginas HTTP para no meter mas la pata con tus instrucciones

#22

Hola:

Ya lo haremos pero con alguna herramienta que monitoree el proceso.

Salu2.

#23

Informe del ADWClear

# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build:    11-26-2018
# Database: 2018-11-26.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-28-2018
# Duration: 00:00:01
# OS:       Windows 10 Pro
# Cleaned:  4
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2127 octets] - [28/11/2018 14:08:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Reporte FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.11.2018
Ran by Miguel (administrator) on DESKTOP-JRGGCVQ (28-11-2018 14:19:06)
Running from C:\Users\Miguel\Desktop
Loaded Profiles: Miguel (Available Profiles: Miguel)
Platform: Windows 10 Pro Version 1809 17763.134 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Piriform Ltd) C:\Program Files\Speccy\Speccy64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\WINDOWS\system32\SecurityHealthSystray.exe [83968 2018-09-15] (Microsoft Corporation)
HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\Run: [Speccy] => C:\Program Files\Speccy\Speccy64.exe [7067048 2015-12-02] (Piriform Ltd)
HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4035696 2017-05-25] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.200.254
Tcpip\..\Interfaces\{e7736c1c-a824-4eca-b66d-1dea4c085d67}: [DhcpNameServer] 192.168.200.254

Internet Explorer:
==================
HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\S-1-5-21-1107566908-2914427673-2006857480-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-1107566908-2914427673-2006857480-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04

Edge: 
======
Edge Extension: (BookReader) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets [2018-09-15]
Edge Extension: (PinJSAPI) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [2018-09-15]

FireFox:
========
FF HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Miguel\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Miguel\AppData\Roaming\IDM\idmmzcc5 [2018-11-26] [Legacy] [not signed]
FF HKU\S-1-5-21-1107566908-2914427673-2006857480-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Legacy]
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-11-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-11-26] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default [2018-11-27]
CHR Extension: (Presentaciones) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-26]
CHR Extension: (Documentos) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-26]
CHR Extension: (Google Drive) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-26]
CHR Extension: (YouTube) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-26]
CHR Extension: (Hojas de cálculo) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-26]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-26]
CHR Extension: (IDM Integration Module) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-11-26]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-26]
CHR Extension: (Gmail) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-26]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrokerInfrastructure; C:\WINDOWS\System32\psmsrv.dll [241664 2018-11-27] (Microsoft Corporation)
S3 cbdhsvc; C:\WINDOWS\System32\cbdhsvc.dll [961024 2018-09-15] (Microsoft Corporation)
S3 ConsentUxUserSvc; C:\WINDOWS\System32\ConsentUxClient.dll [157696 2018-09-15] (Microsoft Corporation)
S3 DisplayEnhancementService; C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [914944 2018-09-15] (Microsoft Corporation)
S3 perceptionsimulation; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [78848 2018-09-15] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381624 2018-09-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-27] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-27] (Microsoft Corporation)
S3 WManSvc; C:\WINDOWS\system32\Windows.Management.Service.dll [370176 2018-09-15] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0315159.inf_amd64_b01c1e8cccf04a67\atikmdag.sys [36571640 2017-06-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0315159.inf_amd64_b01c1e8cccf04a67\atikmpag.sys [529912 2017-06-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
R1 BasicDisplay; C:\WINDOWS\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys [68096 2018-09-15] (Microsoft Corporation)
R1 BasicRender; C:\WINDOWS\System32\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys [37376 2018-09-15] (Microsoft Corporation)
S3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [34816 2018-09-15] (Microsoft Corporation)
R3 cpuz138; C:\Users\Miguel\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2018-11-28] (CPUID) <==== ATTENTION
S3 hidspi; C:\WINDOWS\System32\drivers\hidspi.sys [60928 2018-09-15] (Microsoft Corporation)
S3 iaLPSS2i_GPIO2_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys [180736 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2018-09-15] (Intel Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-09-15] (Qualcomm Atheros, Inc.)
S3 MbbCx; C:\WINDOWS\System32\drivers\MbbCx.sys [290816 2018-09-15] (Microsoft Corporation)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [53760 2018-09-15] (Microsoft Corporation)
S3 PktMon; C:\WINDOWS\System32\drivers\PktMon.sys [85504 2018-09-15] (Microsoft Corporation)
S0 SmartSAMD; C:\WINDOWS\System32\drivers\SmartSAMD.sys [219960 2018-09-15] (Microsemi Corportation)
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [171520 2018-09-15] (Microsoft Corporation)
S3 UcmUcsiAcpiClient; C:\WINDOWS\System32\drivers\UcmUcsiAcpiClient.sys [31232 2018-09-15] (Microsoft Corporation)
S3 UcmUcsiCx0101; C:\WINDOWS\System32\Drivers\UcmUcsiCx.sys [99840 2018-09-15] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-11-27] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-11-27] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-27] (Microsoft Corporation)
R3 WinQuic; C:\WINDOWS\System32\drivers\winquic.sys [156984 2018-09-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: WManSvc -> C:\Windows\system32\Windows.Management.Service.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-28 14:19 - 2018-11-28 14:19 - 000012547 _____ C:\Users\Miguel\Desktop\FRST.txt
2018-11-28 14:08 - 2018-11-28 14:10 - 000000000 ____D C:\AdwCleaner
2018-11-28 14:03 - 2018-11-28 14:04 - 007321808 _____ (Malwarebytes) C:\Users\Miguel\Desktop\adwcleaner_7.2.5.0.exe
2018-11-28 13:52 - 2018-11-28 13:52 - 000000000 ____D C:\Users\Miguel\AppData\Local\ElevatedDiagnostics
2018-11-27 20:32 - 2018-11-27 20:32 - 000000040 ____H C:\01696CDEB3DF
2018-11-27 20:32 - 2018-11-27 20:32 - 000000000 ____D C:\Users\Miguel\AppData\LocalLow\Adobe
2018-11-27 20:20 - 2018-11-27 20:20 - 000009601 _____ C:\Users\Miguel\Desktop\Fixlog.txt
2018-11-27 20:19 - 2018-11-28 14:19 - 000000000 ____D C:\FRST
2018-11-27 20:12 - 2018-11-27 20:12 - 002416640 _____ (Farbar) C:\Users\Miguel\Desktop\FRST64.exe
2018-11-27 17:19 - 2018-11-27 17:19 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\Macromedia
2018-11-27 17:18 - 2018-11-27 17:18 - 000000000 ____D C:\Users\Miguel\AppData\LocalLow\AMD
2018-11-27 17:17 - 2018-11-27 19:36 - 000000413 _____ C:\DelFix.txt
2018-11-27 11:59 - 2018-11-27 11:59 - 000000000 ____D C:\tportable.1.1.23
2018-11-27 03:17 - 2018-11-27 03:17 - 026804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 024616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 023440384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 020808704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 019284480 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 019024384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 009696264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 007857152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 006543224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 006059008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 005440016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 004886016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 004588752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 003981312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003951192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003744256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003662336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 003550592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 003379216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 003337800 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002985328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002879488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002721792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 002702536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002689024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002617856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002594872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002488320 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002429752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-27 03:17 - 2018-11-27 03:17 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002186752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002185728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002160160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-11-27 03:17 - 2018-11-27 03:17 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 002072384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001843432 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001751080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001749504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001715200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001671680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001641608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001612808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001402408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001395248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001387496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001289400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001255736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001221528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 001212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001181824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001097312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001064248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 001053352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 001050936 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001026992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000918304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000828936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000783696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000743432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000667152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000649736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000604336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000582248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-27 03:17 - 2018-11-27 03:17 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000506392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000495624 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000402568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000398400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-27 03:17 - 2018-11-27 03:17 - 000373768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2018-11-27 03:17 - 2018-11-27 03:17 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-27 03:17 - 2018-11-27 03:17 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-27 03:12 - 2018-11-27 03:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-27 03:11 - 2018-11-27 03:11 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-27 01:57 - 2018-11-27 15:33 - 000000526 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-11-27 01:04 - 2018-11-27 01:16 - 000002280 ____H C:\Users\Miguel\Documents\Default.rdp
2018-11-27 00:25 - 2018-11-27 02:33 - 000592416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-27 00:02 - 2018-11-27 00:03 - 000000000 ____D C:\Users\Miguel\Documents\Grabaciones de sonido
2018-11-27 00:01 - 2018-11-27 00:01 - 000000279 _____ C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papelera de reciclaje.lnk
2018-11-26 23:51 - 2018-11-26 23:51 - 000000000 ____D C:\Users\Miguel\AppData\Local\DBG
2018-11-26 23:10 - 2018-11-26 23:10 - 000000000 ____D C:\Users\Miguel\AppData\Local\mbamtray
2018-11-26 23:10 - 2018-11-26 23:10 - 000000000 ____D C:\Users\Miguel\AppData\Local\mbam
2018-11-26 23:07 - 2010-12-05 22:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2018-11-26 23:03 - 2018-11-26 23:03 - 000000000 ____D C:\Users\Miguel\AppData\Local\PeerDistRepub
2018-11-26 22:54 - 2018-11-26 22:54 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-26 22:54 - 2018-11-26 22:54 - 000002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-26 22:50 - 2018-11-27 11:58 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\vlc
2018-11-26 22:49 - 2018-11-26 22:54 - 000000000 ____D C:\Users\Miguel\AppData\Local\Google
2018-11-26 22:49 - 2018-11-26 22:54 - 000000000 ____D C:\Program Files (x86)\Google
2018-11-26 22:49 - 2018-11-26 22:49 - 000003620 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-26 22:49 - 2018-11-26 22:49 - 000003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-26 22:46 - 2018-11-26 22:46 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\WinRAR
2018-11-26 22:43 - 2018-11-26 22:47 - 000000000 ____D C:\Users\Miguel\Documents\PS Portable
2018-11-26 22:42 - 2018-11-28 14:00 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\DMCache
2018-11-26 22:42 - 2018-11-27 00:50 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\IDM
2018-11-26 22:42 - 2018-11-26 22:42 - 000000000 ____D C:\Users\Miguel\Downloads\Video
2018-11-26 22:42 - 2018-11-26 22:42 - 000000000 ____D C:\Users\Miguel\Downloads\Compressed
2018-11-26 22:42 - 2018-11-26 22:42 - 000000000 ____D C:\ProgramData\IDM
2018-11-26 22:40 - 2018-11-26 22:42 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-11-26 22:40 - 2018-11-26 22:40 - 000000927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2018-11-26 22:40 - 2018-11-26 22:40 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-11-26 22:40 - 2018-11-26 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-11-26 22:40 - 2018-11-26 22:40 - 000000000 ____D C:\Program Files\Sublime Text 3
2018-11-26 22:35 - 2018-11-26 22:35 - 000000000 ____D C:\Program Files\Speccy
2018-11-26 22:34 - 2018-11-27 10:46 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\SumatraPDF
2018-11-26 22:34 - 2018-11-26 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-11-26 22:34 - 2018-11-26 22:34 - 000001948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\Program Files\WinRAR
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\Program Files\VideoLAN
2018-11-26 22:34 - 2018-11-26 22:34 - 000000000 ____D C:\Program Files\SumatraPDF
2018-11-26 22:15 - 2018-11-26 22:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1107566908-2914427673-2006857480-1001
2018-11-26 22:12 - 2018-11-27 15:29 - 000000000 ____D C:\Users\Miguel\AppData\Local\PlaceholderTileLogoFolder
2018-11-26 22:10 - 2018-11-27 16:53 - 000000000 ____D C:\ProgramData\Packages
2018-11-26 22:10 - 2018-11-26 22:10 - 000000000 ____D C:\Users\Miguel\AppData\Local\Comms
2018-11-26 20:59 - 2018-11-27 20:32 - 000000000 ____D C:\Users\Miguel\AppData\Local\AMD
2018-11-26 20:56 - 2018-11-28 14:10 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-11-26 20:56 - 2018-11-26 20:56 - 000003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-11-26 20:56 - 2018-11-26 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asistente de informe de problemas de AMD
2018-11-26 20:56 - 2018-11-26 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2018-11-26 20:56 - 2018-11-26 20:56 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-11-26 20:56 - 2018-11-26 20:56 - 000000000 ____D C:\Program Files (x86)\AMD
2018-11-26 20:55 - 2018-11-26 20:55 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-26 20:55 - 2018-11-26 20:55 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-11-26 20:55 - 2017-01-27 18:05 - 000103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-11-26 20:55 - 2017-01-27 18:04 - 000326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-11-26 20:55 - 2017-01-27 18:02 - 000118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-11-26 20:55 - 2017-01-27 18:01 - 000322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-11-26 20:53 - 2018-11-26 20:53 - 000000000 ____D C:\Users\Miguel\AppData\Local\D3DSCache
2018-11-26 20:52 - 2018-11-26 20:56 - 000000000 ____D C:\Program Files\AMD
2018-11-26 20:51 - 2018-11-26 20:53 - 000000000 ____D C:\AMD
2018-11-26 20:46 - 2018-11-27 17:16 - 000000000 ___RD C:\Users\Miguel\OneDrive
2018-11-26 20:46 - 2018-11-26 20:46 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-11-26 20:45 - 2018-11-26 20:45 - 000000000 ___HD C:\Users\Miguel\MicrosoftEdgeBackups
2018-11-26 20:44 - 2018-11-27 15:30 - 000000000 ____D C:\Users\Miguel\AppData\Local\Packages
2018-11-26 20:44 - 2018-11-27 12:18 - 000000000 ____D C:\Users\Miguel\AppData\Local\ConnectedDevicesPlatform
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ___RD C:\Users\Miguel\3D Objects
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ____D C:\Users\Miguel\AppData\Roaming\Adobe
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ____D C:\Users\Miguel\AppData\Local\VirtualStore
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ____D C:\Users\Miguel\AppData\Local\Publishers
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ____D C:\Users\Miguel\AppData\Local\MicrosoftEdge
2018-11-26 20:42 - 2018-11-26 20:46 - 000000000 ____D C:\Users\Miguel
2018-11-26 20:42 - 2018-11-26 20:42 - 000000020 ___SH C:\Users\Miguel\ntuser.ini
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Reciente
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Plantillas
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Mis documentos
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Menú Inicio
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Impresoras
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Entorno de red
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Documents\Mis vídeos
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Documents\Mis imágenes
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Documents\Mi música
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Datos de programa
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\Configuración local
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\AppData\Local\Historial
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\AppData\Local\Datos de programa
2018-11-26 20:42 - 2018-11-26 20:42 - 000000000 _SHDL C:\Users\Miguel\AppData\Local\Archivos temporales de Internet
2018-11-26 20:37 - 2018-11-27 20:31 - 001684176 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-26 20:35 - 2018-11-26 20:35 - 000000000 ____D C:\WINDOWS\CSC
2018-11-26 20:35 - 2018-11-26 20:35 - 000000000 ____D C:\ProgramData\USOShared
2018-11-26 20:35 - 2018-09-15 03:28 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Public\Documents\Mis vídeos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Public\Documents\Mis imágenes
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Public\Documents\Mi música
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Reciente
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Plantillas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Mis documentos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Menú Inicio
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Impresoras
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Entorno de red
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Documents\Mis vídeos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Documents\Mis imágenes
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Documents\Mi música
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Datos de programa
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\Configuración local
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\AppData\Local\Historial
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\AppData\Local\Datos de programa
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default\AppData\Local\Archivos temporales de Internet
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\Documents\Mis vídeos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\Documents\Mis imágenes
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\Documents\Mi música
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Historial
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Datos de programa
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Archivos temporales de Internet
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Plantillas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Menú Inicio
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Escritorio
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Documentos
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\ProgramData\Datos de programa
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Program Files\Archivos comunes
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Documents and Settings
2018-11-26 20:33 - 2018-11-26 20:33 - 000000000 _SHDL C:\Archivos de programa
2018-11-26 20:29 - 2018-11-28 14:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-26 20:29 - 2018-11-27 20:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-26 20:29 - 2018-11-27 04:06 - 000258144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-26 20:29 - 2018-11-27 02:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-11-26 20:29 - 2018-11-26 20:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-11-26 20:29 - 2018-11-26 20:29 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-11-26 15:28 - 2018-11-26 20:30 - 000000000 ____D C:\WINDOWS\Panther
2018-10-29 19:01 - 2018-10-29 19:01 - 022112072 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 012857856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 012151296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 011744256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 009951744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 005584056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 004245280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-10-29 19:01 - 2018-10-29 19:01 - 003730352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-10-29 19:01 - 2018-10-29 19:01 - 003600896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 003556864 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002988544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002927096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 002893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002832896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002625552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 002435488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 002020560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001884672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001863168 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001830912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001824768 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001797128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001672072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001590288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001520208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001476096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001466992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 001391096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-10-29 19:01 - 2018-10-29 19:01 - 001360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 001279000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2018-10-29 19:01 - 2018-10-29 19:01 - 001048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000863752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000850960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000818832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.applicationmodel.datatransfer.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000604248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.applicationmodel.datatransfer.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000298488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000175096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2018-10-29 19:01 - 2018-10-29 19:01 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-29 19:01 - 2018-10-29 19:01 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-28 14:13 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-28 14:10 - 2018-09-15 02:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-11-28 12:22 - 2018-09-15 03:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-28 12:08 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-27 20:31 - 2018-09-15 12:37 - 000752322 _____ C:\WINDOWS\system32\perfh00A.dat
2018-11-27 20:31 - 2018-09-15 12:37 - 000147902 _____ C:\WINDOWS\system32\perfc00A.dat
2018-11-27 20:31 - 2018-09-15 03:31 - 000000000 ____D C:\WINDOWS\INF
2018-11-27 16:53 - 2018-09-15 03:33 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-27 16:53 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-27 04:05 - 2018-09-15 12:40 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-11-27 04:05 - 2018-09-15 12:40 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-11-27 04:05 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-27 03:18 - 2018-09-15 02:09 - 000000000 ____D C:\WINDOWS\servicing
2018-11-27 03:11 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\appcompat
2018-11-27 02:21 - 2018-09-15 03:33 - 000000000 ____D C:\Program Files\Windows Defender
2018-11-26 22:25 - 2018-09-15 12:39 - 000000000 ____D C:\WINDOWS\OCR
2018-11-26 22:25 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-11-26 22:10 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ServiceState
2018-11-26 20:49 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-11-26 20:35 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\spool
2018-11-26 20:35 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-11-26 20:35 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\USOPrivate
2018-11-26 20:33 - 2018-09-15 03:33 - 000000000 ____D C:\Program Files\windows nt
2018-11-26 20:29 - 2018-09-15 03:33 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-11-26 20:29 - 2018-09-15 03:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-26 20:29 - 2018-09-15 02:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-26 15:28 - 2018-09-15 03:31 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-11-16 19:48 - 2018-09-15 03:36 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-16 19:48 - 2018-09-15 03:36 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-29 19:01 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\appraiser

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
#24

Hola @kenichi3000:

Lo detectado por Adwercleaner es en el Explorador Edge de la pagina /App/Chat privado de Chatango.

Nada que ver con lo anterior.

Prueba lo siguiente:

1.- Descarga a el escritorio Process Explorer.

  • Lo descomprimes, (botón derecho sobre el icono , extraer aquí).

  • Dentro de la carpeta, botón derecho sobre proceexp64.exe. Ejecutar como Administrador.

  • Veras una imagen como esta:

En este punto abre una de las paginas que te da problemas.

Veras todos los procesos que corren en tu equipo en la primera columna. Revisa cual es el que se consume todo el uso de CPU. Puede ser mas de uno.

Colocas el ratón sobre el y te mostrara la ventana con la información que necesitamos.

2.- Tomas una imagen y la subes.

Como insertar una imagen en el Foro?

Salu2.

#25

hola @SanMar me deja un poco con la duda de lo sucedido pero ya creo entender, Primero ya el abrir las web con HTTP no me aparece mas el cosumo excesivo de CPU ni las molestas publicidad, la cosa es que no se que fue lo que lo elimino en primera instancia y lo único que note diferente fue que el adwclear que me mandaste a descargar creo fue diferente al que yo estaba usando y eso fue lo que logro eliminarlo, porque el proceso de consumo luego de usar el adwclear mas nunca apareció, ayer iba a realizar el test como me lo pediste para mandarte la captura pues no hizo falta porque nunca apareció :smiley: estoy agradecido contigo por el aporte y asistencia otorgada pero aun sigo con la duda y la sospecha de que quizás aparezca nuevamente en un par de días(ojala y no), dicho esto como procedemos con el tema? le damos solución? o esperamos unas 48h mas para ver si ya realmente se soluciono? nuevamente te agradezco de verdad por la ayuda brindada hasta ahora :smiley: no se que abria hecho sin tu ayuda y este foro

#26

Hola:

Prueba el equipo 48 hs, reincia varias veces, ten cuidado de donde descargas.

Luego vuelves y comentas.

Salu2.

#27

bueno @SanMar estoy MUY agradecido contigo, gracias a ti pude resolver lo del malware que tenia en el pc, ya a dia de hoy nada que aparece nada cuando visito paginas web HTTP gracias al foro y gracias a ti por colaborarme paso a paso :smiley: espero cualquier cosa poder contar con el foro y ustedes como STAFF muchisimas gracias, saludos, cuidates y un abrazo.

#28

Hola:

Cualquier nuevo problema puedes volver que por aquí te ayudaremos…:+1:

Tema Solucionado

#29

hola @SanMar esto me paso hace un ratico, aproveche las ultimas instrucciones que me diste para ver si te sirve de algo, pero creo que el malware nunca dejo de estar :frowning: , te dejare las 2 capturas de pantalla que hice, me estan volviendo los sintomas, las web HTTP que ejecuto me salen con mucha publicidad y el computador comienza a usar todo el CPU, te dejo adjunto las imagenes que saque.

#30

Hola:

1.- Tienes demasiadas pestañas de Google Chrome abiertas, prueba de a una página para que sea valido el informe.

2.- No te lo he preguntado, pero que características técnicas tiene ese equipo?

3.- Prueba lo siguiente:

Cómo desactivar el refresco automático en Google Chrome?

Luego navega en esas paginas pero no abras mas de dos o tres, y revisa el Consumo. Traes nuevas imágenes.

Salu2.

#31

8gb ram ddr3 1333mhz

fx 6300 - Six core 3.4GHZ

gpu r7 240 2gb vram

SSD kingston 120gb (AQUI VA EL SO)

Con una sola pestaña y todo lo que CHROME se utiliza:

Otra Captura

Otra web donde aparece el mismo elevado de consumo

En EDGE

Al principio siempre es asi, solo muestra mucha ad en las web HTTP y luego comienza el consumo en exceso de utilizar la CPU.

Otra en EDGE

Aqui se uiliza todo el cpu en una sola web y esa publicidad exagerada que al tratar de cerrar saltan Pop Up

#32

Hola

Pues comencemos de nuevo.:thinking:

Realiza los siguientes pasos, sin cambiar el orden:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga a tu escritorio las siguientes herramientas:

3.- Luego realizas lo siguiente, respetando el orden de los pasos:

Malwarebytes

Instalalo y actualizalo. Realiza un Análisis Completo de acuerdo a su Manual.

AdwCleaner

Ejecutalo. (Clic derecho y selecciona Ejecutar como Administrador). Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar. Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas. Guardas el reporte que te aparecerá para copiarlo y pegarlo en tu próxima respuesta. El informe también se puede encontrar en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

Siguiendo su manual, lo instalas y ejecutas. Cuando termine, eliminas todo lo que encuentre.

NOTA IMPORTANTE:

En tu próxima respuesta debes pegar los reportes de Malwarebytes, AdwCleaner y ZHPCleaner.

Envuelve cada uno de los informes con una etiqueta escrita CODE_Inicial al inicio del informe y otra como este CODE_Final al final del mismo.

Nos comentas.

Salu2.

1 me gusta
#33
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.12.05.04
  rootkit: v2018.12.05.04

Windows 10 x64 NTFS
Internet Explorer 11.134.17763.0
Miguel :: DESKTOP-JRGGCVQ [administrator]

5/12/2018 8:46:52 a. m.
mbar-log-2018-12-05 (08-46-52).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 175377
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.134.17763.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 3.516000 GHz
Memory total: 7762640896, free: 4097024000

Downloaded database version: v2018.12.05.04
Downloaded database version: v2018.12.05.04
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     12/05/2018 08:46:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\WppRecorder.sys
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\system32\drivers\mssecflt.sys
\SystemRoot\system32\drivers\SgrmAgent.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\wd\WdFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys
\SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afunix.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\bam.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\Vid.sys
\SystemRoot\System32\drivers\winhvr.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_e4d35af746093dc3\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\c0315159.inf_amd64_b01c1e8cccf04a67\atikmpag.sys
\SystemRoot\System32\DriverStore\FileRepository\c0315159.inf_amd64_b01c1e8cccf04a67\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\e2xw10x64.sys
\SystemRoot\system32\DRIVERS\bcmwl63a.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\dtultrausbbus.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_31f554b660026323\swenum.sys
\SystemRoot\System32\drivers\dtultrascsibus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\AtihdWT6.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\HdAudio.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\KMWDFILTER.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\cldflt.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\winquic.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\??\C:\Users\Miguel\AppData\Local\Temp\cpuz138\cpuz138_x64.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\rdpvideominiport.sys
\??\C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\xusb22.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\566637C6.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2018.12.05.04
  rootkit: v2018.12.05.04

<<<2>>>
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffff8185f7407060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffff8185f720b860, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff8185f7407060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffff8185f711b060, DeviceName: \Device\0000002e\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff8185f73ec060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffff8185f7209860, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff8185f73ec060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffff8185f7117060, DeviceName: \Device\0000002c\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AF2C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 625137664
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffff8185f74060a0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffff8185f720a860, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff8185f74060a0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffff8185f7119060, DeviceName: \Device\0000002d\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BFE2AD1

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Drive 2
This is a System drive
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BE148A9B

Partition information:

    Partition 0 type is HIDDEN (0x17)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 716800
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848  Numsec = 233717760
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffff8185f7408060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffff8185f720c860, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff8185f7408060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffff8185f711d060, DeviceName: \Device\0000002f\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DE3D8E1C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 625137664
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 4, DevicePointer: 0xffff8185f7409060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffff8185f720d860, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff8185f7409060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffff8185f7120060, DeviceName: \Device\00000030\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A2844685

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 488390017
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 250058268160 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 5, DevicePointer: 0xffff8185f740a060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffff8185f7210860, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff8185f740a060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffff8185f71620a0, DeviceName: \Device\00000031\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5DE72161

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 625133568
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Microsoft\Network\Downloader\qmgr.db" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0CEB6E6D5C9EDEF173A5C84055D373C1A3FA604C.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0CEB6E6D5C9EDEF173A5C84055D373C1A3FA604C.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0CEB6E6D5C9EDEF173A5C84055D373C1A3FA604C.bin.83" is compressed (flags = 1)
File "C:\Windows\System32\config\SYSTEMPROFILE\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-1-718848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-4-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-5-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-r.mbam...
Removal finished
#34
# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build:    11-26-2018
# Database: 2018-11-14.2 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-05-2018
# Duration: 00:00:01
# OS:       Windows 10 Pro
# Cleaned:  4
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2127 octets] - [05/12/2018 09:00:51]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build:    11-26-2018
# Database: 2018-11-14.2 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-05-2018
# Duration: 00:00:21
# OS:       Windows 10 Pro
# Scanned:  32162
# Detected: 4


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

El manuel decia que se abriria un reporte luego de reiniciar el pc pero en mi caso no fue asi, y tuve que buscarlo manual, espero sea esto y te sirva.

Una pregunta, puedo eliminar los que estan en cuarentena correcto?