Posible malware?


#1

Buenas a todos! Esta mañana pasando el antimalware me ha detectado lo siguiente Realicé lo que indicáis en otros post similares, y pensaba que se había eliminado pero no ha sido así.

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 13/11/18
Hora del análisis: 12:34
Archivo de registro: 0aa1278c-e738-11e8-a872-309c23179a23.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.463
Versión del paquete de actualización: 1.0.7821
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17134.345)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-FUBEGHH\Carmen

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 296414
Amenazas detectadas: 6
Amenazas en cuarentena: 6
Tiempo transcurrido: 0 min, 46 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 1
Trojan.Agent.Generic, C:\PROGRAMDATA\baa55a8b, En cuarentena, [3705], [597397],1.0.7821

Archivo: 5
Trojan.Agent.Generic, C:\PROGRAMDATA\baa55a8b\test.au3, En cuarentena, [3705], [597397],1.0.7821
Trojan.Agent.Generic, C:\ProgramData\baa55a8b\baa55a8b.exe, En cuarentena, [3705], [597397],1.0.7821
Trojan.Agent.Generic, C:\ProgramData\baa55a8b\PE.bin, En cuarentena, [3705], [597397],1.0.7821
Trojan.Agent.Generic, C:\ProgramData\baa55a8b\PE2.bin, En cuarentena, [3705], [597397],1.0.7821
Trojan.Agent.Generic, C:\ProgramData\baa55a8b\shell.txt, En cuarentena, [3705], [597397],1.0.7821

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Gracias por vuestra ayuda. Un saludo


#2

Hola y [email protected] al nuevo Forospyware

Realiza los siguientes pasos, , sin cambiar el orden

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware,

Manual Malwarebytes , para que sepas usarlo y configurarlo.

  • Realiza un Análisis Personalizado, haciendo click en la sección “Analizar” y seguidamente haciendo click “Analisis personalizado” en y luego click en “Configurar análisis”, marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
  • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
  • Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward: Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona “Ejecutar como Administrador.”)
  • Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Si no encuentra nada, pulsamos “Omitir Reparación”
  • El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Descarga Ccleaner

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, AdwCleaner y comentas como va el problema.

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo :

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA(programas/software/complementos/extensiones del navegador…)
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…)
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Envuelve cada uno de los informes con una etiqueta escrita CODE_Inicial al inicio del informe y otra como este CODE_Final al final del mismo.

Saludos


#3

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 13/11/18
Hora del análisis: 15:47
Archivo de registro: 0ea9965a-e753-11e8-95fc-309c23179a23.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.482
Versión del paquete de actualización: 1.0.7823
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17134.345)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-FUBEGHH\Carmen

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 382409
Amenazas detectadas: 8
Amenazas en cuarentena: 8
Tiempo transcurrido: 51 min, 27 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 1
Trojan.Agent.Generic, C:\PROGRAMDATA\BAA55A8B, En cuarentena, [3706], [597397],1.0.7823

Archivo: 7
RiskWare.GameHack, D:\GAMES\BIOSHOCK INFINITE\BINARIES\WIN32\STEAM_API.DLL, En cuarentena, [7817], [305544],1.0.7823
Trojan.MalPack.Krunchy, D:\GAMES\TWO POINT HOSPITAL\SKIDROW.EXE, En cuarentena, [11896], [488542],1.0.7823
Trojan.Agent.Generic, C:\PROGRAMDATA\BAA55A8B\TEST.AU3, En cuarentena, [3706], [597397],1.0.7823
Trojan.Agent.Generic, C:\ProgramData\baa55a8b\baa55a8b.exe, En cuarentena, [3706], [597397],1.0.7823
Trojan.Agent.Generic, C:\ProgramData\baa55a8b\PE.bin, En cuarentena, [3706], [597397],1.0.7823
Trojan.Agent.Generic, C:\ProgramData\baa55a8b\PE2.bin, En cuarentena, [3706], [597397],1.0.7823
Trojan.Agent.Generic, C:\ProgramData\baa55a8b\shell.txt, En cuarentena, [3706], [597397],1.0.7823

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-11-12.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-13-2018
# Duration: 00:00:02
# OS:       Windows 10 Pro
# Cleaned:  8
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\BAA55A8B
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
Deleted       C:\Program Files\ByteFence

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\ByteFence
Deleted       HKLM\Software\ByteFence
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\ByteFenceService
Deleted       HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
Deleted       HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1820 octets] - [13/11/2018 13:21:05]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4

Pega el contenido del archivo .txt aquí en una respuesta, o sube el archivo haciendo click en el botón con la flecha arriba, para que los demás aparte de mi pueden leerlos.


#5

Hola

Ya he arreglado los logs

Pueden seguir

Saludos


#6

Muchas gracias @Miguelgrado.

@Eyrenth, como sigue el funcionamiento del PC? Saludos.


#7

Hola @Facundo, pues he vuelto a pasarle el malware antimalware y me ha vuelto a detectar lo mismo… Así que exactamente no se que puede ser.


#8

Descarga los siguientes programas y dejalos en el escritorio:

:one:

  • Ejecuta como admnistrador Rkill
  • Se abrira una consola similar a CMD
  • Deja que trabaje de 2 a 5 minutos
  • Pega el reporte que esta dentro de Rkill.txt guardado en el escritorio. :warning: No reinicies el PC al terminar, y sigue con MBAM anti-rootkit :warning:

:two:

:three:

Realiza el mismo procedimiento de Malwarebytes como lo has echo anteriormente y me pegas su reporte.

Espero sus reportes y respetivos comentarios si aun sigue detectando. Saludos.


#9

@Facundo Aquí te dejo el informe de Rkill

El MBAM me ha vuelto a detectar los mismos archivos “Trojan.Agent.Generic”

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/13/2018 05:26:12 PM in x64 mode.
Windows Version: Windows 10 Pro 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\IE [Dir]

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 11/13/2018 05:26:20 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)
Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 13/11/18
Hora del análisis: 18:02
Archivo de registro: e719f90a-e765-11e8-b3a1-309c23179a23.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.482
Versión del paquete de actualización: 1.0.7827
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17134.345)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-FUBEGHH\Carmen

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 374370
Amenazas detectadas: 7
Amenazas en cuarentena: 0
Tiempo transcurrido: 44 min, 19 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 1
Trojan.Agent.Generic, C:\PROGRAMDATA\BAA55A8B, Sin acciones por parte del usuario, [3706], [597397],1.0.7827

Archivo: 6
Trojan.Agent.Generic, C:\PROGRAMDATA\BAA55A8B\TEST.AU3, Sin acciones por parte del usuario, [3706], [597397],1.0.7827
Trojan.Agent.Generic, C:\ProgramData\baa55a8b\baa55a8b.exe, Sin acciones por parte del usuario, [3706], [597397],1.0.7827
Trojan.Agent.Generic, C:\ProgramData\baa55a8b\PE.bin, Sin acciones por parte del usuario, [3706], [597397],1.0.7827
Trojan.Agent.Generic, C:\ProgramData\baa55a8b\PE2.bin, Sin acciones por parte del usuario, [3706], [597397],1.0.7827
Trojan.Agent.Generic, C:\ProgramData\baa55a8b\shell.txt, Sin acciones por parte del usuario, [3706], [597397],1.0.7827
Trojan.Agent.Generic, C:\USERS\CARMEN\APPDATA\ROAMING\Microsoft\Windows\Recent\shell.txt.lnk, Sin acciones por parte del usuario, [3706], [597397],1.0.7827

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

El problema reside en que al eliminar los archivos en cuarentena, al reiniciar el pc, vuelven a aparecer. O incluso en este caso, aunque seleccione la opción de borrar los archvos en cuarentena, no son eliminados.

Muchas gracias por vuestra ayuda.


#10

Pues el reporte indica Sin acciones por parte del usuario, envialos a cuarentena, eliminalos y reinicia el pc 1-2 veces.

Te falta el log de Malwarebytes antirootkit que deberias hacerlo despues del paso de Rkill sin reiniciar.


#11

@Facundo tienes razón, fallo mio al subirte el archivo

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.11.13.08
  rootkit: v2018.11.13.08

Windows 10 x64 NTFS
Internet Explorer 11.345.17134.0
Carmen :: DESKTOP-FUBEGHH [administrator]

13/11/2018 19:13:22
mbar-log-2018-11-13 (19-13-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 202051
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\baa55a8b (Trojan.Agent.Generic) -> Delete on reboot. [de6edb6992270d295ad5ca70e41ca25e]

Files Detected: 5
C:\ProgramData\baa55a8b\test.au3 (Trojan.Agent.Generic) -> Delete on reboot. [de6edb6992270d295ad5ca70e41ca25e]
C:\ProgramData\baa55a8b\baa55a8b.exe (Trojan.Agent.Generic) -> Delete on reboot. [de6edb6992270d295ad5ca70e41ca25e]
C:\ProgramData\baa55a8b\PE.bin (Trojan.Agent.Generic) -> Delete on reboot. [de6edb6992270d295ad5ca70e41ca25e]
C:\ProgramData\baa55a8b\PE2.bin (Trojan.Agent.Generic) -> Delete on reboot. [de6edb6992270d295ad5ca70e41ca25e]
C:\ProgramData\baa55a8b\shell.txt (Trojan.Agent.Generic) -> Delete on reboot. [de6edb6992270d295ad5ca70e41ca25e]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Otra cosa que quería comentaros, he estado mirando un poco los archivos que me indicaba MBAM y he encontrado que es AutoIt v3 Script, y lo he deshabilitado y ahora no me los detecta como malware . ¿Sabéis que puede ser?


#13

Hola @Eyrenth y con permiso , para ver si queda algo por ahi

  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.


#15
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.11.2018
Ran by Carmen (administrator) on DESKTOP-FUBEGHH (13-11-2018 19:52:56)
Running from C:\Users\Carmen\Desktop
Loaded Profiles: Carmen (Available Profiles: Carmen)
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\IntelCpHDCPSvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Disc Soft Ltd) D:\Archivos de programa (D)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
() C:\ProgramData\ESET\ESET Security\app\appOnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) D:\Archivos de programa (D)\DAEMON Tools Lite\DTShellHlp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systeminfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files\ESET\ESET Security\eeclnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9240512 2017-12-21] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-11-06] (ESET)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3785536 2018-11-06] (Dropbox, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\Run: [appOnt] => C:\ProgramData\ESET\ESET Security\app\appOnt.exe [1738760 2017-01-27] ()
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\Run: [DAEMON Tools Lite Automount] => D:\Archivos de programa (D)\DAEMON Tools Lite\DTAgent.exe [5263040 2018-01-30] (Disc Soft Ltd)
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\Run: [GoogleChromeAutoLaunch_D3CF36E41CCB3C9525D678BD1EF051CE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589080 2018-10-23] (Google Inc.)
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\MountPoints2: {5e97d4f6-06c6-11e8-ab10-60f677a62ed9} - "E:\setup.exe" 
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\MountPoints2: {5e97d536-06c6-11e8-ab10-60f677a62ed9} - "F:\autoinst.exe" 
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\MountPoints2: {e9174fea-6f20-11e8-ab1c-309c23179a23} - "G:\LG_PC_Programs.exe" 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{8405bc8b-295b-4599-b246-e9e575d72c9f}: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{f9873248-7cad-4f12-b4e8-c27fec1a5927}: [DhcpNameServer] 62.81.16.148 62.81.16.213

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKU\S-1-5-21-1871329410-1462816035-3121964735-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2018-10-05] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2018-10-05] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-31] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-31] (Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 5sp5nre3.default
FF ProfilePath: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\5sp5nre3.default [2018-11-13]
FF Homepage: Mozilla\Firefox\Profiles\5sp5nre3.default -> www.google.es
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2018-10-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2018-10-05] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> D:\Archivos de programa (D)\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://websearch.4shared.com/
CHR StartupUrls: Default -> "hxxp://www.google.es/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/"
CHR Profile: C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default [2018-11-13]
CHR Extension: (Presentaciones) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-31]
CHR Extension: (Documentos) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-31]
CHR Extension: (Google Drive) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-31]
CHR Extension: (YouTube) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-31]
CHR Extension: (Adblock Plus) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-10-31]
CHR Extension: (Mendeley Importer) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dagcmkpagjlhakfdhnbomgmjdpkdklff [2018-08-02]
CHR Extension: (Dropbox para Gmail) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-04-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-02-14]
CHR Extension: (Hojas de cálculo) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-31]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (AdBlock) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-10-12]
CHR Extension: (Space) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepnfgiockihbakjbhonkinpagbkaobo [2018-02-02]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-31] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-31] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-11-06] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; D:\Archivos de programa (D)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3480256 2018-01-30] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302152 2018-11-06] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302152 2018-11-06] (ESET)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515232 2017-06-22] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [279096 2017-12-06] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [30208 2016-08-31] (LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (LG Electronics Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-02-06] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-02-06] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [143448 2018-11-06] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-02-19] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188832 2018-11-06] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [109864 2018-11-06] (ESET)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [174568 2017-06-22] (Intel Corporation)
R3 LgBttPort; C:\WINDOWS\system32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\WINDOWS\System32\drivers\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\WINDOWS\system32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-13] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-12] (Intel Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_3cee0f43d57c7f2c\nvlddmkm.sys [20365000 2018-11-05] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [865216 2018-01-30] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [424384 2018-02-27] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72760 2017-12-06] (Synaptics Incorporated)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-13 19:53 - 2018-11-13 19:53 - 000000000 ____D C:\ProgramData\wyFxxAWDa
2018-11-13 19:51 - 2018-11-13 19:53 - 000020483 _____ C:\Users\Carmen\Desktop\FRST.txt
2018-11-13 19:51 - 2018-11-13 19:52 - 000000000 ____D C:\FRST
2018-11-13 19:51 - 2018-11-13 19:51 - 000050759 _____ C:\Users\Carmen\Desktop\Addition.txt
2018-11-13 19:48 - 2018-11-13 19:48 - 002415616 _____ (Farbar) C:\Users\Carmen\Desktop\FRST64.exe
2018-11-13 19:20 - 2018-11-13 19:20 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-13 19:13 - 2018-11-13 19:13 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\165702DC.sys
2018-11-13 19:03 - 2018-11-13 19:03 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\22255412.sys
2018-11-13 17:54 - 2018-11-13 17:54 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\17315148.sys
2018-11-13 17:51 - 2018-11-13 17:51 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5647A53A.sys
2018-11-13 17:40 - 2018-11-13 17:40 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5451016E.sys
2018-11-13 17:31 - 2018-11-13 19:01 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-11-13 17:27 - 2018-11-13 19:20 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-11-13 17:27 - 2018-11-13 19:19 - 000000000 ____D C:\Users\Carmen\Desktop\mbar
2018-11-13 17:27 - 2018-11-13 19:13 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-11-13 17:27 - 2018-11-13 17:27 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\71392659.sys
2018-11-13 17:24 - 2018-11-13 19:12 - 000002590 _____ C:\Users\Carmen\Desktop\Rkill.txt
2018-11-13 17:16 - 2018-11-13 17:35 - 000003210 _____ C:\WINDOWS\System32\Tasks\Trojan Remover
2018-11-13 17:16 - 2018-11-13 17:16 - 000000000 ____D C:\ProgramData\Loaris
2018-11-13 16:41 - 2018-11-13 18:49 - 000000000 ____D C:\Users\Carmen\Desktop\Nueva carpeta
2018-11-13 15:46 - 2018-11-13 15:46 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-13 15:46 - 2018-11-13 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-13 15:46 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-13 13:33 - 2018-11-13 13:33 - 000002055 _____ C:\Users\Carmen\Desktop\malware 2.txt
2018-11-13 13:32 - 2018-11-13 13:32 - 000002047 _____ C:\Users\Carmen\Desktop\antimalware.txt
2018-11-13 13:26 - 2018-11-13 13:26 - 000000760 _____ C:\Users\Carmen\Desktop\JRT.txt
2018-11-13 13:00 - 2018-11-13 13:21 - 000000000 ____D C:\AdwCleaner
2018-11-09 23:12 - 2018-11-09 23:12 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-11-09 23:10 - 2018-11-05 17:56 - 015908504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-11-09 23:10 - 2018-11-05 17:56 - 013203400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-11-09 23:10 - 2018-11-05 17:55 - 019709024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-11-09 23:10 - 2018-11-05 17:55 - 016986632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-11-09 23:10 - 2018-11-05 17:55 - 004253008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-11-09 23:10 - 2018-11-05 17:55 - 001471632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-11-09 23:10 - 2018-11-05 17:55 - 001462424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-11-09 23:10 - 2018-11-05 17:55 - 001167800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-11-09 23:10 - 2018-11-05 17:55 - 001152192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-11-09 23:10 - 2018-11-05 17:55 - 001145744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-11-09 23:10 - 2018-11-05 17:55 - 000914792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-11-09 23:10 - 2018-11-05 17:55 - 000794656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-11-09 23:10 - 2018-11-05 17:55 - 000637872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-11-09 23:10 - 2018-11-05 13:59 - 000978320 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2018-11-09 23:10 - 2018-11-05 13:59 - 000978320 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-11-09 23:10 - 2018-11-05 13:59 - 000845200 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2018-11-09 23:10 - 2018-11-05 13:59 - 000845200 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-11-09 23:10 - 2018-11-05 13:59 - 000552232 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-11-09 23:10 - 2018-11-05 13:59 - 000457184 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-11-09 23:10 - 2018-11-05 13:59 - 000268176 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2018-11-09 23:10 - 2018-11-05 13:59 - 000268176 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-11-09 23:10 - 2018-11-05 13:59 - 000243600 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2018-11-09 23:10 - 2018-11-05 13:59 - 000243600 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-11-09 23:10 - 2018-11-05 13:58 - 001457088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-11-09 23:10 - 2018-11-05 13:58 - 001124560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-11-09 23:10 - 2018-11-05 13:58 - 000631232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-11-09 23:10 - 2018-11-05 13:58 - 000521472 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-11-09 23:10 - 2018-11-05 13:57 - 040254264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-11-09 23:10 - 2018-11-05 13:57 - 035151960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-11-09 23:10 - 2018-11-05 13:57 - 004941480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-11-09 23:10 - 2018-11-05 13:57 - 004313048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-11-09 23:10 - 2018-11-05 13:57 - 002017536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441681.dll
2018-11-09 23:10 - 2018-11-05 13:57 - 001999968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-11-09 23:10 - 2018-11-05 13:57 - 001509072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-11-09 23:10 - 2018-11-05 13:57 - 001468112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441681.dll
2018-11-08 10:47 - 2018-11-08 10:47 - 000000265 _____ C:\Users\Carmen\Desktop\Overcooked!.url
2018-11-08 10:47 - 2018-11-08 10:47 - 000000000 ____D C:\Users\Carmen\AppData\LocalLow\Ghost Town Games
2018-11-08 09:58 - 2018-11-08 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-11-06 14:06 - 2018-11-06 14:06 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-11-06 14:06 - 2018-11-06 14:06 - 000047768 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-11-06 14:06 - 2018-11-06 14:06 - 000047768 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-11-06 14:06 - 2018-11-06 14:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-11-06 11:27 - 2018-11-06 11:27 - 002527444 _____ C:\Users\Carmen\Desktop\TFG- Estudio bioseguridad Farmacia.pdf
2018-11-01 09:57 - 2018-11-06 19:55 - 000000000 ____D C:\Users\Carmen\Desktop\TFG ACABAO
2018-11-01 09:39 - 2018-11-01 09:39 - 001350054 ____H C:\Users\Carmen\Desktop\~WRL3720.tmp
2018-10-31 15:36 - 2018-10-31 15:36 - 002004064 _____ C:\Users\Carmen\Desktop\TFG Finishi finishis.pdf
2018-10-31 15:32 - 2018-10-31 15:32 - 002005174 _____ C:\Users\Carmen\Desktop\asdasd.pdf
2018-10-31 15:30 - 2018-10-31 15:30 - 002005109 _____ C:\Users\Carmen\Desktop\1.pdf
2018-10-31 15:11 - 2018-10-31 15:11 - 002004981 _____ C:\Users\Carmen\Desktop\TFG FINIQUITAO 2.pdf
2018-10-31 14:53 - 2018-10-31 14:57 - 002005987 _____ C:\Users\Carmen\Desktop\TFG FINIQUITAO.pdf
2018-10-31 14:53 - 2018-10-31 14:53 - 002005782 _____ C:\Users\Carmen\Desktop\9B1E3C2B.tmp
2018-10-31 13:36 - 2018-10-31 14:51 - 002005825 _____ C:\Users\Carmen\Desktop\TFG 6 final.pdf
2018-10-31 13:36 - 2018-10-31 13:36 - 001919797 _____ C:\Users\Carmen\Desktop\7CA10007.tmp
2018-10-29 11:32 - 2018-10-29 11:32 - 000001777 _____ C:\Users\Carmen\Desktop\Borderlands 2.exe.lnk
2018-10-29 11:31 - 2018-10-31 13:53 - 000000000 ____D C:\Users\Carmen\Desktop\COSAS TFG
2018-10-28 18:03 - 2018-10-28 18:03 - 000000000 ____D C:\Users\Carmen\AppData\Local\SoulcaliburVI
2018-10-28 18:02 - 2018-10-28 18:02 - 000001704 _____ C:\Users\Carmen\Desktop\SoulcaliburVI.exe - Acceso directo.lnk
2018-10-28 17:18 - 2018-10-28 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOULCALIBUR VI
2018-10-25 16:05 - 2018-10-25 16:05 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-10-25 10:05 - 2018-10-25 10:05 - 000000000 ___HD C:\Users\Public\XLSTAT
2018-10-25 10:05 - 2018-10-25 10:05 - 000000000 ____D C:\Users\Carmen\AppData\Roaming\Addinsoft
2018-10-25 10:05 - 2018-10-25 10:05 - 000000000 ____D C:\Users\Carmen\AppData\Local\XLSTAT
2018-10-25 10:05 - 2018-10-25 10:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Addinsoft
2018-10-25 10:05 - 2018-10-25 10:05 - 000000000 ____D C:\ProgramData\addinsoft
2018-10-25 10:05 - 2018-10-25 10:05 - 000000000 ____D C:\ProgramData\addin
2018-10-25 10:04 - 2018-10-25 10:04 - 000000000 ____D C:\Users\Carmen\AppData\Local\Package Cache
2018-10-25 10:04 - 2018-10-25 10:04 - 000000000 ____D C:\Program Files\Addinsoft
2018-10-23 10:51 - 2018-11-01 09:41 - 000016460 _____ C:\Users\Carmen\AppData\Local\pq.log.0.1
2018-10-23 10:51 - 2018-11-01 09:41 - 000000000 _____ C:\Users\Carmen\AppData\Local\pq.log.0.1.lck
2018-10-20 17:34 - 2018-10-20 17:34 - 000001183 _____ C:\Users\Carmen\Desktop\Overcooked2.exe - Acceso directo.lnk
2018-10-20 17:34 - 2018-10-20 17:34 - 000000000 ____D C:\Users\Carmen\AppData\LocalLow\Team17
2018-10-20 14:26 - 2018-11-13 13:25 - 000000000 ____D C:\Users\Carmen\AppData\Roaming\88929101d7329d1e93da1293a0b3c2ea
2018-10-20 14:26 - 2018-10-27 12:38 - 000000000 ___HD C:\DESKTOP-FUBEGHH
2018-10-15 16:10 - 2018-09-04 23:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-13 19:49 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-13 19:35 - 2017-12-25 00:00 - 000000000 ____D C:\ProgramData\baa55a8b
2018-11-13 19:27 - 2018-01-31 17:24 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-13 19:26 - 2018-05-21 09:50 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-13 19:26 - 2018-04-12 17:19 - 000787744 _____ C:\WINDOWS\system32\perfh00A.dat
2018-11-13 19:26 - 2018-04-12 17:19 - 000155340 _____ C:\WINDOWS\system32\perfc00A.dat
2018-11-13 19:26 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-13 19:25 - 2018-05-24 13:55 - 000000000 ____D C:\Users\Carmen\AppData\Local\D3DSCache
2018-11-13 19:25 - 2018-01-31 18:02 - 000000000 __SHD C:\Users\Carmen\IntelGraphicsProfiles
2018-11-13 19:20 - 2018-05-21 09:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-13 19:19 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-11-13 19:02 - 2018-03-30 21:52 - 000000000 ____D C:\Users\Carmen\AppData\Local\ElevatedDiagnostics
2018-11-13 19:00 - 2018-01-31 20:17 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-13 18:50 - 2018-05-19 21:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-13 18:05 - 2018-03-30 22:02 - 000000000 ____D C:\Users\Carmen\Documents\Grabaciones de sonido
2018-11-13 18:05 - 2018-02-03 09:28 - 000000000 ____D C:\Users\Carmen\AppData\Roaming\vlc
2018-11-13 17:42 - 2018-01-31 20:23 - 000000000 ____D C:\Users\Carmen\AppData\LocalLow\Mozilla
2018-11-13 17:32 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-13 16:59 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-13 15:46 - 2018-04-25 10:37 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-13 13:22 - 2018-03-18 18:11 - 000000000 ____D C:\Users\Carmen\AppData\Local\CrashDumps
2018-11-13 10:48 - 2018-05-21 09:46 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-13 10:48 - 2018-01-31 20:15 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-13 10:48 - 2018-01-31 20:15 - 000000000 ____D C:\Program Files\CCleaner
2018-11-12 23:16 - 2018-02-02 18:37 - 000000000 ____D C:\Users\Carmen\AppData\Local\Battle.net
2018-11-12 17:17 - 2018-10-05 09:32 - 001444864 _____ C:\Users\Carmen\AppData\Local\pq.db
2018-11-12 17:17 - 2018-09-23 16:04 - 000000000 ____D C:\Users\Carmen\Desktop\B2 Inglés
2018-11-12 17:09 - 2018-10-05 09:32 - 001528754 _____ C:\Users\Carmen\AppData\Local\pq.log.0
2018-11-12 17:09 - 2018-10-05 09:32 - 000000000 ____D C:\Users\Carmen\AppData\Local\Deployment
2018-11-12 17:09 - 2018-10-05 09:32 - 000000000 _____ C:\Users\Carmen\AppData\Local\pq.log.0.lck
2018-11-12 12:42 - 2018-09-12 16:30 - 000000000 ____D C:\Program Files (x86)\Overwatch
2018-11-09 23:14 - 2018-01-31 20:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-09 23:14 - 2018-01-31 20:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-09 23:04 - 2018-09-19 15:13 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-09 23:04 - 2018-09-19 15:13 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-09 23:04 - 2018-09-19 15:13 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-09 23:04 - 2018-09-19 15:13 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-09 23:04 - 2018-09-19 15:13 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-11-09 23:04 - 2018-06-06 12:41 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-09 23:04 - 2018-06-06 12:41 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-09 23:04 - 2018-06-06 12:41 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-09 23:04 - 2018-05-21 09:46 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-09 23:04 - 2018-05-21 09:46 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-09 23:04 - 2018-05-21 09:46 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-09 23:04 - 2018-05-21 09:46 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-09 23:04 - 2018-01-31 17:24 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-11-09 23:04 - 2018-01-31 17:24 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-11-09 23:04 - 2018-01-31 17:24 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-11-09 23:03 - 2018-01-31 20:23 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-08 11:25 - 2018-03-08 14:14 - 000000000 ____D C:\Users\Carmen\AppData\Roaming\Twitch
2018-11-08 10:47 - 2018-03-08 14:40 - 000000000 ____D C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch Games
2018-11-08 09:58 - 2018-01-31 20:24 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-11-06 21:54 - 2018-04-12 15:26 - 000109864 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2018-11-06 21:54 - 2017-06-22 16:01 - 000143448 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2018-11-06 21:54 - 2017-05-04 13:18 - 000188832 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2018-11-06 13:04 - 2018-01-31 19:28 - 000000000 ____D C:\Users\Carmen\AppData\Local\Packages
2018-11-06 11:15 - 2018-01-31 20:24 - 000000000 ____D C:\Users\Carmen\AppData\Local\PlaceholderTileLogoFolder
2018-11-05 17:55 - 2018-05-13 11:46 - 004992144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-11-03 02:56 - 2018-05-13 11:46 - 000048138 _____ C:\WINDOWS\system32\nvinfo.pb
2018-11-02 23:32 - 2018-05-19 21:15 - 000000000 ____D C:\Users\Carmen
2018-11-02 23:28 - 2018-01-31 17:24 - 005945328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-11-02 23:28 - 2018-01-31 17:24 - 002611240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-11-02 23:28 - 2018-01-31 17:24 - 001767280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-11-02 23:28 - 2018-01-31 17:24 - 000635248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-11-02 23:28 - 2018-01-31 17:24 - 000451056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-11-02 23:28 - 2018-01-31 17:24 - 000124112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-11-02 23:28 - 2018-01-31 17:24 - 000083336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-11-01 10:14 - 2018-02-02 17:32 - 000000000 ___RD C:\Users\Carmen\Dropbox
2018-11-01 09:53 - 2018-02-06 14:19 - 000000000 ____D C:\Users\Carmen\AppData\Roaming\DAEMON Tools Lite
2018-11-01 09:52 - 2018-05-19 21:14 - 000403440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-31 14:37 - 2018-01-31 20:22 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-28 18:03 - 2018-02-11 22:02 - 000000000 ____D C:\Users\Carmen\AppData\Local\UnrealEngine
2018-10-28 13:08 - 2018-02-02 15:05 - 000000000 ____D C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-10-26 11:33 - 2018-01-31 17:24 - 008391862 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-10-25 10:04 - 2018-02-03 23:00 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-24 13:51 - 2018-03-07 12:42 - 000000000 ____D C:\Users\Carmen\AppData\Roaming\NVIDIA
2018-10-24 13:49 - 2018-03-08 10:54 - 000000000 ____D C:\Users\Carmen\Documents\My Games
2018-10-23 21:03 - 2018-10-09 20:59 - 000000000 ____D C:\Users\Carmen\AppData\Local\Warframe
2018-10-23 16:43 - 2018-06-13 16:47 - 000000000 ____D C:\ProgramData\Packages
2018-10-22 10:08 - 2018-09-19 15:13 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-10-20 17:37 - 2018-01-31 20:17 - 000000000 ____D C:\Users\Carmen\AppData\LocalLow\Adobe
2018-10-19 15:47 - 2018-05-21 09:46 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1871329410-1462816035-3121964735-1001
2018-10-19 15:47 - 2018-05-19 21:15 - 000002404 _____ C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-19 15:47 - 2018-01-31 18:03 - 000000000 ___RD C:\Users\Carmen\OneDrive
2018-10-15 18:46 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp

==================== Files in the root of some directories =======

2018-02-10 00:20 - 2018-02-10 00:20 - 000000045 _____ () C:\Users\Carmen\AppData\Roaming\WB.CFG
2018-10-05 09:32 - 2018-10-05 09:32 - 000001803 _____ () C:\Users\Carmen\AppData\Local\opensource-licenses.txt
2018-10-05 09:29 - 2018-10-05 09:29 - 000088396 _____ () C:\Users\Carmen\AppData\Local\pq-install-32.log
2018-10-05 09:31 - 2018-10-05 09:32 - 000431148 _____ () C:\Users\Carmen\AppData\Local\pq-install-64.log
2018-10-05 09:32 - 2018-11-12 17:17 - 001444864 _____ () C:\Users\Carmen\AppData\Local\pq.db
2018-10-05 09:32 - 2018-11-12 17:09 - 001528754 _____ () C:\Users\Carmen\AppData\Local\pq.log.0
2018-10-23 10:51 - 2018-11-01 09:41 - 000016460 _____ () C:\Users\Carmen\AppData\Local\pq.log.0.1
2018-10-23 10:51 - 2018-11-01 09:41 - 000000000 _____ () C:\Users\Carmen\AppData\Local\pq.log.0.1.lck
2018-10-05 09:32 - 2018-11-12 17:09 - 000000000 _____ () C:\Users\Carmen\AppData\Local\pq.log.0.lck
2018-10-05 09:32 - 2018-10-05 09:32 - 000000239 _____ () C:\Users\Carmen\AppData\Local\pq.properties
2018-10-05 09:04 - 2018-10-05 09:04 - 000000362 _____ () C:\Users\Carmen\AppData\Local\winconf.pxt
2018-10-05 09:32 - 2018-10-05 16:13 - 000399089 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181005.log
2018-10-06 18:36 - 2018-10-06 22:55 - 000024134 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181006.log
2018-10-07 10:34 - 2018-10-07 12:29 - 000130191 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181007.log
2018-10-08 11:37 - 2018-10-08 12:29 - 000042071 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181008.log
2018-10-09 12:33 - 2018-10-09 19:15 - 000067760 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181009.log
2018-10-10 11:16 - 2018-10-10 11:18 - 000025511 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181010.log
2018-10-11 08:24 - 2018-10-11 09:36 - 000037580 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181011.log
2018-10-15 16:13 - 2018-10-15 18:35 - 000036981 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181015.log
2018-10-18 12:10 - 2018-10-18 17:47 - 000057546 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181018.log
2018-10-19 16:15 - 2018-10-19 17:35 - 000067371 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181019.log
2018-10-20 09:32 - 2018-10-20 11:22 - 000066585 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181020.log
2018-10-22 12:48 - 2018-10-23 10:51 - 000075714 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181022.log
2018-10-23 10:51 - 2018-10-23 22:25 - 000032502 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181023.log
2018-10-24 09:41 - 2018-10-24 11:35 - 000064559 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181024.log
2018-10-25 09:51 - 2018-10-26 00:01 - 000897635 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181025.log
2018-10-26 00:04 - 2018-10-26 17:58 - 000027976 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181026.log
2018-10-27 13:06 - 2018-10-27 13:31 - 000038504 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181027.log
2018-10-28 16:59 - 2018-10-28 17:01 - 000026290 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181028.log
2018-10-29 08:34 - 2018-10-29 22:06 - 000199539 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181029.log
2018-10-30 09:44 - 2018-10-30 22:54 - 000086494 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181030.log
2018-10-31 09:20 - 2018-10-31 23:02 - 000024558 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181031.log
2018-11-01 09:37 - 2018-11-01 12:53 - 000025575 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181101.log
2018-11-06 11:06 - 2018-11-06 19:55 - 000074403 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181106.log
2018-11-12 17:09 - 2018-11-12 17:17 - 000026719 _____ () C:\Users\Carmen\AppData\Local\WriteNCite.trace.20181112.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-19 21:14

==================== End of FRST.txt ============================

#16
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by Carmen (13-11-2018 19:53:18)
Running from C:\Users\Carmen\Desktop
Windows 10 Pro Version 1803 17134.345 (X64) (2018-05-21 08:46:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1871329410-1462816035-3121964735-500 - Administrator - Disabled)
Carmen (S-1-5-21-1871329410-1462816035-3121964735-1001 - Administrator - Enabled) => C:\Users\Carmen
DefaultAccount (S-1-5-21-1871329410-1462816035-3121964735-503 - Limited - Disabled)
Invitado (S-1-5-21-1871329410-1462816035-3121964735-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1871329410-1462816035-3121964735-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actualización de NVIDIA 33.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 33.2.0.0 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock Infinite (HKLM-x32\...\{2F82B501-6358-476E-A9AC-A6DABD2E52F9}) (Version: 6.0 - Black Box)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
Cities Skylines Parklife (HKLM-x32\...\Cities Skylines Parklife_is1) (Version:  - )
Compresor WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.7.1.0340 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 416.81 - NVIDIA Corporation) Hidden
Dragon Quest XI (HKLM-x32\...\Dragon Quest XI_is1) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 61.4.95 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
EGR-ShellExtension (HKLM-x32\...\EGR-ShellExtension) (Version: 1.2.1.100 - EasternGraphics)
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{0A532506-F796-4ECC-93B2-7409AE77C81A}) (Version: 1.1.144.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Java 7 Update 6 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417006FF}) (Version: 7.0.60 - Oracle)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG Mobile Drivers (HKLM-x32\...\{C3C008A7-D4A5-4E19-B0D6-72043D6EFE34}) (Version: 4.2.0 - LG Electronics)
LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: 4.3.80.20121017 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Mozilla Firefox 63.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 63.0.1 (x64 es-ES)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.11 - NVIDIA Corporation) Hidden
NVIDIA Controlador de gráficos 416.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 416.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.15.0.186 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.15.0.186 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Overcooked! (HKLM-x32\...\{A3F5EE11-7F45-4CF2-9DD9-642FB2597124}) (Version:  - Team17 Digital Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Panel de control de NVIDIA 416.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 416.81 - NVIDIA Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.60724 - Microsoft Corporation)
Polar FlowSync versión 2.6.2 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.6.2 - Polar Electro Oy)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.188 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8328 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
SOULCALIBUR VI (HKLM-x32\...\SOULCALIBUR VI_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.193 - Synaptics Incorporated)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.90922 - TeamViewer)
Twitch (HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-3) (Version: 1.0.54.1 - Intel Corporation Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Write-N-Cite (HKLM\...\{142D190D-A9F7-4DC3-A4D6-C87762D4A273}) (Version: 4.5.1710 - ProQuest)
XLSTAT 2018 (HKLM\...\{67ADA13C-9390-404B-9B2B-4AAFB72AB5BC}) (Version: 20.6.53964 - Addinsoft) Hidden
XLSTAT 2018 (HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\{203d7ee4-b1d2-42b2-82fd-b09de6973a28}) (Version: 20.6.53964 - Addinsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1871329410-1462816035-3121964735-1001_Classes\CLSID\{DEDBE4C9-9E87-40C5-B437-9AAB7EB9C667}\InprocServer32 -> C:\Program Files (x86)\EasternGraphics\EGR-ShellExtension\Win64\egr_se.dll (EasternGraphics)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-06] (ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] ()
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => D:\Archivos de programa (D)\DAEMON Tools Lite\DTShl64.dll [2018-01-30] (Disc Soft Ltd)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-06] (ESET)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => D:\Archivos de programa (D)\DAEMON Tools Lite\DTShl64.dll [2018-01-30] (Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] ()
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\igfxDTCM.dll [2017-12-07] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-11-02] (NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-06] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F291F05-C925-41CF-BF4C-7A18497D480F} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-1871329410-1462816035-3121964735-1001
Task: {176043D9-38CE-4EE9-9CBD-A2151BF4EAC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-31] (Google Inc.)
Task: {2824F4B3-D7AF-440D-B448-ED4A8DA45822} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-10-10] (NVIDIA Corporation)
Task: {37B965E7-B735-41D3-BB1E-E76619DD0EE9} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation)
Task: {384C80E7-28D9-4E94-AD7A-5D8C3B24DFFB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
Task: {3ED37986-AFA5-4ECB-AD9C-46C7C8485F6E} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation)
Task: {4A034AF6-042D-4A0A-892C-3FE5E11919F8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-10-10] (NVIDIA Corporation)
Task: {4C99A2B8-6A9B-4DF6-B2D4-51BA97120E33} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {68143FFE-7839-4960-B09A-A05BA600C311} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-10-10] (NVIDIA Corporation)
Task: {6D8A0A07-9CC6-4B41-BC3D-BC30D1E69FD8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {7B86A6ED-F39D-4455-A46B-86A5CB50A34B} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris Trojan Remover\ltr.exe
Task: {7D8BD1D1-C4C0-4AA5-ACA0-0CA15734DA10} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-31] (Dropbox, Inc.)
Task: {81871DC3-B327-4E42-B17F-FA0F8AB46DE9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-10-10] (NVIDIA Corporation)
Task: {A7D359C3-87C9-4BD0-93EB-6507DE5FB84F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-10-10] (NVIDIA Corporation)
Task: {B1EF2CE4-9B4E-4CD1-8508-57F32AE5C99C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
Task: {C8EFB02C-D362-4861-9D49-CE7C5176CD5B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {CEC87E81-45D1-4CD9-961D-B13FCFFAECDE} - System32\Tasks\S-1-5-21-1871329410-1462816035-3121964735-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-12] (Microsoft Corporation)
Task: {D0F146AB-B5F1-4C09-BB5F-AEEE358E380C} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-10-10] (NVIDIA Corporation)
Task: {E0990D9D-448D-4DA4-BF98-1846F1812124} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-31] (Google Inc.)
Task: {E34EAB68-5C34-4608-9A6A-19A441343679} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation)
Task: {E8239A5F-5FB8-458B-830C-E65693165CF9} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-10-10] (NVIDIA Corporation)
Task: {EA53BF8E-FFC4-4184-ABA9-ECACED073D92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {EED061D7-66E5-4C6E-A0E8-6A9817A040E8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {F1AC5719-01D6-4FB5-958E-3352DA517CA1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-31] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-09-19 15:13 - 2018-10-10 21:04 - 001314856 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-11-13 15:46 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-09 19:16 - 2018-09-20 04:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-13 16:59 - 2018-11-13 16:59 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-09-19 15:13 - 2018-10-10 21:03 - 101252136 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-09-19 15:13 - 2018-10-10 21:03 - 004619816 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libglesv2.dll
2018-09-19 15:13 - 2018-10-10 21:03 - 000108584 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libegl.dll
2018-01-31 20:35 - 2017-01-27 09:56 - 001738760 ____N () C:\ProgramData\ESET\ESET Security\app\appOnt.exe
2018-11-06 17:14 - 2018-11-06 17:14 - 000100936 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
2018-10-31 14:37 - 2018-10-23 22:24 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libglesv2.dll
2018-10-31 14:37 - 2018-10-23 22:24 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libegl.dll
2018-09-19 15:13 - 2018-10-10 21:04 - 001032744 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 80.58.61.254 - 80.58.61.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7CF1B0DC-600C-4423-B4FC-8FC8F94AFDDB}] => (Allow) D:\Archivos de programa (D)\qBittorrent\qbittorrent.exe
FirewallRules: [{5615FA6D-AAE1-4480-9000-EADDF573A680}] => (Allow) D:\Archivos de programa (D)\qBittorrent\qbittorrent.exe
FirewallRules: [{5D4CA2B8-4CF4-4043-B7B6-49F3C03245A0}] => (Allow) D:\Steam\steamapps\common\Gauntlet\binaries\gauntlet.exe
FirewallRules: [{A6EA985A-232B-4EBC-824A-C9933C0323A3}] => (Allow) D:\Steam\steamapps\common\Gauntlet\binaries\gauntlet.exe
FirewallRules: [UDP Query User{BFF38FF7-01A3-4575-B888-A11FCF67C560}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{7457042E-79BC-4FCC-A748-9D9A92173A87}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{B2120AC3-1890-43F5-A65A-8746E65DA9C0}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{7CFD291C-0AC9-4BB6-B44B-D8DBF2CAB717}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{2623CD41-854B-4A1B-8BD7-74A6A6C0F6D6}] => (Allow) D:\Archivos de programa (D)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
FirewallRules: [{3C5A1AAA-F508-4486-8CA0-469241BE885E}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{DCA2D129-8695-4D1A-BBC5-15D7B0A28697}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{F65D8EC6-C07D-41D7-8886-E79BA8F3D3FA}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{E1CACE55-D4E8-4C68-B7B6-A0FD5AA89179}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{538F4FA8-726E-434E-879F-C4B004D6EA7F}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{5659053E-FCE2-471B-A136-1EB73870FCDF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{D7EE0A9C-EE16-4140-86FE-5729A40E531A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{222C5B12-37EF-47B8-AC8C-5920AA1F0CC6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F06455B8-B008-4149-9DFF-1BF99BCE87D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{85A44BE3-CE6B-4971-9EA1-AC83CF70C208}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{26D4E701-9993-41C8-8B08-48447A5F93C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{22CD3249-FE88-43DE-99C1-2C569974220F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{21C9E175-3B6F-4C1C-9C71-26D41195C69F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5E578245-92E5-47B4-8B0F-DA306F046367}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BF489A8-55BB-4BCC-A74F-3140C085D9B7}] => (Allow) LPort=5354
FirewallRules: [{C2E01ABF-D04F-4B68-8803-12EB49776AB2}] => (Allow) LPort=5354
FirewallRules: [{AC5FAC15-30D4-4C0D-8635-ED6E04687BF4}] => (Allow) LPort=5354
FirewallRules: [{0CF22F7C-2433-4B33-967F-C4DF13930F87}] => (Allow) LPort=5354
FirewallRules: [TCP Query User{B52182B5-8D43-48DA-ADE5-EAD87D7D1F47}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{C0DFF7E7-67B1-4288-9788-5C4B77134C93}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{9EFD2B83-5372-4894-8575-8C8E5B847265}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{20288461-1FFD-4205-AFB9-391B3C57DA5B}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [TCP Query User{D486F715-9081-414B-90C0-7154AB5D372D}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{4830ABDA-937D-46DB-9F53-B10E8227D38E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{43963875-CCA2-4749-A1D8-A1A9717C32D0}] => (Allow) D:\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{767A0746-7CFA-488D-B069-F8F63A9DAA50}] => (Allow) D:\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{B8B9DF97-BC9E-42F0-82E2-5B4C12086FAA}] => (Allow) D:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{5BB1B933-462C-4F96-AEDF-BB14D7C69D99}] => (Allow) D:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{229FD388-5D65-44A7-96A5-9CB87BD4C7FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{756BABFE-CEE9-4DCD-BC7A-5F7481D4CBA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E7CDE076-8F7D-402C-9C24-2248602FA894}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8B8B2B3F-F8C5-41DC-A11B-BE043B6589AA}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{C3026DDC-10CE-4911-AF9E-54584AA64F99}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{4E03F19E-2FDF-46CC-A1EA-BE6EB1A4548D}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{971AB233-6449-40CC-8D1D-0FCBB08A8C90}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{3A24150A-12A2-4199-9235-963C40B03C52}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{3205092D-DF66-4C1C-A8DB-664BCE1DA6E0}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{CB431A48-C614-46C6-8504-755CE287839C}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{12A60E68-8B60-41BC-ACFB-EBDB9F521B98}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{1E480D37-7DA8-4913-8645-F6D29D8F5305}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{69B7D013-D8F7-44CE-B5DC-B82B0B507C64}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{D7AFC1F6-924B-43F3-8710-CB2647450E4D}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{A92AB16C-169B-44B0-BC7E-101772D36EFC}D:\battlenet\battle.net\battle.net.exe] => (Allow) D:\battlenet\battle.net\battle.net.exe
FirewallRules: [UDP Query User{2A00A9DF-842D-4595-A18E-808608667862}D:\battlenet\battle.net\battle.net.exe] => (Allow) D:\battlenet\battle.net\battle.net.exe
FirewallRules: [{6B4EBF69-53A2-4250-BE77-CF65A7A2B0EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{69DF28EA-6324-4744-BE6D-F798E8D9B086}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4B508194-38D6-4081-9CB5-75267C4665B3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{96AD9E17-B01F-4E26-854E-51EA3660A409}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A5DD5592-0566-4F6D-96A2-F3B364C53B6E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5E778418-E98E-4F17-99E4-8FEF87386F14}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{DC82BE14-4652-4B64-A0EE-FACD85A16058}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6FF8517B-FF28-46F9-A611-7B820CE8C1CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{02E3B377-C739-40E3-A9CD-B6114AE0D759}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{5E08C8A9-4F57-4184-8DBD-E6534807A24B}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{7F3E9E7D-A950-4CF3-8898-BDD5EA874DA3}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{CC5E1346-D7B7-4D0D-AB83-1E4CC9F8D721}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{9E5E932A-4131-4D68-A739-2F1ABA8F4161}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{5941BBD1-5332-4AC7-90CE-5CE2FDB92B49}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{855B844E-F386-4E97-9051-9AB85A81DA00}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{84535404-3299-4984-9291-D04EB00349D9}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{93AFBAE8-C901-47AB-AC43-9865E600308B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C3A4F2C6-23B5-4D2B-BBC0-2F94392BB250}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{3E51BB7B-122A-4A51-A673-BBF17694D2F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6FA793C5-3704-4667-85E7-0C6A2B69EFDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{CC3B0554-6AD5-4297-9FF8-DAEF6E00975D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{36E0346C-5F51-4486-8816-9599D3930F9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{611BFBE5-0FE6-4ACC-B69C-4639B5F37128}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{797A5CBA-18CF-47C8-9215-0CA0DD80A780}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

01-11-2018 22:03:03 Punto de control programado
08-11-2018 10:46:50 Se ha instalado DirectX
13-11-2018 13:25:09 JRT Pre-Junkware Removal
13-11-2018 17:59:52 Malwarebytes Anti-Rootkit Restore Point
13-11-2018 19:19:20 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/13/2018 07:26:02 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (9768,G,0) Al intentar abrir el archivo "C:\Users\Carmen\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (11/13/2018 07:20:54 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (11196,G,0) Al intentar abrir el archivo "C:\Users\Carmen\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (11/13/2018 07:08:44 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (11736,G,0) Al intentar abrir el archivo "C:\Users\Carmen\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (11/13/2018 05:33:43 PM) (Source: ESENT) (EventID: 486) (User: )
Description: DllHost (12432,D,0) WebCacheLocal: Al intentar mover el archivo "C:\Users\Carmen\AppData\Local\Microsoft\Windows\WebCache\V0100097.log" a C:\Users\Carmen\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para mover el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (11/13/2018 05:33:12 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (11348,G,0) Al intentar abrir el archivo "C:\Users\Carmen\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (11/13/2018 01:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.2.0.704, marca de tiempo: 0x5b9acf90
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.254, marca de tiempo: 0xa5a334d4
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000001d979
Identificador del proceso con errores: 0x1034
Hora de inicio de la aplicación con errores: 0x01d47b4b752a971a
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: 7a7f9313-efd7-4ae2-a51a-aba66d1a830b
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/13/2018 01:22:26 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (11584,G,0) Al intentar abrir el archivo "C:\Users\Carmen\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (11/13/2018 01:21:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SkypeApp.exe, versión: 8.33.0.41, marca de tiempo: 0x5bca1f01
Nombre del módulo con errores: twinapi.appcore.dll, versión: 10.0.17134.137, marca de tiempo: 0xb5d50228
Código de excepción: 0xc000027b
Desplazamiento de errores: 0x000000000009cad5
Identificador del proceso con errores: 0x20f8
Hora de inicio de la aplicación con errores: 0x01d47b4b0d52eb46
Ruta de acceso de la aplicación con errores: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
Identificador del informe: 5ed1911d-c81b-4d18-9930-9b4abc282e1f
Nombre completo del paquete con errores: Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c
Identificador de aplicación relativa del paquete con errores: App


System errors:
=============
Error: (11/13/2018 07:30:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/13/2018 07:25:51 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-FUBEGHH)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-FUBEGHH\Carmen con SID (S-1-5-21-1871329410-1462816035-3121964735-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/13/2018 07:25:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/13/2018 07:25:32 PM) (Source: TPM) (EventID: 15) (User: )
Description: El controlador de dispositivo para el Módulo de plataforma segura (TPM) encontró en el hardware de TPM un error irrecuperable que impide que se usen los servicios de TPM (como el cifrado de datos). Para obtener más ayuda, póngase en contacto con el fabricante del equipo.

Error: (11/13/2018 07:25:01 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FUBEGHH)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/13/2018 07:25:01 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FUBEGHH)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/13/2018 07:25:01 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FUBEGHH)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/13/2018 07:25:01 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FUBEGHH)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.


CodeIntegrity:
===================================

Date: 2018-11-13 19:51:04.484
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-13 19:51:04.482
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-13 19:50:47.441
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-13 19:50:47.436
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-13 19:50:47.408
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-13 19:50:47.403
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-13 19:50:47.013
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-13 19:50:47.008
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 38%
Total physical RAM: 8109.7 MB
Available physical RAM: 4979 MB
Total Virtual: 13997.7 MB
Available Virtual: 9628.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.22 GB) (Free:147.66 GB) NTFS
Drive d: (Datos) (Fixed) (Total:931.51 GB) (Free:762.07 GB) NTFS

\\?\Volume{82084424-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{82084424-0000-0000-0000-306d3b000000}\ () (Fixed) (Total:0.77 GB) (Free:0.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 82084424)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=785 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E8EBF67C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#17

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\MountPoints2: {5e97d4f6-06c6-11e8-ab10-60f677a62ed9} - "E:\setup.exe" 
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\MountPoints2: {5e97d536-06c6-11e8-ab10-60f677a62ed9} - "F:\autoinst.exe" 
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\MountPoints2: {e9174fea-6f20-11e8-ab1c-309c23179a23} - "G:\LG_PC_Programs.exe" 
SearchScopes: HKU\S-1-5-21-1871329410-1462816035-3121964735-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
2018-11-13 19:53 - 2018-11-13 19:53 - 000000000 ____D C:\ProgramData\wyFxxAWDa
2018-11-01 09:39 - 2018-11-01 09:39 - 001350054 ____H C:\Users\Carmen\Desktop\~WRL3720.tmp
2018-10-31 13:36 - 2018-10-31 13:36 - 001919797 _____ C:\Users\Carmen\Desktop\7CA10007.tmp
2018-10-20 14:26 - 2018-11-13 13:25 - 000000000 ____D C:\Users\Carmen\AppData\Roaming\88929101d7329d1e93da1293a0b3c2ea
2018-11-13 19:35 - 2017-12-25 00:00 - 000000000 ____D C:\ProgramData\baa55a8b
VirusTotal: C:\DESKTOP-FUBEGHH



HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema ,realizando un nuevo análisis con Malwarebytes antimalware y me pegas el log tambien


#18

Buenas, os paso el informe de lo que me pedisteis ayer. Fix result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018 Ran by Carmen (13-11-2018 22:27:00) Run:1 Running from C:\Users\Carmen\Desktop Loaded Profiles: Carmen (Available Profiles: Carmen) Boot Mode: Safe Mode (minimal) ==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\MountPoints2: {5e97d4f6-06c6-11e8-ab10-60f677a62ed9} - "E:\setup.exe" 
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\MountPoints2: {5e97d536-06c6-11e8-ab10-60f677a62ed9} - "F:\autoinst.exe" 
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\...\MountPoints2: {e9174fea-6f20-11e8-ab1c-309c23179a23} - "G:\LG_PC_Programs.exe" 
SearchScopes: HKU\S-1-5-21-1871329410-1462816035-3121964735-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
2018-11-13 19:53 - 2018-11-13 19:53 - 000000000 ____D C:\ProgramData\wyFxxAWDa
2018-11-01 09:39 - 2018-11-01 09:39 - 001350054 ____H C:\Users\Carmen\Desktop\~WRL3720.tmp
2018-10-31 13:36 - 2018-10-31 13:36 - 001919797 _____ C:\Users\Carmen\Desktop\7CA10007.tmp
2018-10-20 14:26 - 2018-11-13 13:25 - 000000000 ____D C:\Users\Carmen\AppData\Roaming\88929101d7329d1e93da1293a0b3c2ea
2018-11-13 19:35 - 2017-12-25 00:00 - 000000000 ____D C:\ProgramData\baa55a8b
VirusTotal: C:\DESKTOP-FUBEGHH



HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e97d4f6-06c6-11e8-ab10-60f677a62ed9} => removed successfully
HKLM\Software\Classes\CLSID\{5e97d4f6-06c6-11e8-ab10-60f677a62ed9} => not found
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e97d536-06c6-11e8-ab10-60f677a62ed9} => removed successfully
HKLM\Software\Classes\CLSID\{5e97d536-06c6-11e8-ab10-60f677a62ed9} => not found
HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9174fea-6f20-11e8-ab1c-309c23179a23} => removed successfully
HKLM\Software\Classes\CLSID\{e9174fea-6f20-11e8-ab1c-309c23179a23} => not found
"HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
"C:\ProgramData\wyFxxAWDa" => not found
C:\Users\Carmen\Desktop\~WRL3720.tmp => moved successfully
C:\Users\Carmen\Desktop\7CA10007.tmp => moved successfully
C:\Users\Carmen\AppData\Roaming\88929101d7329d1e93da1293a0b3c2ea => moved successfully
C:\ProgramData\baa55a8b => moved successfully
VirusTotal: C:\DESKTOP-FUBEGHH => D41D8CD98F00B204E9800998ECF8427E (0-byte MD5)
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1871329410-1462816035-3121964735-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores



========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11590532 B
Java, Flash, Steam htmlcache => 367894062 B
Windows/system/drivers => 743842 B
Edge => 3584 B
Chrome => 401863512 B
Firefox => 14640796 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 912 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Carmen => 4545198 B

RecycleBin => 0 B
EmptyTemp: => 772.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:27:14 ====

Malwarebytes

-Detalles del registro-
Fecha del análisis: 14/11/18
Hora del análisis: 10:36
Archivo de registro: c4c168b2-e7f0-11e8-a569-309c23179a23.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.482
Versión del paquete de actualización: 1.0.7837
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17134.407)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-FUBEGHH\Carmen

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 380658
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 46 min, 52 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

En principio, he visto que ya no han vuelto a aparecer ninguno de los archivos que me señalaba el MAMB, así como tampoco sus procesos en el administrador de tareas o en carpetas con otros nombres… Así que me imagino que el problema está solucionado.

Muchas gracias por vuestra ayuda.


#19

Para eliminar las herramientas usadas en la desinfección, realizas:

  • Descargas y Ejecutas >> Delfix, en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)

  • Marca solamente la casilla Remove disinfection tools

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.


Me alegro de haberte podido ayudar! :+1:


TEMA SOLUCIONADO


#20

Este tema se cerró automáticamente 2 días después del último post. No se permiten nuevas respuestas.