Pc lento y algunas acciones no se llevan a cabo

Hola, Soy Fernando.

Les cuento que hace un par de días descargué el programa SUPER ©, desde su web “oficial” Editado confiando que vendría libre de virus y malintencionados. Luego de instalar el programa, me saltan un sinfín de alertas desde Windows y Malwarebytes.

Hice una limpieza profunda, dentro de mis capacidades. Usé Malwarebytes, Ccleaner y el mismo Windows Defender, y además descargue el antivirus online de Eset. En teoría, el virus/troyano/malware fue eliminado, pero ahora, dos días después de esto, el pc me empieza a funcionar lento. No me deja terminar ninguna descarga de internet ya que se supone afectó Iexplorer, chrome, etc. También no me deja instalar ningún programa, ni realizar mayores cambios en el sistema. En “Configuración” de windows no me abre ninguna pestaña al presionar un botón. Existe un nuevo “Usuario/Grupo” en mi pc, el cual no se puede ver directamente desde las configuraciones de “Usuarios”, sino que aparece en el momento que intento abrir o modificar ciertos archivos e ingreso a la pestaña de “Seguridad”. Este usuario aparece como “Usuario desconocido”, y hay otro que se llamar “Restringido”.

La verdad es que estoy bastante alejado del área de informática, por lo que necesito ayuda para resolver esto.

adhiero también que antes de utilizar Malwarebytes y Ccleaner, utilicé “RKill” que lo descargué hace un tiempo desde aquí mismo (Herramientas/Foro).

Saludos, y de antemano, gracias!

Hola @Codex_Oscura

Podrías pegarnos los reportes de las Herramientas que has utilizado?

Luego:

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

Hola de nuevo,

Muchas gracias por la respuesta. Adjunto lo solicitado:

FRST

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2019
    Ran by Absent (administrator) on ABSENTPPC (27-06-2019 10:45:57)
    Running from C:\Users\Absent\Downloads
    Loaded Profiles: Absent (Available Profiles: Absent)
    Platform: Windows 10 Pro Version 1809 17763.557 (X64) Language: Español (España, internacional)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    () [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1905.28.0_x64__8wekyb3d8bbwe\Calculator.exe
    () [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19053.13.0_x64__8wekyb3d8bbwe\YourPhone.exe
    () [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
    (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
    (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
    (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
    (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
    (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
    (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
    (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Mega Limited -> Mega Limited) C:\Users\Absent\AppData\Local\MEGAsync\MEGAsync.exe
    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe\HxOutlook.exe
    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
    (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
    (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
    (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
    (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Spotify AB -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe
    (Spotify AB -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe
    (Spotify AB -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe
    (Spotify AB -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22695280 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [22695280 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [731240 2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
    HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3148576 2019-06-17] (Valve -> Valve Corporation)
    HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\MountPoints2: {5bfb4346-0eb5-11e9-9c15-7824af4205d3} - "L:\setup.exe" 
    HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
    HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\i420vfw.dll [70656 2004-01-25] (www.helixcommunity.org) [File not signed]
    HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
    HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\SysWOW64\yv12vfw.dll [70656 2004-01-25] (www.helixcommunity.org) [File not signed]
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-18] (Google LLC -> Google LLC)
    HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
    Startup: C:\Users\Absent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-05-23]
    ShortcutTarget: MEGAsync.lnk -> C:\Users\Absent\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {04EEE343-2E78-4D15-857B-B8ED06B4FCEB} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {04FAB3A6-8FD2-46D2-96EF-C1608484FE41} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
    Task: {0D3A64E7-0B12-41B6-BED8-BE4A5212A54F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23949600 2019-05-30] (Microsoft Corporation -> Microsoft Corporation)
    Task: {119807C5-D59B-4C46-A6CF-C1297ACC51B0} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [781808 2019-04-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
    Task: {262D62AB-ED07-48D4-8107-27DB60CD368A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {2B0E7F4A-FB9C-4A83-913B-1BC983721989} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
    Task: {2B718901-4355-4AB8-9225-16C14DEFE7E6} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1526352 2019-06-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {391FB0E7-9F20-433D-A6DE-31903925BABC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {3D868678-194D-486A-AE3F-03D6343184CC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2409040 2019-06-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {4498D121-8E93-49D0-86B0-8F7767F036E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
    Task: {50D6D1FC-E83B-4E93-B97A-D3296DD0B571} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {5407F92A-CD4A-4C8F-9210-FC39DB2B99AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16667424 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {5551E729-0B3E-4C31-8CF6-A43F4E70EC29} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {5604C9C4-A5A4-4ED5-BBE9-B5F0338E83C5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23949600 2019-05-30] (Microsoft Corporation -> Microsoft Corporation)
    Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
    Task: {62AFA748-A2D2-4539-AB13-5D8EB274EAB9} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {64808594-C64C-4955-A97E-C95AE78D0C49} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [87120 2019-06-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {65066FC7-1E0A-47CF-BAC2-B9B6CFA03AED} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [90112 2011-09-09] () [File not signed]
    Task: {665E498B-7220-4D1E-8693-BB4128F0EC35} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {6C433972-A266-4D36-86D3-E970CC48B06C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {6CFEC8C8-02E5-4B24-8B0C-4189599B5432} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {6F6F33D0-00A5-46DC-80B8-B86418791FB4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {706B5F1C-B5F8-4051-916F-4D1D0F4F1D66} - System32\Tasks\momag\{3EEBF4A5-6BD9-3528-1AD2-066A6C5B7D9E} => C:\Program Files (x86)\Common Files\3eebf4a56b\momag.exe
    Task: {70A1BDC9-FF5B-4749-99AF-185FFF90BF73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2409040 2019-06-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {718F6F25-598D-4764-B4AD-B7A78EA27160} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {7BB8C76D-B0A7-4172-A60C-CCD56E5C3071} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
    Task: {7D91F3FA-FAEF-4A40-A17A-A8EC80299D63} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
    Task: {7F2BA225-210B-4B03-BF2E-A0571A0E0433} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3787304 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {7F333357-407A-4EB2-834F-340F5B56E07F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {835D03BF-4F47-4F82-9AB1-9506678ABF7B} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
    Task: {88E7C4D0-E940-46C0-AD43-CA6AE614F901} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2935424 2012-03-13] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
    Task: {8AEF6ABD-9A96-41BB-8488-E70597D8BAEE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {8F4D3E06-58BA-4200-A334-1270E5F75FFC} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
    Task: {A1404501-4D56-4533-97C7-D335686F3B46} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Absent\Downloads\esetonlinescanner_esn.exe
    Task: {A340D77A-D90D-42F7-AC39-CA31F522F542} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A6D71B70-7E65-428D-ACC1-3E978139C922} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {AE956413-7C92-47B3-9109-441FB4B21A03} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Absent\Downloads\esetonlinescanner_esn.exe
    Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
    Task: {BAEA01AB-1F69-4D81-9E30-83155672BF0C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {BF7CDC27-7DD5-4B07-BC53-E544B10A4471} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [753448 2019-06-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {BFD27186-3498-4467-BCA4-DF7FFD2E8756} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {C09DBA7F-D6FF-4ED6-AF12-475FAE3D18ED} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
    Task: {C3A9245F-CF5E-4DF9-99D9-27E59DC0A812} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {C7F9012F-EF17-4A2D-A08E-14F01723AF49} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {C9FF12E6-D54A-45A7-97E3-404BCF8B318D} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {D26B660C-3884-4016-BC07-C68FD8AD4C0C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {D4722735-8CD2-4EC3-859E-DBE0C2AE8519} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {E3C4CD00-F8D6-4B96-A31C-D025CBAA788E} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {EBCA5B75-9823-4BB3-B54D-3487D2627239} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [1426232 2013-10-18] (ASUSTeK Computer Inc. -> )
    Task: {F28311E5-9AAE-421E-B085-381FB1821CE3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {F8A0AA56-45A1-468C-ACAC-80BDBB726FAB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1526352 2019-06-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {FB0112B0-9576-40FF-8026-C8FCADA0EF1B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {FB3023EB-0744-47EF-BA51-D0B53EBFC016} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
    Tcpip\..\Interfaces\{1f301755-3dd4-45ed-a1c1-7c4feb1b7485}: [NameServer] 1.1.1.1,1.1.1.2
    Tcpip\..\Interfaces\{1f301755-3dd4-45ed-a1c1-7c4feb1b7485}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{29ba199b-d8c1-4878-9cac-12018e4cdee9}: [NameServer] 1.1.1.1,1.1.1.2
    Tcpip\..\Interfaces\{29ba199b-d8c1-4878-9cac-12018e4cdee9}: [DhcpNameServer] 192.168.1.1 0.0.0.0
    Tcpip\..\Interfaces\{617e4aa2-297b-4861-a2c8-ec4808106960}: [DhcpNameServer] 192.168.42.129

  

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131970613020950969&GUID=06F4EC48-6E91-4F5D-B415-C909D30B00DB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131970613020953399&GUID=06F4EC48-6E91-4F5D-B415-C909D30B00DB
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3126805088-1096401988-3500408547-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-04-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2019-01-31] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.cl/"
CHR Profile: C:\Users\Absent\AppData\Local\Google\Chrome\User Data\Default [2019-06-27]
CHR Extension: (Presentaciones) - C:\Users\Absent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-01]
CHR Extension: (Material Incognito Dark Theme) - C:\Users\Absent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahifcnpnjgbadkjdhagpfjfkmlapfoel [2019-06-21]
CHR Extension: (Documentos) - C:\Users\Absent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-01]
CHR Extension: (Google Drive) - C:\Users\Absent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-01]
CHR Extension: (YouTube) - C:\Users\Absent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-01]
CHR Extension: (ChocoChip - Cookie Manager) - C:\Users\Absent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdllihdpcibkhhkidaicoeeiammjkokm [2018-11-16]
CHR Extension: (Hojas de cálculo) - C:\Users\Absent\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-01]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Absent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-01]
CHR Extension: (AdBlock) - C:\Users\Absent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-05-28]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Absent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-01]
CHR Extension: (Gmail) - C:\Users\Absent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-26]
CHR Extension: (Chrome Media Router) - C:\Users\Absent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2018-11-16] (ASUSTeK Computer Inc. -> )
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2018-11-16] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2018-11-16] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2018-11-16] (ASUSTeK Computer Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-06-05] (BattlEye Innovations e.K. -> )
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3644008 2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-06-05] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53632 2018-11-16] (AnchorFree Inc -> AnchorFree Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-11-16] (AnchorFree Inc -> AnchorFree Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-11-16] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2018-11-16] (ASUSTeK Computer Inc. -> )
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2018-11-16] (MCCI Corporation -> MCCI Corporation)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [303712 2018-11-01] (Bluestack Systems, Inc. -> Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2019-01-04] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2019-01-04] (Disc Soft Ltd -> Disc Soft Ltd)
R1 e0357e2a3fca78a2; C:\WINDOWS\system32\drivers\e0357e2a3fca78a2.sys [30912 2019-06-21] (BlockChain Advances Ltd -> FsFilter Network)
R1 HWiNFO; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [55960 2018-11-16] (Martin Malik - REALiX -> REALiX(tm))
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-27] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b49751b9038af669\nvlddmkm.sys [21836032 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-05-10] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-06-05] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-27 10:45 - 2019-06-27 10:46 - 000034692 _____ C:\Users\Absent\Downloads\FRST.txt
2019-06-27 10:45 - 2019-06-27 10:45 - 000000000 ____D C:\FRST
2019-06-27 10:29 - 2019-06-27 10:29 - 002418688 _____ (Farbar) C:\Users\Absent\Downloads\FRST64.exe
2019-06-27 10:22 - 2019-06-27 10:22 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-06-27 10:07 - 2019-06-27 10:07 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-06-25 15:51 - 2019-06-25 17:11 - 005660510 _____ (Swearware) C:\Users\Absent\Downloads\ComboFix.exe
2019-06-25 15:19 - 2019-06-25 15:19 - 000002590 _____ C:\Users\Absent\Rkill.txt
2019-06-25 14:38 - 2019-06-25 14:38 - 020650160 _____ (Piriform Software Ltd) C:\Users\Absent\Downloads\ccsetup559.exe
2019-06-22 15:05 - 2019-06-22 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 5
2019-06-21 20:42 - 2019-06-25 15:20 - 000000000 ____D C:\Users\Absent\Downloads\Programas
2019-06-21 20:28 - 2016-07-12 12:13 - 000003948 ___SH C:\WINDOWS\SysWOW64\ffms2.avsi
2019-06-21 20:27 - 2016-07-12 12:13 - 004646912 ___SH C:\WINDOWS\SysWOW64\ffms2.dll
2019-06-21 20:27 - 2009-09-27 09:39 - 000401920 ___SH (The Public) C:\WINDOWS\SysWOW64\avisynth.dll
2019-06-21 20:27 - 2005-07-14 12:31 - 000032256 ___SH C:\WINDOWS\SysWOW64\AVSredirect.dll
2019-06-21 20:27 - 2004-02-22 10:11 - 000764416 ___SH (Abysmal Software) C:\WINDOWS\SysWOW64\devil.dll
2019-06-21 20:27 - 2004-01-25 00:00 - 000070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll
2019-06-21 20:27 - 2004-01-25 00:00 - 000070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\i420vfw.dll
2019-06-21 20:25 - 2019-06-21 20:25 - 000000000 ____D C:\Users\Absent\Documents\eRightSoft
2019-06-21 20:02 - 2019-06-21 20:02 - 000002016 _____ C:\Users\Absent\ESET Protección de banca y pagos en línea.lnk
2019-06-21 18:58 - 2019-06-21 18:58 - 000000000 ____D C:\Users\Absent\AppData\Roaming\Mozilla
2019-06-21 18:56 - 2019-06-21 18:56 - 000126464 _____ C:\Users\Absent\AppData\Local\lobby.dat
2019-06-21 18:55 - 2019-06-21 19:26 - 000000000 ____D C:\Program Files (x86)\ProxyGate
2019-06-21 18:55 - 2019-06-21 18:55 - 000825856 _____ C:\Default.xml
2019-06-21 18:55 - 2019-06-21 18:55 - 000722944 _____ C:\Users\Absent\AppData\Local\sha.db
2019-06-21 18:55 - 2019-06-21 18:55 - 000030912 _____ (FsFilter Network) C:\WINDOWS\system32\Drivers\e0357e2a3fca78a2.sys
2019-06-21 18:54 - 2019-06-21 19:05 - 000000000 ____D C:\Program Files (x86)\gujhd
2019-06-21 18:54 - 2019-06-21 18:54 - 000001185 _____ C:\Users\Absent\SUPER (C).lnk
2019-06-21 18:54 - 2019-06-21 18:54 - 000000012 ___SH C:\WINDOWS\65612460883F
2019-06-21 18:54 - 2016-05-05 14:23 - 000556216 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avutil-lav-55.dll
2019-06-21 18:54 - 2016-05-05 14:23 - 000537784 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\swscale-lav-4.dll
2019-06-21 18:54 - 2016-05-05 14:23 - 000405176 __RSH (Intel Corp.) C:\WINDOWS\SysWOW64\IntelQuickSyncDecoder.dll
2019-06-21 18:54 - 2016-05-05 14:23 - 000276152 __RSH C:\WINDOWS\SysWOW64\libbluray.dll
2019-06-21 18:54 - 2016-05-05 14:23 - 000000493 __RSH C:\WINDOWS\SysWOW64\LAVFilters.Dependencies.manifest
2019-06-21 18:54 - 2016-05-05 14:22 - 010766520 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avcodec-lav-57.dll
2019-06-21 18:54 - 2016-05-05 14:22 - 001699000 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avformat-lav-57.dll
2019-06-21 18:54 - 2016-05-05 14:22 - 000188088 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avfilter-lav-6.dll
2019-06-21 18:54 - 2016-05-05 14:22 - 000160440 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avresample-lav-3.dll
2019-06-21 18:54 - 2004-10-10 10:50 - 000278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2019-06-21 18:54 - 2004-07-02 18:33 - 000327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2019-06-21 18:54 - 2004-04-05 11:31 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2019-06-21 18:54 - 2004-04-05 11:31 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2019-06-21 18:53 - 2019-06-25 14:21 - 000000000 ____D C:\Program Files (x86)\eRightSoft
2019-06-20 21:18 - 2019-06-20 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-06-18 13:39 - 2019-06-18 14:19 - 2092919045 _____ C:\Users\Absent\Downloads\Android_IG0130_No19_0.13.0.11090_Shipping_GLOBAL.signed.shell_uaweb.apk
2019-06-18 12:48 - 2019-06-18 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mario Kart 8
2019-06-18 12:32 - 2019-06-18 12:32 - 000000000 ____D C:\Program Files\UNP
2019-06-17 13:20 - 2019-06-17 13:20 - 000000084 _____ C:\WINDOWS\SysWOW64\prime.txt
2019-06-17 13:20 - 2019-06-17 13:20 - 000000065 _____ C:\WINDOWS\SysWOW64\local.txt
2019-06-17 13:19 - 2019-06-17 13:19 - 000000000 ____D C:\Users\Absent\AppData\Roaming\Macromedia
2019-06-17 13:16 - 2019-06-17 13:17 - 000000000 _____ C:\WINDOWS\Path.idx
2019-06-17 13:16 - 2019-06-17 13:16 - 005323632 _____ C:\WINDOWS\PE_Rom.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 023438336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 022114960 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 018999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 012869120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 012162048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 007875072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 007724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 006926336 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 006547144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 006309256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 006068224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 005588184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 005297152 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 005112792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 004661760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 004627456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 003983872 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 003906560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-13 12:36 - 2019-06-13 12:36 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 003385344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-13 12:36 - 2019-06-13 12:36 - 003344896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 003270144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 003091968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 002999808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 002926096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-13 12:36 - 2019-06-13 12:36 - 002777736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 002690048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 002638336 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 002627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-06-13 12:36 - 2019-06-13 12:36 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-13 12:36 - 2019-06-13 12:36 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 002276192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-06-13 12:36 - 2019-06-13 12:36 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-06-13 12:36 - 2019-06-13 12:36 - 001929216 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001860608 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001860096 ____R (The ICU Project) C:\WINDOWS\system32\icuin.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001761280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001750016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001700312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-13 12:36 - 2019-06-13 12:36 - 001670840 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001644544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001618944 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuin.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001616384 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001483872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 001466496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001342904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-06-13 12:36 - 2019-06-13 12:36 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001260048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-06-13 12:36 - 2019-06-13 12:36 - 001256448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001219424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001180184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001072640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\assignedaccessmanagersvc.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-06-13 12:36 - 2019-06-13 12:36 - 000850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-06-13 12:36 - 2019-06-13 12:36 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000730592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-06-13 12:36 - 2019-06-13 12:36 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000676048 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessManager.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000615440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2019-06-13 12:36 - 2019-06-13 12:36 - 000604344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000586040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000555232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000553664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-06-13 12:36 - 2019-06-13 12:36 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000515152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000513904 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000506192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000474936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-06-13 12:36 - 2019-06-13 12:36 - 000462136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000451104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000430904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2019-06-13 12:36 - 2019-06-13 12:36 - 000427688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000419368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000404792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-06-13 12:36 - 2019-06-13 12:36 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000398208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000375544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000351744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000287912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 000282424 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000262160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-06-13 12:36 - 2019-06-13 12:36 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000247608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSrv.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000152896 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000152400 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000137056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000114648 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingFilterDS.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000091424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000087864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessRuntime.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-06-13 12:36 - 2019-06-13 12:36 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AssignedAccessRuntime.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-06-13 12:36 - 2019-06-13 12:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-06-13 12:36 - 2019-06-13 12:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-06-13 12:36 - 2019-06-13 12:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-06-13 12:36 - 2019-06-13 12:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-06-13 12:36 - 2019-06-13 12:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-06-13 12:36 - 2019-06-13 12:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-06-13 12:36 - 2019-06-13 12:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-06-13 12:36 - 2019-06-13 12:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-06-13 12:35 - 2019-06-13 12:36 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2019-06-13 12:35 - 2019-06-13 12:35 - 002928640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-06-13 12:35 - 2019-06-13 12:35 - 002707968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-13 12:35 - 2019-06-13 12:35 - 002653696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-13 12:35 - 2019-06-13 12:35 - 001298952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-06-13 12:35 - 2019-06-13 12:35 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-13 12:35 - 2019-06-13 12:35 - 001229824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-06-13 12:35 - 2019-06-13 12:35 - 001048592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-13 12:35 - 2019-06-13 12:35 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-06-13 12:35 - 2019-06-13 12:35 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-06-13 12:35 - 2019-06-13 12:35 - 000752144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-13 12:35 - 2019-06-13 12:35 - 000651064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-06-13 12:35 - 2019-06-13 12:35 - 000386576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-06-13 12:35 - 2019-06-13 12:35 - 000292664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-06-13 12:35 - 2019-06-13 12:35 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-06-13 12:35 - 2019-06-13 12:35 - 000196920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-06-13 12:35 - 2019-06-13 12:35 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2019-06-13 12:35 - 2019-06-13 12:35 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-06-13 12:35 - 2019-06-13 12:35 - 000125528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-06-13 12:35 - 2019-06-13 12:35 - 000101176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2019-06-13 12:35 - 2019-06-13 12:35 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2019-06-13 12:35 - 2019-06-13 12:35 - 000090424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-13 12:35 - 2019-06-13 12:35 - 000080400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-13 12:35 - 2019-06-13 12:35 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismp6.sys
2019-06-13 12:35 - 2019-06-13 12:35 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-06-12 13:11 - 2019-06-25 21:51 - 000000000 ____D C:\Users\Absent\AppData\Local\CrashDumps
2019-06-12 12:43 - 2019-06-12 12:43 - 001993528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-06-10 21:00 - 2019-06-23 21:19 - 000000000 ___RD C:\Users\Absent\Juegos
2019-06-10 17:45 - 2019-06-10 18:09 - 000000000 ____D C:\Users\Absent\AppData\Roaming\Game
2019-06-10 17:45 - 2019-06-10 17:45 - 000000000 ____D C:\Users\Public\Documents\Steam
2019-06-10 17:44 - 2019-06-10 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crash Bandicoot N Sane Trilogy
2019-06-09 20:19 - 2019-06-18 16:28 - 000000000 ____D C:\WINDOWS\Minidump
2019-06-09 19:55 - 2019-06-09 19:55 - 000000000 ____D C:\Users\Absent\AppData\Local\Rockstar Games
2019-06-09 19:39 - 2019-06-09 19:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V
2019-06-07 13:13 - 2019-06-07 13:13 - 000001159 _____ C:\Users\Absent\MSI Afterburner.lnk
2019-06-06 15:03 - 2019-06-06 15:03 - 000000000 __SHD C:\Users\Public\Shared Files
2019-06-06 14:56 - 2019-06-06 14:56 - 000000000 ____D C:\Users\Absent\AppData\Local\FortniteGame
2019-06-05 18:09 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2019-06-05 18:07 - 2019-06-06 14:56 - 000000000 ____D C:\Users\Absent\AppData\Local\UnrealEngine
2019-06-05 18:07 - 2019-06-05 18:07 - 000000000 ____D C:\Users\Absent\AppData\Local\UnrealEngineLauncher
2019-06-05 18:07 - 2019-06-05 18:07 - 000000000 ____D C:\Users\Absent\AppData\Local\EpicGamesLauncher
2019-06-05 18:07 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2019-06-05 18:06 - 2019-06-05 18:10 - 000000000 ____D C:\ProgramData\Epic
2019-06-05 18:06 - 2019-06-05 18:06 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2019-06-05 13:03 - 2019-05-22 18:01 - 005432688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-06-05 13:03 - 2019-05-22 18:01 - 002637808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-06-05 13:03 - 2019-05-22 18:01 - 001767920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-06-05 13:03 - 2019-05-22 18:01 - 000650608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-06-05 13:03 - 2019-05-22 18:01 - 000450872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-06-05 13:03 - 2019-05-22 18:01 - 000125240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-06-05 13:03 - 2019-05-22 18:01 - 000083440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-06-05 13:03 - 2019-05-22 11:03 - 008579232 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-06-05 13:03 - 2019-03-08 18:13 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-06-05 13:02 - 2019-06-05 13:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2019-06-05 13:00 - 2019-05-23 12:25 - 000260512 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-06-05 13:00 - 2019-05-23 12:25 - 000260512 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-06-05 13:00 - 2019-05-23 12:24 - 001007008 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-06-05 13:00 - 2019-05-23 12:24 - 001007008 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-06-05 13:00 - 2019-05-23 12:24 - 000870304 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-06-05 13:00 - 2019-05-23 12:24 - 000870304 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-06-05 13:00 - 2019-05-23 12:24 - 000552352 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-06-05 13:00 - 2019-05-23 12:24 - 000457304 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-06-05 13:00 - 2019-05-23 12:24 - 000286624 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-06-05 13:00 - 2019-05-23 12:24 - 000286624 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-06-05 13:00 - 2019-05-23 12:23 - 011051968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-06-05 13:00 - 2019-05-23 12:23 - 009487240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-06-05 13:00 - 2019-05-23 12:22 - 000821120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-06-05 13:00 - 2019-05-23 12:22 - 000675016 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-06-05 13:00 - 2019-05-23 12:22 - 000631224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-06-05 13:00 - 2019-05-23 12:22 - 000541904 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-06-05 13:00 - 2019-05-23 12:22 - 000522120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-06-05 13:00 - 2019-05-23 12:21 - 002039768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-06-05 13:00 - 2019-05-23 12:21 - 001470856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-06-05 13:00 - 2019-05-23 12:21 - 001133824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-06-05 13:00 - 2019-05-23 10:13 - 000046848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-06-05 13:00 - 2019-05-22 19:39 - 000052456 _____ C:\WINDOWS\system32\nvinfo.pb
2019-06-05 13:00 - 2019-04-17 00:44 - 000075600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2019-06-05 12:59 - 2019-05-23 12:21 - 005422040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-06-05 12:59 - 2019-05-23 12:21 - 004759640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-06-05 12:59 - 2019-05-23 12:21 - 001722456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443086.dll
2019-06-05 12:59 - 2019-05-23 12:21 - 001542232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-06-05 12:59 - 2019-05-23 12:21 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443086.dll
2019-06-05 12:59 - 2019-05-23 12:21 - 001162200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-06-05 12:59 - 2019-05-23 12:21 - 000912472 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-06-05 12:59 - 2019-05-23 12:21 - 000808408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-06-05 12:59 - 2019-05-23 12:21 - 000654752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-06-05 12:59 - 2019-05-23 12:20 - 040412576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-06-05 12:59 - 2019-05-23 12:20 - 035269592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-06-05 12:59 - 2019-05-23 12:20 - 020190808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-06-05 12:59 - 2019-05-23 12:20 - 017467024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-06-05 12:59 - 2019-05-23 12:14 - 005085672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-06-05 12:59 - 2019-05-23 12:14 - 004340480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-06-05 12:42 - 2019-06-05 12:42 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-05 12:42 - 2019-06-05 12:42 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-05 12:42 - 2019-06-05 12:42 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-05 12:42 - 2019-06-05 12:42 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-05 12:42 - 2019-06-05 12:42 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-05 12:42 - 2019-06-05 12:42 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-05 12:42 - 2019-06-05 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-06-05 12:42 - 2019-05-22 09:45 - 002785592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2019-06-05 12:42 - 2019-05-22 09:45 - 002164536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2019-06-05 12:42 - 2019-05-22 09:45 - 001316208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2019-06-05 12:41 - 2019-04-17 03:42 - 000069840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2019-06-03 11:17 - 2019-06-03 11:17 - 000019680 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_1439881395652.dll
2019-06-01 09:35 - 2019-06-17 13:14 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-06-01 09:35 - 2019-06-01 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2019-06-01 08:30 - 2019-06-06 21:20 - 000000000 ____D C:\Users\Absent\AppData\Roaming\EasyAntiCheat
2019-06-01 08:30 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2019-06-01 08:30 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2019-06-01 08:30 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2019-06-01 08:30 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2019-06-01 08:30 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2019-06-01 08:30 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2019-06-01 08:30 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2019-06-01 08:30 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2019-06-01 08:30 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2019-06-01 08:30 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2019-05-30 15:22 - 2019-05-30 15:22 - 000000000 ____D C:\Users\Absent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-05-30 15:15 - 2019-05-30 15:15 - 000000000 ____D C:\Users\Absent\AppData\Local\Steam
2019-05-30 15:12 - 2019-06-21 12:18 - 000000000 ____D C:\Program Files (x86)\Steam
2019-05-30 15:12 - 2019-05-30 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2019-05-28 16:31 - 2019-05-28 16:31 - 000078478 _____ C:\Users\Absent\Comp. aporte familiar.pdf
==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-27 10:22 - 2018-11-16 17:47 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-06-27 10:13 - 2018-11-16 13:27 - 001773362 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-27 10:13 - 2018-09-15 12:37 - 000788392 _____ C:\WINDOWS\system32\perfh00A.dat
2019-06-27 10:13 - 2018-09-15 12:37 - 000155682 _____ C:\WINDOWS\system32\perfc00A.dat
2019-06-27 10:13 - 2018-09-15 03:31 - 000000000 ____D C:\WINDOWS\INF
2019-06-27 10:12 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-27 10:11 - 2018-09-15 03:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-27 10:10 - 2019-01-04 16:17 - 000004210 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{35C83302-2B05-4DF8-9B0D-47D37575E842}
2019-06-27 10:08 - 2018-09-01 12:41 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-27 10:07 - 2018-11-16 13:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-27 10:07 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-25 21:52 - 2018-11-19 11:07 - 000003132 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2019-06-25 21:52 - 2018-09-15 02:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-06-25 21:51 - 2018-11-16 13:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-25 17:30 - 2018-11-16 13:19 - 000000000 ____D C:\Users\Absent
2019-06-25 17:13 - 2018-09-01 12:13 - 000007599 _____ C:\Users\Absent\AppData\Local\Resmon.ResmonCfg
2019-06-25 16:54 - 2018-09-15 03:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-25 15:25 - 2018-09-15 03:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-06-25 14:46 - 2018-11-16 13:21 - 000000000 ____D C:\Users\Absent\AppData\Local\Packages
2019-06-25 08:38 - 2018-11-16 18:22 - 000000000 ____D C:\Users\Absent\AppData\Roaming\.minecraft
2019-06-24 12:40 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-06-23 18:24 - 2019-01-04 16:28 - 000000000 ____D C:\Users\Absent\Documents\CPY_SAVES
2019-06-22 16:09 - 2018-11-19 10:57 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2019-06-21 20:45 - 2019-05-02 08:17 - 000000000 ____D C:\Users\Absent\Downloads\Documentos de texto
2019-06-21 20:44 - 2019-05-02 08:11 - 000003691 ___RX C:\Users\Absent\Downloads\Organizador.bat
2019-06-21 20:42 - 2019-05-02 08:18 - 000000000 ____D C:\Users\Absent\Downloads\Rar
2019-06-21 20:42 - 2019-05-02 08:17 - 000000000 ____D C:\Users\Absent\Downloads\Musica
2019-06-21 19:47 - 2019-05-07 13:49 - 000000000 ____D C:\Users\Absent\AppData\Local\ESET
2019-06-21 19:41 - 2019-05-07 16:20 - 000003368 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn
2019-06-21 19:41 - 2019-05-07 16:20 - 000003362 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime
2019-06-21 19:12 - 2018-09-01 12:22 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-20 21:18 - 2019-05-22 14:45 - 000002580 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-06-20 21:18 - 2019-05-22 14:45 - 000002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-06-20 21:18 - 2019-05-22 14:45 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-06-20 21:18 - 2019-05-22 14:45 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-06-20 21:18 - 2019-05-22 14:45 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-06-20 21:18 - 2019-05-22 14:45 - 000002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-06-20 21:18 - 2019-05-22 14:45 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-06-20 21:18 - 2019-05-22 14:45 - 000002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-06-20 21:17 - 2018-11-16 14:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-06-20 21:15 - 2018-11-16 13:38 - 000000000 ____D C:\ProgramData\Packages
2019-06-20 18:40 - 2018-11-19 10:55 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2019-06-18 12:26 - 2018-12-03 12:21 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2019-06-17 13:23 - 2018-11-16 17:32 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2019-06-14 17:42 - 2019-05-22 14:37 - 000000000 ___RD C:\Users\Absent\Desktop\Tesis
2019-06-14 11:14 - 2018-11-16 13:17 - 000439800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-13 17:27 - 2018-09-15 03:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-06-13 17:27 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-06-13 17:27 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-12 12:45 - 2018-09-15 03:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-06-12 12:45 - 2018-09-15 03:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-06-12 12:45 - 2018-09-01 14:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-12 12:43 - 2018-09-01 14:28 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-07 15:54 - 2019-02-02 17:08 - 000000000 ____D C:\Users\Absent\ansel
2019-06-06 21:16 - 2018-11-16 19:30 - 000000000 ____D C:\Users\Absent\.minecraft
2019-06-06 21:16 - 2018-11-16 11:00 - 000000000 ____D C:\ESD
2019-06-06 21:15 - 2018-09-01 14:27 - 000000000 ____D C:\Users\Absent\AppData\Local\NVIDIA Corporation
2019-06-06 21:15 - 2018-09-01 12:35 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-06-06 15:03 - 2018-09-15 03:33 - 000000000 __SHD C:\Users\Public\Libraries
2019-06-06 12:38 - 2019-01-04 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 5 REPACK JPW
2019-06-05 18:10 - 2018-11-19 13:25 - 000000000 ____D C:\Users\Absent\AppData\Local\D3DSCache
2019-06-05 18:09 - 2018-09-01 12:37 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-05 16:55 - 2019-02-01 18:13 - 000074552 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2019-06-05 16:08 - 2018-11-16 18:38 - 000000000 ____D C:\Users\Absent\AppData\Local\NVIDIA
2019-06-05 13:45 - 2018-09-01 12:41 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-06-05 13:03 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\Help
2019-06-05 13:03 - 2018-09-01 12:34 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-06-05 12:50 - 2018-11-16 13:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-06-05 12:43 - 2019-02-01 12:16 - 000000000 ____D C:\Users\Absent\AppData\Local\MEGAsync
2019-06-05 12:42 - 2018-11-16 13:21 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-05 12:42 - 2018-11-16 13:21 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-05 12:41 - 2018-11-16 13:21 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-05 12:41 - 2018-11-16 13:21 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-01 10:22 - 2019-02-01 12:18 - 000000000 ____D C:\Users\Absent\Documents\MEGAsync Downloads
2019-06-01 09:35 - 2018-11-19 08:07 - 000000000 ____D C:\ProgramData\Hi-Rez Studios
2019-06-01 08:30 - 2019-01-31 18:04 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2019-06-01 08:30 - 2018-11-19 12:09 - 000000000 ____D C:\Users\Absent\Documents\My Games
2019-05-30 12:44 - 2018-11-16 13:38 - 000000000 ____D C:\Users\Absent\AppData\Local\Comms

==================== Files in the root of some directories ================

2018-11-16 19:30 - 2019-02-13 20:29 - 000000245 _____ () C:\Users\Absent\mdatac.dat
2018-11-16 17:17 - 2018-11-18 16:30 - 001999539 _____ () C:\Users\Absent\Test.exe
2019-06-21 18:56 - 2019-06-21 18:56 - 000126464 _____ () C:\Users\Absent\AppData\Local\lobby.dat
2018-09-01 12:13 - 2019-06-25 17:13 - 000007599 _____ () C:\Users\Absent\AppData\Local\Resmon.ResmonCfg
2019-06-21 18:55 - 2019-06-21 18:55 - 000722944 _____ () C:\Users\Absent\AppData\Local\sha.db

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Aquí va el siguiente archivo Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by Absent (27-06-2019 10:47:20)
Running from C:\Users\Absent\Downloads
Windows 10 Pro Version 1809 17763.557 (X64) (2018-11-16 17:21:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Absent (S-1-5-21-3126805088-1096401988-3500408547-1000 - Administrator - Enabled) => C:\Users\Absent
Administrador (S-1-5-21-3126805088-1096401988-3500408547-500 - Administrator - Enabled)
DefaultAccount (S-1-5-21-3126805088-1096401988-3500408547-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3126805088-1096401988-3500408547-1002 - Limited - Enabled)
Invitado (S-1-5-21-3126805088-1096401988-3500408547-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3126805088-1096401988-3500408547-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actualización de NVIDIA 37.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 37.0.0.0 - NVIDIA Corporation) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.32.75.1002 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform)
Cheat Engine 6.8.3 (HKLM-x32\...\Cheat Engine 6.8.3_is1) (Version:  - Cheat Engine)
Crash Bandicoot N Sane Trilogy MULTi6 - ElAmigos versión 1.0 (HKLM-x32\...\{327BFB1B-E44E-4824-9EB7-EA92A8D3CAEC}_is1) (Version: 1.0 - Activision)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.9.0.0677 - Disc Soft Ltd)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Diablo MULTi7 - ElAmigos versión 1.09b (HKLM-x32\...\{8B6583BB-A564-4AFB-A33F-1CAC35EC65F7}_is1) (Version: 1.09b - Blizzard)
Epic Games Launcher (HKLM-x32\...\{BB514C00-3DAB-4E6E-8F41-58A61FA35851}) (Version: 1.1.206.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fallout 4 Spanish Language Pack (HKLM-x32\...\Fallout 4 Spanish Language Pack_is1) (Version:  - )
Far Cry 5 Gold Edition MULTi15 - ElAmigos versión 1.2.0 (HKLM-x32\...\{94EF50C3-1479-48BE-8E80-D54680BCB911}_is1) (Version: 1.2.0 - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Grand Theft Auto V MULTi12 - ElAmigos versión 1.41 build 1180.1 (HKLM-x32\...\{4959470E-EDAC-4710-A636-276D79A81B94}_is1) (Version: 1.41 build 1180.1 - Rockstar Games)
Hi-Rez Studios Games (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hotspot Shield 7.15.1 (HKLM-x32\...\{3e29a499-0bcd-49f6-aa46-3e9ff41419f3}) (Version: 7.15.1.11114 - AnchorFree Inc.)
Hotspot Shield 7.15.1 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C117BE8D}) (Version: 7.15.1.11114 - AnchorFree Inc.) Hidden
Hotspot Shield 7.15.1 (HKLM-x32\...\HotspotShield) (Version: 7.15.1 - AnchorFree Inc.) Hidden
HWiNFO64 Version 5.90 (HKLM\...\HWiNFO64_is1) (Version: 5.90 - Martin Malík - REALiX)
Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Mario Kart 8 MULTi8 - ElAmigos versión 4.1 (HKLM-x32\...\{0904BD9C-9992-4619-A26A-EE56ADC78D6F}_is1) (Version: 4.1 - Nintendo)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang)
MSI Afterburner 4.6.1 (HKLM-x32\...\Afterburner) (Version: 4.6.1 - MSI Co., LTD)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA Controlador de audio HD 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 430.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 430.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.19.0.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.94 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20348 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20348 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20348 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.10730.20348 - Microsoft Corporation) Hidden
Operation7 (HKLM-x32\...\Operation7_is1) (Version: 1 - Softnyx Co., Ltd.)
Panel de control de NVIDIA 430.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 430.86 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
RivaTuner Statistics Server 7.2.2 (HKLM-x32\...\RTSS) (Version: 7.2.2 - Unwinder)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Worms Clan Wars (HKLM-x32\...\Worms Clan Wars_is1) (Version:  - Team17 Digital Ltd)

Packages:
=========
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation) [MS Ad]
MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-06-27] (Netflix, Inc.)
SoundCloud for Windows (Beta) -> C:\Program Files\WindowsApps\SoundcloudLtd.SoundCloudforWindowsBeta_1.1.36.0_x64__2xc63xn306dnw [2019-01-14] (Soundcloud Ltd.)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.7.25.0_x64__43tkc6nmykmb6 [2019-06-18] (Ookla)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0 [2019-06-17] (Spotify AB)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3126805088-1096401988-3500408547-1000_Classes\CLSID\{6807C9E2-7EB5-4451-AE11-85E34F294E7A} -> [MEGA] => C:\Users\Absent\Downloads\MEGA [2019-02-01 12:18]
CustomCLSID: HKU\S-1-5-21-3126805088-1096401988-3500408547-1000_Classes\CLSID\{EF7E71C9-8012-4BE3-BB46-AC5A0D278A19} -> [Tesis] => C:\Users\Absent\Desktop\Tesis [2019-05-22 14:37]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-11-12] (Notepad++ -> )
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Absent\Juegos\Mario Kart 8.lnk -> H:\Mario Kart 8\cemu\StartGame.bat ()

==================== Loaded Modules (Whitelisted) ==============

2018-11-16 17:31 - 2018-11-16 17:30 - 000662016 _____ () [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2018-11-16 17:32 - 2011-07-12 18:14 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2018-11-16 17:32 - 2012-10-08 16:07 - 000972288 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2018-11-16 17:32 - 2010-09-08 20:25 - 000053248 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\cpuutil.dll
2018-11-16 17:33 - 2013-05-08 16:22 - 001040896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2018-11-16 17:33 - 2013-10-18 18:04 - 005777616 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzULIB.dll
2018-11-16 17:33 - 2013-05-08 16:22 - 000208896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll
2018-11-16 17:32 - 2010-10-05 07:22 - 000208896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2018-11-16 17:32 - 2010-10-05 07:22 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2018-11-16 17:32 - 2012-05-28 20:27 - 001622528 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2018-11-16 17:32 - 2009-08-12 19:15 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2018-11-16 17:32 - 2013-04-15 13:19 - 000883712 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2018-11-16 17:32 - 2011-09-19 19:18 - 001243136 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2018-11-16 17:32 - 2011-07-21 08:06 - 000846848 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2018-11-16 17:32 - 2012-08-29 17:09 - 000875520 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2018-11-16 17:33 - 2018-11-16 17:30 - 000043520 ____N () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2018-11-16 17:33 - 2013-08-19 16:21 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2018-11-16 17:31 - 2018-11-16 17:30 - 000104448 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2018-11-16 17:31 - 2019-06-27 10:07 - 000033792 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2019-04-21 04:33 - 2019-04-21 04:33 - 000232448 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2019-04-21 04:32 - 2019-04-21 04:32 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2019-04-21 04:33 - 2019-04-21 04:33 - 000649216 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2019-04-21 04:32 - 2019-04-21 04:32 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2019-04-21 04:33 - 2019-04-21 04:33 - 000367104 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2019-03-09 03:50 - 2019-03-09 03:50 - 000057344 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2019-03-09 03:51 - 2019-03-09 03:51 - 000072704 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2019-03-09 03:50 - 2019-03-09 03:50 - 000364544 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2018-11-16 17:31 - 2018-11-16 17:30 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\ASACPI.DLL
2018-11-16 17:32 - 2010-08-09 20:33 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AsAcpi.dll
2018-11-16 17:32 - 2010-09-08 20:25 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\asacpi.dll
2018-11-16 17:33 - 2013-08-19 16:21 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\ASACPI.DLL
2018-11-16 17:33 - 2018-11-16 17:30 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsAcpi.dll
2018-11-16 17:31 - 2018-11-16 17:30 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\asacpiEx.dll
2018-11-16 17:32 - 2010-08-12 06:52 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\asacpiEx.dll
2018-11-16 17:32 - 2010-10-05 07:22 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AsMultiLang.dll
2019-06-17 13:14 - 2013-01-15 10:52 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\AsMultiLang.dll
2019-06-17 13:14 - 2013-01-15 10:52 - 001086464 _____ (ASUSTek Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2018-11-16 17:32 - 2010-09-08 20:25 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\AsMultiLang.dll
2018-11-16 17:32 - 2010-09-08 20:25 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\asacpiEx.dll
2018-11-16 17:32 - 2010-09-08 20:25 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\AsMultiLang.dll
2018-11-16 17:32 - 2013-08-26 13:00 - 001016320 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\CpuFrequency.dll
2018-11-16 17:33 - 2012-11-12 13:56 - 001095680 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\FAN Xpert\FANXpert.dll
2018-11-16 17:32 - 2010-03-08 16:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AsMultiLang.dll
2018-11-16 17:32 - 2010-03-08 16:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Splitter\AsMultiLang.dll
2018-11-16 17:33 - 2012-12-25 10:55 - 001236992 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\System Information\SystemInfo.dll
2018-11-16 17:32 - 2010-03-08 16:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\AsMultiLang.dll
2018-11-16 17:33 - 2013-08-19 16:21 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\asacpiEx.dll
2018-11-16 17:33 - 2013-08-19 16:21 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\AsMultiLang.dll
2018-11-16 17:33 - 2013-08-19 16:21 - 001876992 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\IccHelper_old.dll
2018-11-16 17:33 - 2013-08-19 16:21 - 001643008 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVEVO.dll
2018-11-16 17:33 - 2013-08-19 16:21 - 001108992 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
2018-11-16 17:33 - 2010-03-08 16:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\AsMultiLang.dll
2018-11-16 17:33 - 2014-02-17 14:03 - 000886272 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\Express.dll
2018-11-16 17:33 - 2018-11-16 17:30 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\asacpiEx.dll
2018-11-16 17:33 - 2018-11-16 17:31 - 001632256 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
2017-09-14 02:37 - 2017-09-14 02:37 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qgif.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000033280 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qicns.dll
2017-09-14 02:37 - 2017-09-14 02:37 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qico.dll
2017-09-14 02:37 - 2017-09-14 02:37 - 000245760 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qjpeg.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qsvg.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000020992 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qtga.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000316416 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qtiff.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qwbmp.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000322560 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qwebp.dll
2017-09-14 02:37 - 2017-09-14 02:37 - 001010688 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\platforms\qwindows.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Absent\Datos de programa:7dd1e1189f9fcf05a559dccee48d89c6 [362]
AlternateDataStreams: C:\Users\Absent\AppData\Roaming:7dd1e1189f9fcf05a559dccee48d89c6 [362]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [440]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\sharepoint.com -> hxxps://inacapmailcl-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2019-06-21 19:34 - 000000002 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Absent\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20190526_121859.jpg
DNS Servers: 1.1.1.1 - 1.1.1.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "AVBoost"
HKLM\...\StartupApproved\Run32: => "Multitimer"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\StartupApproved\Run: => "ZUKR35S3BSTZNSD"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CFC56B7F-5B17-41BA-9A22-E34C25809B94}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{69224B17-72E9-4DD3-9A73-1DEAA534A50D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9A426C59-CFE4-4B08-AFFA-6F0E7FCBB450}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{5B970E7D-3798-4862-BE8E-5A8898C46230}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{661B969A-3BF7-4B8E-B881-1B74ED55E69F}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{ACB7B0C9-F0E4-4D31-A79C-D8D431E52CF2}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{30B13DA9-6E58-40FF-927B-38176D463867}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{59D0B246-7495-4F7A-AEDD-4772C98C1B9C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8F4FD64B-705C-4006-ADB2-04F73AAA1BA9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6E0CBAC0-CE26-462F-8D5B-81D06256847A}F:\games\worms clan wars\wormsclanwars.exe] => (Allow) F:\games\worms clan wars\wormsclanwars.exe () [File not signed]
FirewallRules: [UDP Query User{06CC0256-211D-4698-B27E-5DF46D7581CE}F:\games\worms clan wars\wormsclanwars.exe] => (Allow) F:\games\worms clan wars\wormsclanwars.exe () [File not signed]
FirewallRules: [{D166D9F2-C150-4158-AC9A-C32B50A1C825}] => (Block) LPort=9150
FirewallRules: [{63DB08A4-C520-40B4-9B88-7652286A43AD}] => (Block) LPort=9150
FirewallRules: [{FF51A73D-F1DA-44C0-8749-23522C580A81}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{053048AB-B302-421E-B386-5735C7AFCB73}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{B36CB414-E39C-4CE5-AAB2-8068464A5D0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BC94B87A-3073-47FB-AEB9-69A6B5011F5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{43C44605-3869-4DCC-806B-5C1EF1A04484}] => (Allow) F:\SteamLibrary\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{91218BA7-6BDE-459F-9BB4-A039EE1CF18F}] => (Allow) F:\SteamLibrary\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{DA7D07C9-866A-4B43-BD40-21F1D1DA8F22}] => (Allow) F:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{8C91BEA3-F7D0-4143-A6B4-7CBAA1F8F239}] => (Allow) F:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{D6B5C219-68DB-4E9A-994A-F4B692D54E39}F:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) F:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{925174D1-9ED0-46BA-A9B3-6BA3FDACFD0B}F:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) F:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{7B7498F4-30FD-4A92-987C-D8A8BB6B02A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{615FB62F-BC28-4FFA-84FD-A1111A4FC085}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B8DDC3AE-5682-4F55-A967-05FC76B6FC39}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E5F67049-5F05-4A8A-8021-A95A7038CD4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F6FF48CC-81F0-4C87-B494-AE63D88A4B3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C81DE36E-841E-4126-A6B0-47EC14557187}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6952FD5E-2946-471B-B0E2-006AFA7E8D04}] => (Allow) H:\gta\Grand Theft Auto V\GTA5.exe (Rockstar Games) [File not signed]
FirewallRules: [{3D5412FC-7F3B-4DC0-ABC9-6395CC05CE9D}] => (Allow) H:\gta\Grand Theft Auto V\GTA5.exe (Rockstar Games) [File not signed]
FirewallRules: [TCP Query User{7B6EB7A0-7E2D-45C6-B0CA-DC225343D2E4}E:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe] => (Allow) E:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe (Activision Publishing Inc -> ) [File not signed]
FirewallRules: [UDP Query User{578D5B46-7B7A-4FF8-A61B-D6B75C03CA88}E:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe] => (Allow) E:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe (Activision Publishing Inc -> ) [File not signed]
FirewallRules: [{70CFF764-A1F7-4182-AE8E-8F71BD9573DE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{98C1398F-B9E5-4032-8C1E-65FD4CB0DB4F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{920A92A2-8172-49B4-AFC2-E91EF5C09286}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7BFA3234-092E-4DF0-90B9-E33C6C4BD235}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{496DCF8E-6FBD-4BB1-AD9D-CE8FE754D668}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6456D896-4583-463A-9C6C-DC1F0561ACA7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4BD40142-9753-4BC1-964F-B1F025ED4848}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0DE19EC-2D74-46FC-B6DA-69BE539B0C1C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7776E468-6468-4EFB-B21A-695E717A4448}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{1C34547E-D997-4A2A-9DC6-2D64E1D98280}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A947FDCC-8E84-4E9B-AD54-61F06BE0841F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

==================== Restore Points =========================

24-06-2019 14:44:53 Punto de control programado

==================== Faulty Device Manager Devices =============

Name: Controladora de sonido multimedia
Description: Controladora de sonido multimedia
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/27/2019 10:28:06 AM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (13116,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 0 (0x0000000000000000) 4096 (0x00001000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.

Error: (06/27/2019 10:28:06 AM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (13116,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 65536 (0x0000000000010000) 65536 (0x00010000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.

Error: (06/27/2019 10:28:06 AM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (13116,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 0 (0x0000000000000000) 65536 (0x00010000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.

Error: (06/27/2019 10:28:06 AM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (13116,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 32768 (0x0000000000008000) 32768 (0x00008000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.

Error: (06/27/2019 10:28:06 AM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (13116,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 0 (0x0000000000000000) 32768 (0x00008000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.

Error: (06/27/2019 10:28:06 AM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (13116,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 16384 (0x0000000000004000) 16384 (0x00004000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.

Error: (06/27/2019 10:28:06 AM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (13116,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 0 (0x0000000000000000) 16384 (0x00004000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.

Error: (06/27/2019 10:28:06 AM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (13116,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 8192 (0x0000000000002000) 8192 (0x00002000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.


System errors:
=============
Error: (06/27/2019 10:21:03 AM) (Source: DCOM) (EventID: 10016) (User: ABSENTPPC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario AbsentpPC\Absent con SID (S-1-5-21-3126805088-1096401988-3500408547-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (06/27/2019 10:08:14 AM) (Source: DCOM) (EventID: 10016) (User: ABSENTPPC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario AbsentpPC\Absent con SID (S-1-5-21-3126805088-1096401988-3500408547-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0 (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (06/27/2019 10:08:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (06/27/2019 10:08:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.SecurityAppBroker
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (06/27/2019 10:08:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (06/27/2019 10:07:41 AM) (Source: DCOM) (EventID: 10016) (User: ABSENTPPC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 y APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 al usuario AbsentpPC\Absent con SID (S-1-5-21-3126805088-1096401988-3500408547-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (06/25/2019 09:52:43 PM) (Source: DCOM) (EventID: 10010) (User: ABSENTPPC)
Description: El servidor {F9717507-6651-4EDB-BFF7-AE615179BCCF} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (06/25/2019 09:52:42 PM) (Source: DCOM) (EventID: 10010) (User: ABSENTPPC)
Description: El servidor {F9717507-6651-4EDB-BFF7-AE615179BCCF} no se registró con DCOM dentro del tiempo de espera requerido.


Windows Defender:
===================================
Date: 2019-06-27 10:44:56.421
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {3803AB8B-EF95-4677-B403-F69CBE711AC0}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-06-21 19:22:12.360
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0
Nombre: Trojan:Win32/Conteban.B!ml
Id.: 2147735507
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: containerfile:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe; file:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe->[lowcase_mzpe]; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore->(UTF-16LE); file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA->(UTF-16LE); taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.295.1184.0, AS: 1.295.1184.0, NIS: 1.295.1184.0
Versión de motor: AM: 1.1.16000.6, NIS: 1.1.16000.6

Date: 2019-06-21 19:20:02.399
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0
Nombre: Trojan:Win32/Conteban.B!ml
Id.: 2147735507
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: containerfile:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe; file:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe->[lowcase_mzpe]; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore->(UTF-16LE); file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA->(UTF-16LE); taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Usuario
Usuario: AbsentpPC\Absent
Nombre de proceso: Unknown
Versión de firma: AV: 1.295.1184.0, AS: 1.295.1184.0, NIS: 1.295.1184.0
Versión de motor: AM: 1.1.16000.6, NIS: 1.1.16000.6

Date: 2019-06-21 19:08:02.082
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0
Nombre: Trojan:Win32/Tiggre!rfn
Id.: 2147723625
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\Absent\AppData\Local\Temp\ppplayerv3.0.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Protección en tiempo real
Usuario: AbsentpPC\Absent
Nombre de proceso: C:\Program Files\CCleaner\CCleaner64.exe
Versión de firma: AV: 1.295.1184.0, AS: 1.295.1184.0, NIS: 1.295.1184.0
Versión de motor: AM: 1.1.16000.6, NIS: 1.1.16000.6

Date: 2019-06-21 19:06:17.147
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0
Nombre: Trojan:Win32/Tiggre!plock
Id.: 2147723626
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\Absent\AppData\Local\Temp\ubhydxtqiv1\amybkmywiqg.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Protección en tiempo real
Usuario: AbsentpPC\Absent
Nombre de proceso: C:\Program Files\CCleaner\CCleaner64.exe
Versión de firma: AV: 1.295.1184.0, AS: 1.295.1184.0, NIS: 1.295.1184.0
Versión de motor: AM: 1.1.16000.6, NIS: 1.1.16000.6

CodeIntegrity:
===================================

Date: 2019-06-22 04:49:37.079
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\xhunter1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-22 04:49:36.803
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-21 19:17:16.306
Description: 
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 2501 04/09/2014
Motherboard: ASUSTeK COMPUTER INC. M5A97 LE R2.0
Processor: AMD FX(tm)-8320 Eight-Core Processor 
Percentage of memory in use: 47%
Total physical RAM: 8093.12 MB
Available physical RAM: 4211.61 MB
Total Virtual: 16541.12 MB
Available Virtual: 10709.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.87 GB) (Free:47.89 GB) NTFS
Drive d: (Windows) (Fixed) (Total:442.83 GB) (Free:244.93 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Disco de Multimedia) (Fixed) (Total:146.48 GB) (Free:76.18 GB) NTFS
Drive f: (Disco Juegos) (Fixed) (Total:195.31 GB) (Free:44.89 GB) NTFS
Drive g: (RECOVERY) (Fixed) (Total:21.35 GB) (Free:2.16 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (Cosas) (Fixed) (Total:123.84 GB) (Free:11.99 GB) NTFS

\\?\Volume{a8801747-ae00-11e8-94fb-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{3fc227da-7ec8-4f27-809d-9e9948a6d1d3}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.13 GB) NTFS
\\?\Volume{bff38b3a-b677-43ff-aa5f-0111e0f152b1}\ () (Fixed) (Total:0.81 GB) (Free:0.34 GB) NTFS
\\?\Volume{1240bd0f-0000-0000-0000-00be1b000000}\ () (Fixed) (Total:0.82 GB) (Free:0.34 GB) NTFS
\\?\Volume{b457c898-625e-472f-bdcc-804d38a32003}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 1240BD0F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=839 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2DFD2DFC)

Partition: GPT.

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 1E1F4777)

Partition: GPT.

==================== End of Addition.txt ============================

Perdón tanto repost, pero no me dejaba agregar tanto texto, y los reportes salieron bastantes extensos. Ahora agregaré el Log de Malwarebytes del día 1 en que empezó todo esto. Los reportes de RKill no los podré agregar ya que luego de la primera vez realicé varias limpiezas hasta que ya no me arrojara nada y el log principal se sobreescribió.

Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 21/6/19
Hora del análisis: 18:55
Archivo de registro: ba294e9a-9477-11e9-8eb8-7824af4205d3.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.586
Versión del paquete de actualización: 1.0.11188
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17763.557)
CPU: x64
Sistema de archivos: NTFS
Usuario: ABSENTPPC\Absent

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 325202
Amenazas detectadas: 193
Amenazas en cuarentena: 193
Tiempo transcurrido: 15 min, 15 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 9
PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\CloudPrinter.exe, En cuarentena, [833], [259506],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Voyasollam.exe, En cuarentena, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Voyasollam.exe, En cuarentena, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Voyasollam.exe, En cuarentena, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Voyasollam.exe, En cuarentena, [815], [378434],1.0.11188
Adware.Linkury, C:\ProgramData\Logic Cramble\set.exe, En cuarentena, [384], [431817],1.0.11188
Adware.Tuto4PC.Generic, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\IS-K3PC5.TMP\OLAPLEX.EXE, En cuarentena, [3700], [667274],1.0.11188
Generic.Malware/Suspicious, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\IS-K3PC5.TMP\OLAPLEX.EXE, En cuarentena, [0], [392686],1.0.11188
Adware.Csdimonetize, C:\PROGRAM FILES\CIWCNV5NAU\CIWCNV5NA.EXE, En cuarentena, [2910], [648561],1.0.11188

Módulo: 10
PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\CloudPrinter.exe, En cuarentena, [833], [259506],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Voyasollam.exe, En cuarentena, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Voyasollam.exe, En cuarentena, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Voyasollam.exe, En cuarentena, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Voyasollam.exe, En cuarentena, [815], [378434],1.0.11188
Adware.Linkury, C:\ProgramData\Logic Cramble\X86\SQLite.Interop.dll, En cuarentena, [384], [431817],1.0.11188
Adware.Linkury, C:\ProgramData\Logic Cramble\set.exe, En cuarentena, [384], [431817],1.0.11188
Adware.Tuto4PC.Generic, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\IS-K3PC5.TMP\OLAPLEX.EXE, En cuarentena, [3700], [667274],1.0.11188
Generic.Malware/Suspicious, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\IS-K3PC5.TMP\OLAPLEX.EXE, En cuarentena, [0], [392686],1.0.11188
Adware.Csdimonetize, C:\PROGRAM FILES\CIWCNV5NAU\CIWCNV5NA.EXE, En cuarentena, [2910], [648561],1.0.11188

Clave del registro: 43
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CloudPrinter, Se eliminará al reiniciar, [833], [259506],1.0.11188
Adware.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Multitimer_is1, Se eliminará al reiniciar, [2826], [474048],1.0.11188
Adware.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Voyasollam, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VOYASOLLAM.EXE, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VOYASOLLAM.EXE, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\backlh, Se eliminará al reiniciar, [384], [431817],1.0.11188
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}, Se eliminará al reiniciar, [833], [259987],1.0.11188
PUP.Optional.GarbageCleaner, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\GCleaner, Se eliminará al reiniciar, [1120], [676886],1.0.11188
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch, Se eliminará al reiniciar, [254], [259314],1.0.11188
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Voyasollam.exe, Se eliminará al reiniciar, [815], [378717],1.0.11188
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtVoyasollam, Se eliminará al reiniciar, [815], [378722],1.0.11188
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\bestavicampaign563, Se eliminará al reiniciar, [468], [584322],1.0.11188
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Se eliminará al reiniciar, [468], [518478],1.0.11188
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Se eliminará al reiniciar, [468], [518476],1.0.11188
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, Se eliminará al reiniciar, [468], [518473],1.0.11188
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, Se eliminará al reiniciar, [468], [518479],1.0.11188
Adware.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6F88C896-FBEB-4801-ADA2-BC10C0FF1371}, Se eliminará al reiniciar, [815], [666526],1.0.11188
Adware.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EB6CC992-9CE2-4822-8227-2BC6CD185A31}, Se eliminará al reiniciar, [815], [666523],1.0.11188
PUP.Optional.ProxyGate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1, Se eliminará al reiniciar, [5068], [414830],1.0.11188
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E7E13CE5-FDD9-4349-9C21-CA109E6E5734}, Se eliminará al reiniciar, [254], [239939],1.0.11188
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, Se eliminará al reiniciar, [833], [259928],1.0.11188
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CloudPrinter_RASAPI32, Se eliminará al reiniciar, [833], [259705],1.0.11188
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CloudPrinter_RASMANCS, Se eliminará al reiniciar, [833], [259705],1.0.11188
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Voyasollam_RASAPI32, Se eliminará al reiniciar, [815], [378719],1.0.11188
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Voyasollam_RASMANCS, Se eliminará al reiniciar, [815], [378719],1.0.11188
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Itsing, Se eliminará al reiniciar, [833], [259770],1.0.11188
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Tamplam, Se eliminará al reiniciar, [833], [259770],1.0.11188
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Whiteair, Se eliminará al reiniciar, [833], [259770],1.0.11188
Adware.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\snf, Se eliminará al reiniciar, [815], [666513],1.0.11188
Adware.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\snp, Se eliminará al reiniciar, [815], [666512],1.0.11188
PUP.Optional.ProxyGate, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pgt_svc, Se eliminará al reiniciar, [5068], [380406],1.0.11188
Generic.Malware/Suspicious, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PetGame, Se eliminará al reiniciar, [0], [392686],1.0.11188
Trojan.ICLoader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\gupdate, Se eliminará al reiniciar, [745], [695670],1.0.11188
Trojan.ICLoader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\gupdatem, Se eliminará al reiniciar, [745], [695670],1.0.11188
Trojan.ICLoader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Se eliminará al reiniciar, [745], [695670],1.0.11188
Trojan.ICLoader, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Se eliminará al reiniciar, [745], [695670],1.0.11188
Trojan.ICLoader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateTaskMachineCore, Se eliminará al reiniciar, [745], [695670],1.0.11188
Trojan.ICLoader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{82A56BEA-A3EF-4C44-BC10-1212D0AA24E1}, Se eliminará al reiniciar, [745], [695670],1.0.11188
Trojan.ICLoader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{82A56BEA-A3EF-4C44-BC10-1212D0AA24E1}, Se eliminará al reiniciar, [745], [695670],1.0.11188
Trojan.ICLoader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateTaskMachineUA, Se eliminará al reiniciar, [745], [695670],1.0.11188
Trojan.ICLoader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7239C0D1-A2B2-4C91-8BE2-B32A5ACFBF91}, Se eliminará al reiniciar, [745], [695670],1.0.11188
Trojan.ICLoader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7239C0D1-A2B2-4C91-8BE2-B32A5ACFBF91}, Se eliminará al reiniciar, [745], [695670],1.0.11188
Generic.Malware/Suspicious, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pgt_svc, Se eliminará al reiniciar, [0], [392686],1.0.11188

Valor del registro: 19
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Se eliminará al reiniciar, [833], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Se eliminará al reiniciar, [833], [-1],0.0.0
Adware.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Multitimer, Se eliminará al reiniciar, [2826], [474048],1.0.11188
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, Se eliminará al reiniciar, [833], [259987],1.0.11188
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Se eliminará al reiniciar, [833], [259988],1.0.11188
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|3629462, Se eliminará al reiniciar, [3700], [667274],1.0.11188
PUP.Optional.Linkury, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DISPLAYNAME, Se eliminará al reiniciar, [254], [259313],1.0.11188
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ZUKR35S3BSTZNSD, Se eliminará al reiniciar, [3700], [392931],1.0.11188
Adware.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKLH|IMAGEPATH, Se eliminará al reiniciar, [384], [379533],1.0.11188
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DISPLAYNAME, Se eliminará al reiniciar, [254], [259314],1.0.11188
Rootkit.Agent, HKLM\SOFTWARE\MICROSOFT|MSVER1, Se eliminará al reiniciar, [436], [678869],1.0.11188
Adware.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6F88C896-FBEB-4801-ADA2-BC10C0FF1371}|PATH, Se eliminará al reiniciar, [815], [666526],1.0.11188
Adware.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EB6CC992-9CE2-4822-8227-2BC6CD185A31}|PATH, Se eliminará al reiniciar, [815], [666523],1.0.11188
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, Se eliminará al reiniciar, [833], [259989],1.0.11188
PUP.Optional.AVBoost, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AVBOOST, Se eliminará al reiniciar, [5135], [404619],1.0.11188
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E7E13CE5-FDD9-4349-9C21-CA109E6E5734}|PUBLISHER, Se eliminará al reiniciar, [254], [239939],1.0.11188
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLOUDPRINTER|IMAGEPATH, Se eliminará al reiniciar, [833], [259916],1.0.11188
Generic.Malware/Suspicious, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|3629462, Se eliminará al reiniciar, [0], [392686],1.0.11188
Adware.Csdimonetize, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ZUKR35S3BSTZNSD, Se eliminará al reiniciar, [2910], [648561],1.0.11188

Datos del registro: 10
Adware.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, Se reemplazará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, Se reemplazará al reiniciar, [815], [378434],1.0.11188
PUP.Optional.Linkury, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Se reemplazará al reiniciar, [254], [293476],1.0.11188
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Se reemplazará al reiniciar, [833], [293485],1.0.11188
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Se reemplazará al reiniciar, [833], [293485],1.0.11188
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Se reemplazará al reiniciar, [833], [293485],1.0.11188
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Se reemplazará al reiniciar, [833], [293485],1.0.11188
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Se reemplazará al reiniciar, [833], [293486],1.0.11188
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Se reemplazará al reiniciar, [254], [293477],1.0.11188
Adware.SonicSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Se reemplazará al reiniciar, [13295], [693611],1.0.11188

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 10
PUP.Optional.Linkury.ACMB1, C:\PROGRAMDATA\CLOUDPRINTER, Se eliminará al reiniciar, [833], [259506],1.0.11188
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\MULTITIMER, Se eliminará al reiniciar, [2826], [474048],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\ondemand, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\PROGRAMDATA\VOYASOLLAM, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury, C:\ProgramData\Logic Cramble\X64, Se eliminará al reiniciar, [384], [431817],1.0.11188
Adware.Linkury, C:\ProgramData\Logic Cramble\X86, Se eliminará al reiniciar, [384], [431817],1.0.11188
Adware.Linkury, C:\PROGRAMDATA\LOGIC CRAMBLE, Se eliminará al reiniciar, [384], [431817],1.0.11188
PUP.Optional.GarbageCleaner, C:\PROGRAMDATA\GARBAGE CLEANER, Se eliminará al reiniciar, [1120], [676884],1.0.11188
Adware.Linkury.TskLnk, C:\PROGRAM FILES (X86)\COMMON FILES\FREEIS, Se eliminará al reiniciar, [14609], [444929],1.0.11188
PUP.Optional.Linkury.Generic, C:\PROGRAMDATA\VOYASOLLAMS, Se eliminará al reiniciar, [213], [380106],1.0.11188

Archivo: 92
PUP.Optional.Linkury.ACMB1, C:\PROGRAMDATA\CLOUDPRINTER\CLOUDPRINTER.DAT, Se eliminará al reiniciar, [833], [259506],1.0.11188
PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\CloudPrinter.exe, Se eliminará al reiniciar, [833], [259506],1.0.11188
PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\Config.xml, Se eliminará al reiniciar, [833], [259506],1.0.11188
Adware.Linkury.Generic, C:\USERS\ABSENT\APPDATA\LOCAL\Biola.tst, Se eliminará al reiniciar, [3740], [404871],1.0.11188
Adware.Linkury.Generic, C:\USERS\ABSENT\APPDATA\LOCAL\Spandubex.tst, Se eliminará al reiniciar, [3740], [404871],1.0.11188
Adware.Linkury.Generic, C:\USERS\ABSENT\APPDATA\LOCAL\MAIN.DAT, Se eliminará al reiniciar, [3740], [442900],1.0.11188
Adware.Linkury.Generic, C:\USERS\ABSENT\APPDATA\LOCAL\AGENT.DAT, Se eliminará al reiniciar, [3740], [404872],1.0.11188
PUP.Optional.Linkury.ACMB1, C:\WINDOWS\SYSWOW64\FINDIT.XML, Se eliminará al reiniciar, [833], [259512],1.0.11188
Adware.Linkury.Generic, C:\USERS\ABSENT\APPDATA\LOCAL\NOAH.DAT, Se eliminará al reiniciar, [3740], [404865],1.0.11188
Adware.Linkury.Generic, C:\USERS\ABSENT\APPDATA\LOCAL\MD.XML, Se eliminará al reiniciar, [3740], [404866],1.0.11188
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\MULTITIMER\UNINS000.DAT, Se eliminará al reiniciar, [2826], [474048],1.0.11188
Adware.Tuto4PC, C:\Program Files (x86)\Multitimer\Multitimer.exe, Se eliminará al reiniciar, [2826], [474048],1.0.11188
Adware.Tuto4PC, C:\Program Files (x86)\Multitimer\unins000.exe, Se eliminará al reiniciar, [2826], [474048],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\BetaHatfax.exe, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\BetaHatfax.exe.config, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Betahotfresh.bin, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\conf.config, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Domflex.dat, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Dondex.bin, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\DripDom.bin, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\glsg0nwg.xml, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Gold-Job.bin, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Jaysuntax.dll, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\KinKix.exe, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\KinKix.exe.config, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\md.xml, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Namlex.dat, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\NamZamfix.bin, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Redtobam.dll, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Sility.bin, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\TrustZap.dat, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\U-Lamdex.bin, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\uninstall.dat, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Voyasollam.d.dat, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Voyasollam.dat, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\ProgramData\Voyasollam\Voyasollam.exe, Se eliminará al reiniciar, [815], [378434],1.0.11188
Adware.Linkury.ACMB1, C:\WINDOWS\SYSTEM32\TASKS\SNP, Se eliminará al reiniciar, [815], [666527],1.0.11188
Adware.Linkury, C:\ProgramData\Logic Cramble\X64\SQLite.Interop.dll, Se eliminará al reiniciar, [384], [431817],1.0.11188
Adware.Linkury, C:\ProgramData\Logic Cramble\X86\SQLite.Interop.dll, Se eliminará al reiniciar, [384], [431817],1.0.11188
Adware.Linkury, C:\ProgramData\Logic Cramble\Config.json, Se eliminará al reiniciar, [384], [431817],1.0.11188
Adware.Linkury, C:\ProgramData\Logic Cramble\set.exe, Se eliminará al reiniciar, [384], [431817],1.0.11188
Adware.Linkury, C:\ProgramData\Logic Cramble\set.exe.config, Se eliminará al reiniciar, [384], [431817],1.0.11188
Adware.Linkury, C:\ProgramData\Logic Cramble\System.Data.SQLite.dll, Se eliminará al reiniciar, [384], [431817],1.0.11188
Adware.Linkury, C:\ProgramData\Logic Cramble\System.Data.SQLite.Linq.dll, Se eliminará al reiniciar, [384], [431817],1.0.11188
Adware.Linkury, C:\ProgramData\Logic Cramble\System.Data.SQLite.xml, Se eliminará al reiniciar, [384], [431817],1.0.11188
PUP.Optional.GarbageCleaner, C:\USERS\ABSENT\DESKTOP\GARBAGE CLEANER.LNK, Se eliminará al reiniciar, [1120], [676885],1.0.11188
PUP.Optional.GarbageCleaner, C:\ProgramData\Garbage Cleaner\Bunifu_UI_v1.5.3.dll, Se eliminará al reiniciar, [1120], [676884],1.0.11188
PUP.Optional.GarbageCleaner, C:\ProgramData\Garbage Cleaner\Garbage Cleaner.exe, Se eliminará al reiniciar, [1120], [676884],1.0.11188
Adware.Tuto4PC.Generic, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\IS-K3PC5.TMP\OLAPLEX.EXE, Se eliminará al reiniciar, [3700], [667274],1.0.11188
Adware.Linkury.TskLnk, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\INSTALLATIONCONFIGURATION.XML, Se eliminará al reiniciar, [14609], [444922],1.0.11188
PUP.Optional.AVBoost, C:\PROGRAM FILES (X86)\AVBOOST\AVBOOST.EXE, Se eliminará al reiniciar, [5135], [404619],1.0.11188
Generic.Malware/Suspicious, C:\USERS\ABSENT\APPDATA\LOCAL\SPANDUBEX.EXE, Se eliminará al reiniciar, [0], [392686],1.0.11188
PUP.Optional.ProxyGate, C:\PROGRAM FILES (X86)\PROXYGATE\MAINSERVICE.EXE, Se eliminará al reiniciar, [5068], [380406],1.0.11188
Adware.Linkury.TskLnk, C:\USERS\ABSENT\APPDATA\LOCAL\INSTALLATIONCONFIGURATION.XML, Se eliminará al reiniciar, [14609], [444923],1.0.11188
Adware.Linkury.TskLnk, C:\PROGRAM FILES (X86)\COMMON FILES\FREEIS\INSTALLATIONCONFIGURATION.XML, Se eliminará al reiniciar, [14609], [444929],1.0.11188
Adware.Linkury.TskLnk, C:\Program Files (x86)\Common Files\Freeis\uninstall.dat, Se eliminará al reiniciar, [14609], [444929],1.0.11188
Adware.Linkury.TskLnk, C:\Program Files (x86)\Common Files\Freeis\uninstall.exe, Se eliminará al reiniciar, [14609], [444929],1.0.11188
Adware.Linkury.TskLnk, C:\Program Files (x86)\Common Files\Freeis\uninstall.ico, Se eliminará al reiniciar, [14609], [444929],1.0.11188
Adware.Linkury.Generic, C:\USERS\ABSENT\APPDATA\LOCAL\UNINSTALL_TEMP.ICO, Se eliminará al reiniciar, [3740], [404862],1.0.11188
Generic.Malware/Suspicious, C:\USERS\ABSENT\Desktop\PetGame.lnk, Se eliminará al reiniciar, [0], [392686],1.0.11188
Generic.Malware/Suspicious, C:\USERS\ABSENT\APPDATA\LOCAL\PETGAME.EXE, Se eliminará al reiniciar, [0], [392686],1.0.11188
PUP.Optional.Linkury.Generic, C:\PROGRAMDATA\VOYASOLLAMS\FF.HP, Se eliminará al reiniciar, [213], [380106],1.0.11188
PUP.Optional.Linkury.Generic, C:\ProgramData\Voyasollams\ff.NT, Se eliminará al reiniciar, [213], [380106],1.0.11188
PUP.Optional.Linkury.Generic, C:\ProgramData\Voyasollams\snp.sc, Se eliminará al reiniciar, [213], [380106],1.0.11188
Generic.Malware/Suspicious, C:\USERS\ABSENT\APPDATA\LOCAL\BIOLA.EXE, Se eliminará al reiniciar, [0], [392686],1.0.11188
Adware.Linkury.Generic, C:\USERS\ABSENT\APPDATA\LOCAL\CONFIG.XML, Se eliminará al reiniciar, [3740], [404859],1.0.11188
Generic.Malware/Suspicious, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\IS-K3PC5.TMP\OLAPLEX.EXE, Se eliminará al reiniciar, [0], [392686],1.0.11188
Adware.Csdimonetize, C:\PROGRAM FILES\CIWCNV5NAU\CIWCNV5NA.EXE, Se eliminará al reiniciar, [2910], [648561],1.0.11188
Generic.Malware/Suspicious, C:\USERS\ABSENT\APPDATA\ROAMING\CGQCLSTTL4L\HZFDGRDFZG3.EXE, Se eliminará al reiniciar, [0], [392686],1.0.11188
Trojan.ICLoader, C:\WINDOWS\SYSTEM32\TASKS\GoogleUpdateTaskMachineCore, Se eliminará al reiniciar, [745], [695670],1.0.11188
Trojan.ICLoader, C:\WINDOWS\SYSTEM32\TASKS\GoogleUpdateTaskMachineUA, Se eliminará al reiniciar, [745], [695670],1.0.11188
Trojan.ICLoader, C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE, Se eliminará al reiniciar, [745], [695670],1.0.11188
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\PROXYGATE\MAINSERVICE.EXE, Se eliminará al reiniciar, [0], [392686],1.0.11188
Adware.Csdimonetize, C:\PROGRAM FILES (X86)\GUJHD\62961246.EXE, Se eliminará al reiniciar, [2910], [697059],1.0.11188
Adware.Csdimonetize, C:\PROGRAM FILES\CIWCNV5NAU\UNINSTALLER.EXE, Se eliminará al reiniciar, [2910], [648561],1.0.11188
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\PROXYGATE\PROXYGATE.EXE, Se eliminará al reiniciar, [0], [392686],1.0.11188
Adware.Csdimonetize, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\IS-K3PC5.TMP\PROFESSIONNEL.EXE, Se eliminará al reiniciar, [2910], [697059],1.0.11188
Adware.ICLoader.Generic, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\IS-U6T9T.TMP\MS64-IS-U6T9T.TMP.EXE, Se eliminará al reiniciar, [10441], [673729],1.0.11188
Spyware.Socelars, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\P0HH1OV2VOR\DAJIDALI.EXE, Se eliminará al reiniciar, [677], [694800],1.0.11188
Trojan.Starter.MSIL, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\CHECKUPD.EXE, Se eliminará al reiniciar, [8500], [646535],1.0.11188
Trojan.ICLoader, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\WIFISERVICE.EXE, Se eliminará al reiniciar, [745], [695670],1.0.11188
Adware.AdLoad, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\43KHYPONPA3\13IJ0DOYE03.EXE, Se eliminará al reiniciar, [544], [684358],1.0.11188
Adware.Csdimonetize, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\UBHYDXTQIV1\AMYBKMYWIQG.EXE, Se eliminará al reiniciar, [2910], [648561],1.0.11188
Adware.Bundler, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\XELPI.EXE, Se eliminará al reiniciar, [726], [527266],1.0.11188
Adware.Linkury, C:\USERS\ABSENT\APPDATA\LOCAL\HAYPHASE.BIN, Se eliminará al reiniciar, [384], [504848],1.0.11188
Adware.Linkury, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\45055IVFQBV\FISH.EXE, Se eliminará al reiniciar, [384], [475745],1.0.11188
Adware.Tuto4PC, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\YBC1NXNJZN5.EXE, Se eliminará al reiniciar, [2826], [474076],1.0.11188
Spyware.Socelars, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\DISKPROTECT10086\DISKSCAN.EXE, Se eliminará al reiniciar, [677], [698260],1.0.11188
Adware.Linkury, C:\USERS\ABSENT\APPDATA\LOCAL\BIOLA.EXE, Se eliminará al reiniciar, [384], [475745],1.0.11188
Generic.Malware/Suspicious, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\MULTITIMER.EXE, Se eliminará al reiniciar, [0], [392686],1.0.11188
Spyware.Socelars, C:\USERS\ABSENT\APPDATA\LOCAL\TEMP\PPPLAYERV3.0.EXE, Se eliminará al reiniciar, [677], [698260],1.0.11188
Adware.Linkury, C:\USERS\ABSENT\APPDATA\LOCAL\SPANDUBEX.EXE, Se eliminará al reiniciar, [384], [475745],1.0.11188

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Hola @Codex_Oscura

Si que te pescaste todos los adware de la red.

Realiza lo siguiente, pero respetando el orden de los paso, especialmente revisa como configurar el análisis de Malwarebytes.

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos y con TODOS los navegadores cerrados.

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.

  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado marcando todas las unidades
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: [size=2]¿Como Pegar reportes en el Foro?[/size]

Nos comentas.

Salu2

Hola @SanMar, la verdad demoraré un poco en responder. Ayer el compu anduvo muy bien, me dejó descargar e instalar cosas, pero hoy nada. CCleaner lleva horas pegado en “Internet Explorer - Archivos temporales”, eliminarlos manualmente también se pega… Por otro lado no puedo descargar ZHPCleaner, pesa 3 mb y queda pegado en 99% no completándose nunca la descarga.

Apenas pueda mando una respuesta con los reportes que tenga.

Saludos y muchas gracias por la paciencia.

Hola @Codex_Oscura

No te preocupes.

Intenta ejecutar los pasos en Modo Seguro con Red o Modo Seguro.

Y si aún no puedes vuelve a comentarlo por aquí que cambiamos los pasos.

Salu2.

Hola @SanMar,

Aquí tengo los reportes. Me fue un poco difícil realizar la descarga pero lo logré. Pude ejecutar CCleaner (3 horas, 20 minutos), AdwCleaner, ZHP y Malwarebytes.

ADWCLEANER

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-28-2019
# Duration: 00:00:01
# OS:       Windows 10 Pro
# Cleaned:  8
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\ProxyGate

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Lightcleaner
Deleted       HKCU\Software\PRODUCTSETUP
Deleted       HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G
Deleted       HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
Deleted       HKCU\Software\SetupCompany
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AVBoost
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|Multitimer

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1889 octets] - [28/06/2019 11:16:07]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

ZHP

~ ZHPCleaner v2019.6.25.89 by Nicolas Coolman (2019/06/25)
~ Run by Absent (Administrator)  (28/06/2019 11:39:41)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\Absent\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Absent\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 17763)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (1)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (21)
MOVIDO carpeta: C:\Windows\Installer\wix{AF599C42-A2E5-4251-B7EE-4925C117BE8D}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Users\Absent\AppData\Local\Temp\msoia.exe_c2rdll(20190628110744FB4).log    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Absent\AppData\Local\Temp\msoia.exe_c2rdll(20190628111854151C).log    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Absent\AppData\Local\Temp\~DF0D32E1B2A010F6C4.TMP    =>.SUP.Temporary.Other
MOVIDO carpeta: C:\Users\Absent\AppData\Local\Temp\~DF468A3AE4629F0BE1.TMP    =>.SUP.Temporary.Other
MOVIDO archivo: C:\WINDOWS\Installer\MSI101E.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI11F4.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI1A33.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI21E5.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI2570.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI5E7.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIAE1.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSICC49.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSICE9C.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSID0C0.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIE6BA.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIE9E9.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIEE44.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIF039.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIF20F.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIFF63.tmp-  =>.SUP.Empty


---\\  Registro ( Claves, Valores, Datos) (4)
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\L:\setup.exe.FriendlyAppName [Far Cry 5 REPACK JPW Setup]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\L:\setup.exe.ApplicationCompany [Ubisoft]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\I:\setup.exe.FriendlyAppName [Worms Clan Wars Setup]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\I:\setup.exe.ApplicationCompany [Team17 Digital Ltd]  =>.SUP.Orphan.MUICache


---\\  Resumen de elementos en su estación de trabajo (4)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Other
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Orphan.MUICache


---\\ Limpieza adicional. (6)
~ Clave de registro Tracing borrados (6)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ falta este navegador! (Mozilla Firefox)
~ falta este navegador! (Opera Software)


---\\ STATISTIQUES
~ Items escaneado : 1124
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 12/12
~ Ahorro de espacio (bytes) : 16896


~ End of clean in 00h00mn14s

---\\  Reporte (2)
ZHPCleaner-[S]-28062019-11_38_11.txt
ZHPCleaner-[R]-28062019-11_39_55.txt

Aquí arroja un Riskware que es parte del típico bypass para jugar un juego que fue descargado de manera ilegal.

MALWAREBYTES

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 28/6/19
Hora del análisis: 11:48
Archivo de registro: 1dc3c306-99bc-11e9-a517-7824af4205d3.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.586
Versión del paquete de actualización: 1.0.11302
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17763.557)
CPU: x64
Sistema de archivos: NTFS
Usuario: ABSENTPPC\Absent

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 480614
Amenazas detectadas: 1
Amenazas en cuarentena: 0
Tiempo transcurrido: 1 hr, 26 min, 58 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 1
RiskWare.GameHack, H:\GTA\GRAND THEFT AUTO V\STEAM_API64.DLL, Sin acciones por parte del usuario, [7555], [305544],1.0.11302

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Hola @Codex_Oscura

Perfecto…:+1:

Ahora vuelve a ejecutar FRST tal como te lo indique la primera vez, pero esta vez adjunta los reportes tal el Método 4 de este tema:

¿Como Pegar Reportes en el Foro?

Salu2.

Hola @SanMar,

Te adjunto lo solicitado. Addition Addition.txt (51,0 KB) Frst FRST.txt (86,2 KB)

Fuera de eso, puedo comentar que el computador funciona bien día por medio. CCleaner sigue pegándose en “archivos temporales de internet” y algunas funciones no van bien.

Saludos.

Hola @Codex_Oscura

1.- Desinstala con Revo Uninstaller en su Modo Avanzado:

  • Ccleaner

Manual de Revo Uninstaller.

No lo reinstales aun.

2.- Con todos los programas cerrados presiona las teclas Windows + R, en la ventana que se abre escribe tal cual >>> %temp% >>>

Vacias todo el contenido de la carpeta.

3.- Sigue estos pasos:

Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

4.- Desactiva Temporalmente tu antivirus.

5.- Ejecutaste FRST desde una ubicación incorrecta, corta el ejecutable de tu Carpeta Descargas y pegarlo en tu escritorio.

  • Running from C:\Users\Absent\Downloads

Luego:

Abre un nuevo archivo Notepad y copia y pega este contenido:

Start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\MountPoints2: {5bfb4346-0eb5-11e9-9c15-7824af4205d3} - "L:\setup.exe" 
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\i420vfw.dll [70656 2004-01-25] (www.helixcommunity.org) [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\SysWOW64\yv12vfw.dll [70656 2004-01-25] (www.helixcommunity.org) [File not signed]
Task: {04FAB3A6-8FD2-46D2-96EF-C1608484FE41} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {706B5F1C-B5F8-4051-916F-4D1D0F4F1D66} - System32\Tasks\momag\{3EEBF4A5-6BD9-3528-1AD2-066A6C5B7D9E} => C:\Program Files (x86)\Common Files\3eebf4a56b\momag.exe
C:\Program Files (x86)\Common Files\3eebf4a56b
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131970613020950969&GUID=06F4EC48-6E91-4F5D-B415-C909D30B00DB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131970613020953399&GUID=06F4EC48-6E91-4F5D-B415-C909D30B00DB
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3126805088-1096401988-3500408547-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R1 e0357e2a3fca78a2; C:\WINDOWS\system32\drivers\e0357e2a3fca78a2.sys [30912 2019-06-21] (BlockChain Advances Ltd -> FsFilter Network)
U3 idsvc; no ImagePath
2019-06-21 18:55 - 2019-06-21 18:55 - 000030912 _____ (FsFilter Network) C:\WINDOWS\system32\Drivers\e0357e2a3fca78a2.sys 
2019-06-21 18:54 - 2019-06-21 19:05 - 000000000 ____D C:\Program Files (x86)\gujhd
2019-06-21 18:54 - 2019-06-21 18:54 - 000000012 ___SH C:\WINDOWS\65612460883F
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-11-12] (Notepad++ -> )
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
AlternateDataStreams: C:\Users\Absent\Datos de programa:7dd1e1189f9fcf05a559dccee48d89c6 [362]
AlternateDataStreams: C:\Users\Absent\AppData\Roaming:7dd1e1189f9fcf05a559dccee48d89c6 [362]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [440]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\StartupApproved\Run: => "ZUKR35S3BSTZNSD"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.

Hola @SanMar !

-Te comento que hice todo rigurosamente, según quedó indicado, CCleaner lo eliminé usando Revo. -Creé un backup del registro con Delfix. -Copié FRST al escritorio, cree el archivo “txt” con el script y lo dejé en el escritorio también.

En el último paso tuve un problema, ya que al iniciar frst y darle “fix”, el programa inició, todo parecía bien, pero al cabo de un rato se congeló y quedó en modo “No responde” demasiado tiempo. en el Log, creo que se nota que no terminó todo su proceso. Al quedar pegado, quedó en pantalla que lo último que estaba haciendo era “fixing” no se qué…

Te adjunto el Log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-06-2019
Ran by Absent (01-07-2019 12:53:53) Run:1
Running from C:\Users\Absent\Desktop
Loaded Profiles: Absent (Available Profiles: Absent)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\MountPoints2: {5bfb4346-0eb5-11e9-9c15-7824af4205d3} - "L:\setup.exe" 
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\i420vfw.dll [70656 2004-01-25] (www.helixcommunity.org) [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\SysWOW64\yv12vfw.dll [70656 2004-01-25] (www.helixcommunity.org) [File not signed]
Task: {04FAB3A6-8FD2-46D2-96EF-C1608484FE41} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {706B5F1C-B5F8-4051-916F-4D1D0F4F1D66} - System32\Tasks\momag\{3EEBF4A5-6BD9-3528-1AD2-066A6C5B7D9E} => C:\Program Files (x86)\Common Files\3eebf4a56b\momag.exe
C:\Program Files (x86)\Common Files\3eebf4a56b
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131970613020950969&GUID=06F4EC48-6E91-4F5D-B415-C909D30B00DB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131970613020953399&GUID=06F4EC48-6E91-4F5D-B415-C909D30B00DB
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3126805088-1096401988-3500408547-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R1 e0357e2a3fca78a2; C:\WINDOWS\system32\drivers\e0357e2a3fca78a2.sys [30912 2019-06-21] (BlockChain Advances Ltd -> FsFilter Network)
U3 idsvc; no ImagePath
2019-06-21 18:55 - 2019-06-21 18:55 - 000030912 _____ (FsFilter Network) C:\WINDOWS\system32\Drivers\e0357e2a3fca78a2.sys 
2019-06-21 18:54 - 2019-06-21 19:05 - 000000000 ____D C:\Program Files (x86)\gujhd
2019-06-21 18:54 - 2019-06-21 18:54 - 000000012 ___SH C:\WINDOWS\65612460883F
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-11-12] (Notepad++ -> )
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
AlternateDataStreams: C:\Users\Absent\Datos de programa:7dd1e1189f9fcf05a559dccee48d89c6 [362]
AlternateDataStreams: C:\Users\Absent\AppData\Roaming:7dd1e1189f9fcf05a559dccee48d89c6 [362]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [440]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\StartupApproved\Run: => "ZUKR35S3BSTZNSD"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bfb4346-0eb5-11e9-9c15-7824af4205d3} => removed successfully
HKLM\Software\Classes\CLSID\{5bfb4346-0eb5-11e9-9c15-7824af4205d3} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.RTV1" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.i420 => value restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.RTV1" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.yv12" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04FAB3A6-8FD2-46D2-96EF-C1608484FE41}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04FAB3A6-8FD2-46D2-96EF-C1608484FE41}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{706B5F1C-B5F8-4051-916F-4D1D0F4F1D66}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{706B5F1C-B5F8-4051-916F-4D1D0F4F1D66}" => removed successfully
C:\WINDOWS\System32\Tasks\momag\{3EEBF4A5-6BD9-3528-1AD2-066A6C5B7D9E} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\momag\{3EEBF4A5-6BD9-3528-1AD2-066A6C5B7D9E}" => removed successfully
"C:\Program Files (x86)\Common Files\3eebf4a56b" => not found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
e0357e2a3fca78a2 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\e0357e2a3fca78a2 => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully

Saludos!

Hola @Codex_Oscura

Efectivamente algunas cuestiones no se eliminaron y otras si.

Ejecuta nuevamente FRST como lo hiciste anteriormente y nos traes reportes frescos.

Ademas comenta como va el equipo.

Salu2

Hola @SanMar,

Perdón la demora. El análisis lo llevé a cabo y este es el resultado. Agrego que se congeló igual que la vez pasada, pero antes de forzar el reinicio, pensé que si abría el programa de nuevo a lo mejor se iba a destrabar, lo cual fue erroneo, pero cuando abrí la nueva instancia me apareció el reporte del análisis completo :roll_eyes:

Fixlog.txt (8,7 KB)

En el reporte aparece un archivo (e0357e2a3fca78a2.sys) alojada en la carpeta “drivers” en win32, la cual no fue eliminada por el programa, pero al reinicio cuando se ejecutó windows defender, lo detectó y eliminó (supongo).

El computador me ha funcionado mejor, pero pienso que el virus afectó hartos archivos en el sistema, por ejemplo la calculadora no me abre, tuve que reinstalar microsoft office (lo desinstalé con revo en avanzado).

Tengo un documento de texto con archivos que yo creo son sospechosos, ya que soy informático y suelo revisar la actividad en mi computador. Lo adjuntaré. Aplicaciones extrañas.txt (1,0 KB)

Por otro lado, lo de la calculadora, noté que el típico ejecutable “Calc.exe” (No confundir con “Cacls.exe”, programa del control de acls) ya no existe y en cambio está un ejecutable llamado “Calculator.exe” que extrañamente fue modificado el día 21 cuando empezó todo.

Adjunto la dirección del archivo Calculator.exe:

C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1905.28.0_x64__8wekyb3d8bbwe

Quedo atento a tus comentarios, Saludos!