PUP.Optional.VisicomToolbar

¡Hola, muy buenas!

Hace un par de horas me he encontrado con 19 infecciones detectadas por Malwarebytes al escanear mi PC. Tras enviarlas a cuarentena y restaurarlas, he reiniciado el sistema y para mi sorpresa ya no abría ni MWB ni mi antivirus (F-secure). Accediendo al modo seguro tampoco abrían, así que he reiniciado en modo normal nuevamente y ahora sí que he podido iniciarlos. Tras escanear nuevamente con Malwarebytes me encuentro que las infecciones esta vez son 17, y sus ubicaciones son las mismas. Me gustaría mencionar que en ningún momento he visto Toolbar o he notado nada raro en el PC, solo va algo más lento. Antes de proseguir, he decidido ingresar al foro y preguntar aquí directamente porque me da miedo tocar algo que no deba. Les agradecería enormemente si me dieran una respuesta. Les pego el resultado obtenido del análisis:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 9/7/19
Hora del análisis: 16:27
Archivo de registro: 41b105dc-a24d-11e9-875d-54ab3ae55b86.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.586
Versión del paquete de actualización: 1.0.11466
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.829)
CPU: x64
Sistema de archivos: NTFS
Usuario: LAPTOP-2KGR0EIF\erika

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 333068
Amenazas detectadas: 17
Amenazas en cuarentena: 0
Tiempo transcurrido: 6 min, 47 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 12
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, Sin acciones por parte del usuario, [2411], [635897],1.0.11466
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, Sin acciones por parte del usuario, [2411], [635897],1.0.11466
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\CLASSES\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, Sin acciones por parte del usuario, [2411], [635897],1.0.11466
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, Sin acciones por parte del usuario, [2411], [635897],1.0.11466
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, Sin acciones por parte del usuario, [2411], [635897],1.0.11466
PUP.Optional.VisicomToolbar, HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, Sin acciones por parte del usuario, [2411], [635897],1.0.11466
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, Sin acciones por parte del usuario, [2411], [635897],1.0.11466
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, Sin acciones por parte del usuario, [2411], [635897],1.0.11466
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, Sin acciones por parte del usuario, [2411], [635897],1.0.11466
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, Sin acciones por parte del usuario, [2411], [635897],1.0.11466
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\InprocServer32, Sin acciones por parte del usuario, [2411], [635897],1.0.11466
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\InprocServer32, Sin acciones por parte del usuario, [2411], [635897],1.0.11466

Valor del registro: 2
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, Sin acciones por parte del usuario, [2411], [635897],1.0.11466
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, Sin acciones por parte del usuario, [2411], [635897],1.0.11466

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 3
PUP.Optional.VisicomToolbar, C:\PROGRAM FILES (X86)\PANDASECURITYTB\PANDASECURITYDX.DLL, Sin acciones por parte del usuario, [2411], [635897],1.0.11466
PUP.Optional.VisicomToolbar, C:\PROGRAM FILES (X86)\PANDASECURITYTB\PANDASECURITYTB.DLL, Sin acciones por parte del usuario, [2411], [635897],1.0.11466
PUP.Optional.VisicomToolbar, C:\PROGRAM FILES (X86)\PANDASECURITYTB\PANDASECURITYTB64.DLL, Sin acciones por parte del usuario, [2411], [635897],1.0.11466

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Muchas gracias, un saludo.

Hola @Ventanita

En el reporte de Malwarebytes dice que no se tomaron medidas por parte del usuario, quiere decir que no se mandó nada a cuarentena.

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

• Realiza un Análisis personalizado, actualizando si te lo pide.
• Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
• En el apartado del manual Informes >> Informe de análisis encontrarás el reporte de MBAM, clic en Exportar >> Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

• Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
• Cierra también todos los programas que tengas abiertos.
• Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
• Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
• Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
• Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
• El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

• Instala Ccleaner
• Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine >> clic en ejecutar limpiador
• Clic en la pestaña Registro >> clic en buscar problemas esperas que termine >> clic en Reparar Seleccionadas y haces una copia de seguridad
• Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

¿Cómo pegar reportes en el foro?

Un saludo

Hola, disculpa la tardanza, el ordenador se colgaba al analizarlo. Este es el reporte de Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 11/7/19
Hora del análisis: 18:58
Archivo de registro: bf6611cc-a3f4-11e9-b540-54ab3ae55b86.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11506
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.829)
CPU: x64
Sistema de archivos: NTFS
Usuario: LAPTOP-2KGR0EIF\erika

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 595063
Amenazas detectadas: 19
Amenazas en cuarentena: 19
Tiempo transcurrido: 3 hr, 34 min, 7 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 12
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, En cuarentena, [2412], [635897],1.0.11506
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, En cuarentena, [2412], [635897],1.0.11506
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\CLASSES\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, En cuarentena, [2412], [635897],1.0.11506
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, En cuarentena, [2412], [635897],1.0.11506
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, En cuarentena, [2412], [635897],1.0.11506
PUP.Optional.VisicomToolbar, HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, En cuarentena, [2412], [635897],1.0.11506
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, En cuarentena, [2412], [635897],1.0.11506
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, En cuarentena, [2412], [635897],1.0.11506
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, En cuarentena, [2412], [635897],1.0.11506
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, En cuarentena, [2412], [635897],1.0.11506
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\InprocServer32, En cuarentena, [2412], [635897],1.0.11506
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\InprocServer32, En cuarentena, [2412], [635897],1.0.11506

Valor del registro: 2
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, En cuarentena, [2412], [635897],1.0.11506
PUP.Optional.VisicomToolbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}, En cuarentena, [2412], [635897],1.0.11506

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 5
PUP.Optional.VisicomToolbar, C:\PROGRAM FILES (X86)\PANDASECURITYTB\PANDASECURITYDX.DLL, En cuarentena, [2412], [635897],1.0.11506
PUP.Optional.VisicomToolbar, C:\PROGRAM FILES (X86)\PANDASECURITYTB\PANDASECURITYTB64.DLL, En cuarentena, [2412], [635897],1.0.11506
PUP.Optional.VisicomToolbar, C:\PROGRAM FILES (X86)\PANDASECURITYTB\PANDASECURITYTB.DLL, En cuarentena, [2412], [635897],1.0.11506
Generic.Malware/Suspicious, C:\USERS\ERIKA\DOCUMENTS\JUEGOS\ROMHACKING\HERRAMIENTAS\HERRAMIENTAS DE ROM ESPAÑOLAS\[A-TRAINER]\A-TRAINER.EXE, En cuarentena, [0], [392686],1.0.11506
Generic.Malware/Suspicious, C:\USERS\ERIKA\DOWNLOADS\FULL.EXE, En cuarentena, [0], [392686],1.0.11506

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Y aquí los de AdwCleaner. Me dio 2 en el mismo escaneo, espero no haya problema:

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-11-2019
# Duration: 00:00:46
# OS:       Windows 10 Home
# Cleaned:  20
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected]
Deleted       C:\Program Files (x86)\pandasecuritytb
Deleted       C:\Users\Public\App Explorer
Deleted       C:\Users\erika\AppData\LocalLow\pandasecuritytb
Deleted       C:\Users\erika\AppData\Local\Host App Service
Deleted       C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Deleted       C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service

***** [ Files ] *****

Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
Deleted       C:\Users\erika\Favorites\Booking.com.url
Deleted       C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url
Deleted       C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Host App Service
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
Deleted       HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted       HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}

***** [ Chromium (and derivatives) ] *****

Deleted       Amazon Assistant for Chrome

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted       Amazon Assistant for Firefox

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2986 octets] - [11/07/2019 23:01:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-11-2019
# Duration: 00:00:33
# OS:       Windows 10 Home
# Scanned:  27557
# Detected: 20


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.pokki                    C:\Users\Public\App Explorer
Adware.pokki                    C:\Users\erika\AppData\Local\Host App Service
Adware.pokki                    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Adware.pokki                    C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service
PUP.Optional.AmazonAssistant    C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected]
PUP.Optional.Legacy             C:\Program Files (x86)\pandasecuritytb
PUP.Optional.Legacy             C:\Users\erika\AppData\LocalLow\pandasecuritytb

***** [ Files ] *****

Adware.pokki                    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
PUP.Optional.Booking            C:\Users\erika\Favorites\Booking.com.url
PUP.Optional.Booking            C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url
PUP.Optional.Booking            C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.pokki                    HKCU\Software\Host App Service
Adware.pokki                    HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki                    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}

***** [ Chromium (and derivatives) ] *****

PUP.Optional.AmazonBrowserBar   Amazon Assistant for Chrome

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

PUP.Optional.Assistant          Amazon Assistant for Firefox

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

De momento el ordenador funciona “bien”. He pasado Malwarebytes nuevamente y ya no detecta nada. Al arrancar el pc va lento, con 100% de uso en disco y niveles altos de superfetch e interrupciones del sistema, pero imagino que el problema puede venir de otra parte y no tiene que ver con este tema, así que leeré al respecto. Por lo tanto, creo que el problema por el que abrí el hilo ya está resuelto.

¡Muchas gracias, un saludo!

Hola

Vamos a ver si queda algo en tu equipo que pueda producir la lentitud.

Descarga Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1] ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]

• Ejecuta FRST.exe.
• En el mensaje de la ventana del Disclaimer, pulsamos Yes
• En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
• Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

Hola,

He descargado la herramienta pero el antivirus me la detecta como un troyano y la elimina. La razón que me da es: Trojan:W32/CryptoRansom.54bbc2dfcb!Online

¿Es un falso positivo? Es del link que has enviado. Procederé según tu respuesta.

Gracias, un saludo

Hola

Es un falso positivo, desactiva temporalmente tu antivirus >> Cómo deshabilitar temporalmente su antivirus

Un saludo

Hola, te pego los reportes (frst.txt) parte 1

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2019
Ran by erika (administrator) on LAPTOP-2KGR0EIF (Acer Aspire E5-575G) (15-07-2019 15:22:50)
Running from C:\Users\erika\Downloads
Loaded Profiles: erika &  (Available Profiles: erika)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acer Incorporated -> ) C:\OEM\Preload\FubTracking\FubTracking.exe
(Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated -> Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated -> acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1561631560.0\fshoster64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1561631560.0\fsorsp64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1561631560.0\fsulprothoster.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxext.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Visicom Media Inc. -> Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2018-11-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2018-11-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1903344 2016-02-17] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151134810\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151134907\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22695280 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\...\Run: [Spotify] => C:\Users\erika\AppData\Roaming\Spotify\Spotify.exe [25591712 2019-07-14] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151135026\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22695280 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151135026\...\Run: [Spotify] => C:\Users\erika\AppData\Roaming\Spotify\Spotify.exe [25591712 2019-07-14] (Spotify AB -> Spotify Ltd)
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\system32\vorbis.acm [1562432 2016-12-15] (Image Line -> HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1456448 2016-12-15] (Image Line -> HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-21] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04646084-452C-4AD4-B826-E034D1A41CC4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {0481BC6E-5635-4CA5-9A47-AC5F661D507F} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2919840 2016-01-20] (Acer Incorporated -> )
Task: {0BA95BB3-27E4-455B-AD09-0E3391F5F046} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
Task: {0F18D63C-F862-4376-84EE-9C9EFC2F2021} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {1BC53133-18CB-40D9-8479-4F0FED82FD31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-24] (Google Inc -> Google Inc.)
Task: {2DA75ED0-6A88-4E7D-A181-03E160FC5666} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16667424 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {355F852A-7001-4393-A65A-7457F7E17AF9} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4644256 2016-01-20] (Acer Incorporated -> )
Task: {378A449A-FCD6-4F10-8A3D-E8AE3CBF78E3} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [421792 2016-05-23] (Acer Incorporated -> Acer Incorporated)
Task: {426A17CD-DF9C-4CC2-A589-D52CA726BC68} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E1989CC-3F63-405B-9807-20780A3DFB6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {5A8C5CDE-3D27-4211-A3B4-D4A8D5FBB8DA} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65752 2017-03-20] (Acer Incorporated -> Acer Incorporated)
Task: {5B12E1D2-CF81-4EE9-BA95-31D412973719} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6EE4A65A-C8FE-4C2C-A9FA-52508B3CED13} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [152880 2016-09-20] (Acer Incorporated -> )
Task: {772BA647-46FB-4DA3-8C28-4F182EFD180C} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [30976 2015-05-14] (Acer Incorporated -> )
Task: {8838A688-DE70-4F96-9E33-A0EB3502A47D} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [63808 2018-09-26] (Acer Incorporated -> Acer)
Task: {956D445F-8449-4627-8107-354AFED6A5CC} - no filepath
Task: {9CF1E26A-1D04-47DA-AEB4-44A6F59D3434} - no filepath
Task: {9DA8F399-D8D0-4E44-9744-62C7E0791552} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-24] (Google Inc -> Google Inc.)
Task: {A127CE9A-CDF8-4711-B367-2087A1F2F212} - System32\Tasks\F-Secure\F-Secure Hotfix => C:\Program Files (x86)\F-Secure\SAFE\fs_hotfix.exe [268744 2019-03-25] (F-Secure Corporation -> F-Secure Corporation)
Task: {A7FE0165-317A-4131-BA67-C9EECDBF6178} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {B0A1AD74-05A7-4252-8130-70601E0180A2} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [216296 2014-03-13] (Acer Incorporated -> TODO: <Company name>)
Task: {B89CD3AA-4ABA-41B8-881B-BA369092485C} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CC22145B-FAAF-4C4E-A4E1-23C1693276E1} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {CF9C415C-C0B5-4292-8FEF-777526A90F7D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {D65A8336-E775-493D-BD59-7F945DCADE4B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA373233-071A-4568-B38E-078241CD5DD3} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [472992 2016-05-23] (Acer Incorporated -> Acer Incorporated)
Task: {DAC512A7-BB35-44C0-99D3-BE8073BC51EF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E28D7D70-5F9A-4819-90B5-C2819368534A} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [40352 2016-01-20] (Acer Incorporated -> )
Task: {E6B621C2-132B-4F70-BD7B-B93782AB2A54} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2766240 2016-05-23] (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{0fd71be2-205e-4436-9f12-46d7030b86ed}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8e177a6f-15ce-428a-9144-50913d3e4340}: [DhcpNameServer] 192.168.8.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.acer15.msn.com/?pc=ACTE
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151135026\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151135026\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.acer15.msn.com/?pc=ACTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\nif\1561457949\browser\install\fs_ie_https\fs_ie_https64.dll [2019-06-25] (F-Secure Corporation -> F-Secure Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-07-12] (McAfee, LLC -> McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\nif\1561457949\browser\install\fs_ie_https\fs_ie_https.dll [2019-06-25] (F-Secure Corporation -> F-Secure Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-07-12] (McAfee, LLC -> McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

FireFox:
========
FF ProfilePath: C:\Users\erika\AppData\Roaming\Mozilla\Firefox\Profiles\4y0yly15.default-1536914140520 [2019-07-11]
FF Extension: (Español (España) Language Pack) - C:\Users\erika\AppData\Roaming\Mozilla\Firefox\Profiles\4y0yly15.default-1536914140520\Extensions\[email protected] [2018-09-14] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Users\erika\AppData\Roaming\Mozilla\Firefox\Profiles\4y0yly15.default-1536914140520\Extensions\[email protected] [2018-09-14] [Legacy]
FF Extension: (Español (España) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2016-05-05] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2016-05-05] [Legacy]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-07-12]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\nif\1561457949\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\nif\1561457949\browser\install\fs_firefox_https\fs_firefox_https.xpi [2019-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\nif\1561457949\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-18] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-18] (Google Inc -> Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]

Chrome: 
=======
CHR Profile: C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default [2019-07-15]
CHR Extension: (Presentaciones) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Documentos) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-24]
CHR Extension: (YouTube) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-24]
CHR Extension: (Hojas de cálculo) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-04-26]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-31]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2019-06-25]
CHR Extension: (Fair AdBlocker) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2019-06-01]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-21]
CHR Profile: C:\Users\erika\AppData\Local\Google\Chrome\User Data\System Profile [2019-07-11]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278616 2017-03-20] (Acer Incorporated -> Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11413600 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane -> Dashlane, Inc.)
R2 fshoster; C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [209864 2019-03-25] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [209864 2019-03-25] (F-Secure Corporation -> F-Secure Corporation)
S2 fsulhoster; C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1561631560.0\fshoster64.exe [588928 2019-06-30] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulnethoster; C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1561631560.0\fshoster64.exe [588928 2019-06-30] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1561631560.0\fsorsp64.exe [101248 2019-06-30] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulprothoster; C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1561631560.0\fsulprothoster.exe [588928 2019-06-30] (F-Secure Corporation -> F-Secure Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation -> NVIDIA Corporation)
R2 ICEsoundService; C:\WINDOWS\system32\ICEsoundService64.exe [806144 2018-11-08] (ICEpower a/s -> ICEpower)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
S2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26576 2018-01-11] (Intel(R) CN -> Intel Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899264 2019-07-12] (McAfee, LLC -> McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation -> NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation -> NVIDIA Corporation)
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-11-06] (Visicom Media Inc. -> Visicom Media Inc.)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-05-23] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-05-23] (Acer Incorporated -> Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [291232 2016-02-01] (Acer Incorporated -> acer)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2238408 2019-06-15] (Wacom Technology Corporation -> Wacom Technology, Corp.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [183896 2016-03-24] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1561631560.0\fsulgk.sys [289144 2019-06-30] (F-Secure Corporation -> F-Secure Corporation)
R1 F-Secure UL HIPS; C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1561631560.0\fshs.sys [102568 2019-06-30] (F-Secure Corporation -> F-Secure Corporation)
U5 fsbts; C:\Windows\System32\Drivers\fsbts.sys [65872 2018-08-31] (F-Secure Corporation -> )
S0 fselms; C:\WINDOWS\System32\drivers\fselms.sys [15296 2019-05-18] (Microsoft Windows Early Launch Anti-malware Publisher -> F-Secure Corporation)
S3 fsni; C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\nif\1561457949\fsni64.sys [108704 2019-06-25] (F-Secure Corporation -> F-Secure Corporation)
S3 hidkmdf; C:\WINDOWS\System32\drivers\hidkmdf.sys [14136 2014-08-06] (Wacom Technology Corp. -> Windows (R) Win 7 DDK provider)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2019-05-06] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47928 2019-05-06] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9d2734742a07f3cf\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation -> NVIDIA Corporation)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc. -> Visicom Media Inc.)
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2360048 2018-08-29] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-11-19] (Realtek Semiconductor Corp -> Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [131736 2019-06-15] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2018-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2018-12-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-15 15:22 - 2019-07-15 15:25 - 000037393 _____ C:\Users\erika\Downloads\FRST.txt
2019-07-15 15:22 - 2019-07-15 15:22 - 000000000 ____D C:\FRST
2019-07-15 15:21 - 2019-07-15 15:21 - 002095104 _____ (Farbar) C:\Users\erika\Downloads\FRST64.exe
2019-07-15 15:11 - 2019-07-15 15:11 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-07-15 15:10 - 2019-07-15 15:10 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-15 15:10 - 2019-07-15 15:10 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-07-15 15:10 - 2019-07-15 15:10 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-07-15 15:10 - 2019-07-15 15:10 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-07-14 21:55 - 2019-07-14 21:55 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignfda66d43111491a9
2019-07-14 20:53 - 2019-07-14 20:53 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign0f6c7ade42b63a96
2019-07-14 18:02 - 2019-07-04 07:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-14 18:02 - 2019-07-04 07:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-14 18:02 - 2019-07-04 07:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-14 18:02 - 2019-07-04 07:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-14 18:02 - 2019-07-04 07:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-14 18:02 - 2019-07-04 07:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-14 18:02 - 2019-07-04 07:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-14 18:02 - 2019-07-04 07:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-14 18:02 - 2019-07-04 07:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-14 18:02 - 2019-07-04 07:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-14 18:02 - 2019-07-04 07:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-14 18:02 - 2019-07-04 07:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-14 18:02 - 2019-07-04 07:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-14 18:02 - 2019-07-04 07:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-14 18:02 - 2019-06-13 14:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-14 18:02 - 2019-06-13 14:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-14 18:02 - 2019-06-13 14:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-14 18:02 - 2019-06-13 09:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-14 18:02 - 2019-06-13 09:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-14 18:02 - 2019-06-13 09:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-14 18:02 - 2019-06-13 09:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-14 18:02 - 2019-06-13 09:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-14 18:02 - 2019-06-13 09:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-14 18:02 - 2019-06-13 09:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-14 18:02 - 2019-06-13 09:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-14 18:02 - 2019-06-13 09:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-14 18:02 - 2019-06-13 08:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-14 18:02 - 2019-06-13 07:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-07-14 18:02 - 2019-06-13 07:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-07-14 18:02 - 2019-06-13 07:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-14 18:02 - 2019-06-13 07:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-14 18:02 - 2019-06-13 07:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-14 18:01 - 2019-07-04 12:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-14 18:01 - 2019-07-04 11:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-14 18:01 - 2019-07-04 07:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-14 18:01 - 2019-07-04 07:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-14 18:01 - 2019-07-04 07:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-14 18:01 - 2019-07-04 07:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-14 18:01 - 2019-07-04 07:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-14 18:01 - 2019-07-04 07:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-14 18:01 - 2019-07-04 07:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-14 18:01 - 2019-07-04 07:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-14 18:01 - 2019-07-04 07:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-07-14 18:01 - 2019-07-04 07:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-14 18:01 - 2019-07-04 07:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-14 18:01 - 2019-07-04 07:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-14 18:01 - 2019-07-04 07:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-14 18:01 - 2019-07-04 07:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-14 18:01 - 2019-07-04 06:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-07-14 18:01 - 2019-06-13 14:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-14 18:01 - 2019-06-13 14:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-14 18:01 - 2019-06-13 14:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-14 18:01 - 2019-06-13 14:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-14 18:01 - 2019-06-13 14:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-14 18:01 - 2019-06-13 14:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-14 18:01 - 2019-06-13 14:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-14 18:01 - 2019-06-13 12:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-14 18:01 - 2019-06-13 12:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-14 18:01 - 2019-06-13 09:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-14 18:01 - 2019-06-13 09:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-07-14 18:01 - 2019-06-13 09:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-14 18:01 - 2019-06-13 09:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-14 18:01 - 2019-06-13 09:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-14 18:01 - 2019-06-13 09:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-14 18:01 - 2019-06-13 09:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-14 18:01 - 2019-06-13 07:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-14 18:01 - 2019-06-13 07:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-14 18:01 - 2019-06-13 07:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-14 18:00 - 2019-07-04 12:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-14 18:00 - 2019-07-04 12:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-07-14 18:00 - 2019-07-04 12:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-14 18:00 - 2019-07-04 11:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-14 18:00 - 2019-07-04 07:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-14 18:00 - 2019-07-04 07:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-14 18:00 - 2019-07-04 07:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-14 18:00 - 2019-07-04 07:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-14 18:00 - 2019-07-04 07:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-14 18:00 - 2019-07-04 07:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-14 18:00 - 2019-06-13 14:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-14 18:00 - 2019-06-13 14:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-14 18:00 - 2019-06-13 14:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-14 18:00 - 2019-06-13 14:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-14 18:00 - 2019-06-13 14:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-14 18:00 - 2019-06-13 12:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-14 18:00 - 2019-06-13 10:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-14 18:00 - 2019-06-13 09:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-14 18:00 - 2019-06-13 09:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-14 18:00 - 2019-06-13 09:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-14 17:59 - 2019-07-04 12:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-14 17:59 - 2019-07-04 12:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-14 17:59 - 2019-07-04 12:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-14 17:59 - 2019-07-04 07:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-14 17:59 - 2019-07-04 07:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-14 17:59 - 2019-07-04 07:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-14 17:59 - 2019-07-04 07:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-14 17:59 - 2019-07-04 07:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-14 17:59 - 2019-07-04 07:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-14 17:59 - 2019-07-04 07:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-14 17:59 - 2019-07-04 07:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-14 17:59 - 2019-06-13 14:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-14 17:59 - 2019-06-13 14:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-14 17:59 - 2019-06-13 14:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-07-14 17:59 - 2019-06-13 14:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-14 17:59 - 2019-06-13 13:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-07-14 17:59 - 2019-06-13 12:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-07-14 17:59 - 2019-06-13 09:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-14 17:59 - 2019-06-13 09:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-07-14 17:59 - 2019-06-13 09:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-07-14 17:59 - 2019-06-13 09:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-14 17:59 - 2019-06-13 09:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-14 17:59 - 2019-06-13 09:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-14 17:59 - 2019-06-13 08:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-07-14 17:59 - 2019-06-13 08:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-07-14 17:59 - 2019-06-13 07:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-14 17:58 - 2019-07-04 12:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-14 17:58 - 2019-07-04 11:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-14 17:58 - 2019-07-04 07:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-14 17:58 - 2019-07-04 07:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-14 17:58 - 2019-07-04 07:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-14 17:58 - 2019-07-04 07:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-14 17:58 - 2019-07-04 07:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-14 17:58 - 2019-07-04 07:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-14 17:58 - 2019-07-04 07:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-14 17:58 - 2019-06-21 11:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-14 17:58 - 2019-06-13 14:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-14 17:58 - 2019-06-13 09:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-14 17:58 - 2019-06-13 09:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-07-14 17:58 - 2019-06-13 09:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-14 17:58 - 2019-06-13 09:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-14 17:58 - 2019-06-13 09:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-14 17:58 - 2019-06-13 09:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-14 17:58 - 2019-06-13 09:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-14 17:58 - 2019-06-13 09:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-14 17:58 - 2019-06-13 09:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-14 17:58 - 2019-06-13 09:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-14 17:58 - 2019-06-13 08:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-07-14 17:58 - 2019-06-13 08:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-07-14 17:58 - 2019-06-13 07:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-14 17:58 - 2019-06-13 07:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-14 17:57 - 2019-07-04 07:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-14 17:57 - 2019-07-04 07:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-14 17:57 - 2019-07-04 07:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-07-14 17:57 - 2019-07-04 07:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-14 17:57 - 2019-07-04 07:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-14 17:57 - 2019-07-04 07:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-14 17:57 - 2019-07-04 07:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-14 17:57 - 2019-07-04 07:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-14 17:57 - 2019-07-04 07:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-14 17:57 - 2019-07-04 07:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-14 17:57 - 2019-06-13 15:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-14 17:57 - 2019-06-13 14:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-14 17:57 - 2019-06-13 14:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-14 17:57 - 2019-06-13 14:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-14 17:57 - 2019-06-13 14:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-14 17:57 - 2019-06-13 14:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-14 17:57 - 2019-06-13 13:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-14 17:57 - 2019-06-13 12:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-14 17:57 - 2019-06-13 12:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-14 17:57 - 2019-06-13 09:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-14 17:57 - 2019-06-13 09:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-14 17:57 - 2019-06-13 09:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-14 17:57 - 2019-06-13 09:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-07-14 17:57 - 2019-06-13 09:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-14 17:57 - 2019-06-13 08:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-14 17:57 - 2019-06-13 07:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-07-14 17:56 - 2019-07-04 12:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-14 17:56 - 2019-07-04 12:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-14 17:56 - 2019-07-04 12:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-14 17:56 - 2019-07-04 11:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-14 17:56 - 2019-07-04 11:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

parte 2

2019-07-14 17:56 - 2019-07-04 11:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-14 17:56 - 2019-07-04 07:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-14 17:56 - 2019-07-04 07:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-14 17:56 - 2019-07-04 07:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-14 17:56 - 2019-07-04 07:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-14 17:56 - 2019-07-04 07:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-14 17:56 - 2019-07-04 07:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-14 17:56 - 2019-07-04 07:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-14 17:56 - 2019-07-04 07:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-14 17:56 - 2019-07-04 07:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-14 17:56 - 2019-07-04 07:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-14 17:56 - 2019-07-04 07:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-07-14 17:56 - 2019-07-04 07:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-14 17:56 - 2019-07-04 07:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-14 17:56 - 2019-07-04 07:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-14 17:56 - 2019-07-04 07:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-14 17:56 - 2019-06-13 15:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-14 17:56 - 2019-06-13 14:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-14 17:56 - 2019-06-13 14:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-14 17:56 - 2019-06-13 14:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-14 17:56 - 2019-06-13 14:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-14 17:56 - 2019-06-13 14:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-14 17:56 - 2019-06-13 14:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-07-14 17:56 - 2019-06-13 13:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-14 17:56 - 2019-06-13 13:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-14 17:56 - 2019-06-13 12:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-14 17:56 - 2019-06-13 10:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-14 17:56 - 2019-06-13 10:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-14 17:56 - 2019-06-13 10:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-14 17:56 - 2019-06-13 09:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-14 17:56 - 2019-06-13 09:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-07-14 17:56 - 2019-06-13 09:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-14 17:56 - 2019-06-13 09:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-07-14 17:56 - 2019-06-13 09:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-14 17:56 - 2019-06-13 09:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-14 17:56 - 2019-06-13 09:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-14 17:56 - 2019-06-13 09:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-14 17:56 - 2019-06-13 09:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-14 17:56 - 2019-06-13 09:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-14 17:56 - 2019-06-13 07:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-07-14 17:56 - 2019-06-13 07:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-07-14 17:56 - 2019-06-13 07:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-14 17:56 - 2019-06-13 07:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-14 17:56 - 2019-06-13 07:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-14 17:55 - 2019-07-04 12:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-14 17:55 - 2019-07-04 08:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-14 17:55 - 2019-07-04 07:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-14 17:55 - 2019-07-04 07:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-14 17:55 - 2019-07-04 07:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-14 17:55 - 2019-07-04 07:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-14 17:55 - 2019-07-04 07:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-07-14 17:55 - 2019-07-04 07:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-14 17:55 - 2019-07-04 07:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-14 17:55 - 2019-07-04 07:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-14 17:55 - 2019-07-04 07:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-14 17:55 - 2019-07-04 07:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-14 17:55 - 2019-07-04 07:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-14 17:55 - 2019-07-04 07:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-07-14 17:55 - 2019-07-04 07:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-14 17:55 - 2019-07-04 07:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-14 17:55 - 2019-07-04 07:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-14 17:55 - 2019-07-04 07:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-14 17:55 - 2019-07-04 07:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-14 17:55 - 2019-07-04 07:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-14 17:55 - 2019-07-04 07:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-14 17:55 - 2019-07-04 07:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-14 17:55 - 2019-07-04 07:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-14 17:55 - 2019-07-04 07:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-14 17:55 - 2019-06-13 15:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-14 17:55 - 2019-06-13 15:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-14 17:55 - 2019-06-13 15:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-14 17:55 - 2019-06-13 14:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-14 17:55 - 2019-06-13 14:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-14 17:55 - 2019-06-13 14:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-07-14 17:55 - 2019-06-13 14:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-14 17:55 - 2019-06-13 12:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-14 17:55 - 2019-06-13 10:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-14 17:55 - 2019-06-13 09:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-14 17:55 - 2019-06-13 08:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-14 17:08 - 2019-07-14 23:10 - 000000000 ____D C:\Users\erika\AppData\Local\Spotify
2019-07-14 17:08 - 2019-07-14 17:08 - 000001854 _____ C:\Users\erika\Desktop\Spotify.lnk
2019-07-14 17:08 - 2019-07-14 17:08 - 000001840 _____ C:\Users\erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2019-07-14 17:07 - 2019-07-14 17:07 - 000903680 _____ (Spotify Ltd) C:\Users\erika\Downloads\SpotifySetup (1).exe
2019-07-14 17:01 - 2019-07-14 23:10 - 000000000 ____D C:\Users\erika\AppData\Roaming\Spotify
2019-07-14 16:42 - 2019-07-14 16:42 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-07-14 16:42 - 2019-07-14 16:42 - 000002516 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-07-14 16:42 - 2019-07-14 16:42 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-07-14 16:42 - 2019-07-14 16:42 - 000002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-07-14 16:42 - 2019-07-14 16:42 - 000002489 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-07-14 16:42 - 2019-07-14 16:42 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-07-14 16:42 - 2019-07-14 16:42 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-07-14 16:42 - 2019-07-14 16:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-07-14 16:33 - 2019-07-14 16:33 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignd8c0491f9b9919f0
2019-07-14 16:32 - 2019-07-14 16:32 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign4d7a43e64938656c
2019-07-13 22:37 - 2019-07-13 22:37 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign691e6bc00f475f79
2019-07-13 18:32 - 2019-07-13 18:32 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign7035c11af5eba27c
2019-07-13 17:45 - 2019-07-13 17:45 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsigne6b2815afd496e7e
2019-07-13 17:43 - 2019-07-13 17:43 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign9fac0221682748b0
2019-07-13 17:42 - 2019-07-13 17:42 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign10e546df0eaf5e85
2019-07-12 18:18 - 2019-07-12 18:18 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignef2b445be4637c58
2019-07-12 16:16 - 2019-07-12 16:16 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignfcd7eb0644c979fe
2019-07-12 14:53 - 2019-07-12 14:53 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign6f6f09290cd00ef9
2019-07-12 14:53 - 2019-07-12 14:53 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign2ba6a8d404a03973
2019-07-12 14:51 - 2019-07-12 14:51 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign8c73ef72d79df596
2019-07-12 13:27 - 2019-07-12 13:27 - 000001277 _____ C:\Users\erika\Desktop\CrystalDiskInfo.lnk
2019-07-12 13:27 - 2019-07-12 13:27 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2019-07-12 13:25 - 2019-07-12 13:25 - 003946848 _____ (Crystal Dew World ) C:\Users\erika\Downloads\CrystalDiskInfo8_2_0.exe
2019-07-11 23:00 - 2019-07-11 23:02 - 000000000 ____D C:\AdwCleaner
2019-07-11 22:58 - 2019-07-09 17:31 - 007025360 _____ (Malwarebytes) C:\Users\erika\Desktop\adwcleaner_7.3.exe
2019-07-11 18:56 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-07-11 18:55 - 2019-07-11 18:55 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-11 18:55 - 2019-07-11 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-11 18:55 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-07-09 17:32 - 2019-07-09 17:32 - 000002001 _____ C:\Users\erika\Documents\Pasos seguir.txt
2019-07-09 17:31 - 2019-07-09 17:31 - 007025360 _____ (Malwarebytes) C:\Users\erika\Downloads\adwcleaner_7.3.exe
2019-07-09 15:47 - 2019-07-09 15:47 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-07-09 15:19 - 2019-07-09 16:55 - 000004638 _____ C:\Users\erika\Documents\MWBAM 9-7-19 resultado informe.txt
2019-07-09 14:35 - 2019-07-09 14:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tableta Wacom
2019-07-09 14:17 - 2019-07-09 14:17 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign8522cb5e94b50199
2019-07-08 22:28 - 2019-07-08 22:28 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign7b9bc005e6482252
2019-07-08 22:06 - 2019-07-08 22:06 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignb6feb63d1b550c73
2019-07-08 22:06 - 2019-07-08 22:06 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignafea867f6333d11f
2019-07-08 22:04 - 2019-07-08 22:04 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign3ba78fc2828ec972
2019-07-08 22:02 - 2019-07-08 22:02 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign055f42010b313d09
2019-07-08 17:43 - 2019-07-08 17:43 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign62e62907e6a10a1a
2019-07-08 16:53 - 2019-07-08 16:53 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignd76bfd44a0892c2f
2019-07-08 16:20 - 2019-07-08 16:20 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignba3caf71ded39414
2019-07-08 16:16 - 2019-07-08 16:16 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign3097a7a99471b672
2019-07-08 15:59 - 2019-07-08 15:59 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignd1c1d1d2e9c098a3
2019-07-03 11:32 - 2019-07-03 11:32 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign6c8597bcf586b6fb
2019-07-03 11:32 - 2019-07-03 11:32 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign2a5449f434383421
2019-07-03 11:26 - 2019-07-03 11:26 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignbcb5b4e151092921
2019-07-02 17:07 - 2019-07-02 17:07 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign86e9a67b553c631a
2019-07-02 17:06 - 2019-07-02 17:06 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignbdc66c224027a6f3
2019-07-02 16:05 - 2019-07-02 16:05 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignd2a1d8466be6a999
2019-07-02 16:02 - 2019-07-02 16:02 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignf3d25f8691b53e5a
2019-07-02 16:01 - 2019-07-02 16:01 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsigna24ec4b014f239df
2019-07-02 15:54 - 2019-07-02 15:54 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign8b787a26eeb85562
2019-07-02 15:51 - 2019-07-02 15:51 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignf3af637eedb32818
2019-06-30 20:05 - 2019-06-30 20:05 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignf6d6310780eee3ad
2019-06-30 20:05 - 2019-06-30 20:05 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign79eb2bd80ec58ba8
2019-06-30 17:39 - 2019-06-30 17:39 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign6b38fb13440c665d
2019-06-30 17:14 - 2019-06-30 17:14 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignfcbab81c4b8e79e0
2019-06-30 16:55 - 2019-06-30 16:55 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignf4ebe2557157eda2
2019-06-30 16:55 - 2019-06-30 16:55 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign1c79879614c7d63d
2019-06-30 16:45 - 2019-06-30 16:45 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign263b05148cdad2f2
2019-06-30 16:42 - 2019-06-30 16:42 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign73707c4946faec1d
2019-06-30 16:41 - 2019-06-30 16:41 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign3c4d474f4fa7df0d
2019-06-30 16:38 - 2019-06-30 16:38 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign2cb70bb0b6ef6dba
2019-06-26 18:06 - 2019-06-26 18:06 - 000000000 ____D C:\Users\erika\Downloads\PS brushes
2019-06-26 18:02 - 2019-06-26 18:02 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign35d76479c8ecb061
2019-06-26 17:48 - 2019-06-26 17:48 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign183afe78cd48ce79
2019-06-26 17:47 - 2019-06-26 17:47 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignbb6af2f6ca21b5a7
2019-06-25 21:30 - 2019-06-25 21:30 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign6459ecb2e6db22e8
2019-06-25 21:29 - 2019-06-25 21:29 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign8b40ad5e9ff7f55f
2019-06-25 21:29 - 2019-06-25 21:29 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign70685009b27239eb
2019-06-23 12:52 - 2019-06-23 12:52 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign97e38bb2dc1f074f
2019-06-23 12:46 - 2019-06-23 12:46 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign949fd4ee8870f808
2019-06-23 12:32 - 2019-06-23 12:40 - 000000000 ____D C:\Users\TEMP
2019-06-22 18:32 - 2019-06-22 18:32 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignd8ec20ab51853023
2019-06-22 18:32 - 2019-06-22 18:32 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignb01c2c3daab3bfc2
2019-06-22 18:18 - 2019-06-22 18:18 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignc4354d3a39e52951
2019-06-21 23:58 - 2019-06-21 23:58 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign3b3acde4a310414a
2019-06-21 23:11 - 2019-06-21 23:11 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign8515922c63273bec
2019-06-21 22:57 - 2019-06-21 22:57 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignf51011096dac9189
2019-06-21 22:40 - 2019-06-21 22:40 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign2561fb66a5e9a7d1
2019-06-21 22:38 - 2019-06-21 22:38 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignede2fa0845670738
2019-06-21 22:34 - 2019-06-21 22:34 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsigncaf1227bf3277241
2019-06-21 22:34 - 2019-06-21 22:34 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignbda68fdf6baeaee7
2019-06-21 22:08 - 2019-06-21 22:08 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsignd6aaf9f51e43d2b4
2019-06-21 22:08 - 2019-06-21 22:08 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign7c90f00cf2532d1a
2019-06-21 20:11 - 2019-06-21 20:11 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign1f608c559207957b
2019-06-21 16:46 - 2019-06-21 16:46 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign190b3b8ccc78d1c5
2019-06-21 16:07 - 2019-06-21 16:07 - 000000000 ____D C:\Users\erika\AppData\Local\Tempzxpsign4a70d0c46fd21345
2019-06-17 23:09 - 2019-06-17 23:09 - 000002019 _____ C:\Users\erika\Documents\hosts.txt
2019-06-17 23:00 - 2015-10-30 10:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.backup

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-15 15:22 - 2018-04-24 22:03 - 000000000 ____D C:\Users\erika\AppData\Roaming\WTablet
2019-07-15 15:22 - 2018-04-12 02:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-15 15:17 - 2018-06-01 15:23 - 000428286 _____ C:\WINDOWS\system32\perfh00B.dat
2019-07-15 15:17 - 2018-06-01 15:23 - 000081538 _____ C:\WINDOWS\system32\perfc00B.dat
2019-07-15 15:17 - 2018-06-01 14:34 - 002278424 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-15 15:17 - 2018-04-12 19:18 - 000788782 _____ C:\WINDOWS\system32\perfh00A.dat
2019-07-15 15:17 - 2018-04-12 19:18 - 000155876 _____ C:\WINDOWS\system32\perfc00A.dat
2019-07-15 15:17 - 2018-04-12 02:36 - 000000000 ____D C:\WINDOWS\INF
2019-07-15 15:16 - 2018-06-01 14:50 - 000003504 _____ C:\WINDOWS\System32\Tasks\DashlaneUpgradeCheck
2019-07-15 15:14 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-15 15:14 - 2016-11-21 11:03 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-15 15:13 - 2018-01-22 17:48 - 000000000 ___RD C:\Users\erika\3D Objects
2019-07-15 15:13 - 2017-03-24 13:21 - 000000000 __SHD C:\Users\erika\IntelGraphicsProfiles
2019-07-15 15:09 - 2018-06-01 14:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-15 15:09 - 2018-06-01 13:52 - 000789760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-15 15:09 - 2016-10-13 22:42 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-14 23:15 - 2018-04-12 00:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-07-14 23:13 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-14 23:13 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-14 23:13 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-14 23:13 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-14 23:13 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-14 23:13 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-14 23:13 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-14 23:13 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-14 23:13 - 2018-04-12 00:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-14 21:06 - 2017-03-24 17:22 - 000000000 ____D C:\Users\erika\AppData\Local\Adobe
2019-07-14 20:52 - 2018-06-01 13:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-14 18:22 - 2018-04-12 02:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-14 17:53 - 2017-03-24 15:00 - 000000000 ____D C:\ProgramData\panda_url_filtering
2019-07-14 16:53 - 2017-03-26 14:19 - 000000000 ____D C:\Users\erika\Documents\Photoshop dibujo digital
2019-07-14 16:41 - 2016-10-13 20:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-07-13 22:43 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-07-13 22:38 - 2017-10-18 19:38 - 000000000 ____D C:\Users\erika\Documents\Copia SD Nokia 02_10_2018
2019-07-13 22:07 - 2018-11-21 20:11 - 000000000 ____D C:\Users\erika\Downloads\Sprites recibidos para Aural
2019-07-13 17:48 - 2018-04-12 02:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-12 21:35 - 2017-03-25 15:20 - 000000000 ____D C:\Users\erika\AppData\Local\ElevatedDiagnostics
2019-07-11 23:42 - 2018-04-17 16:40 - 000000000 ____D C:\Users\erika\AppData\Local\F-Secure
2019-07-11 23:31 - 2018-11-10 19:40 - 000000000 ____D C:\Users\erika\Documents\Registros CCleaner
2019-07-11 23:18 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-07-11 23:16 - 2018-06-01 14:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-07-11 23:16 - 2017-04-12 17:18 - 000000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-07-11 23:02 - 2019-04-23 21:01 - 000002405 _____ C:\Users\erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-11 23:02 - 2018-06-01 14:50 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2731508216-3201492160-2286263701-1001
2019-07-11 23:02 - 2017-03-24 13:27 - 000000000 ___RD C:\Users\erika\OneDrive
2019-07-11 22:51 - 2018-06-01 14:04 - 000000000 ____D C:\Users\erika
2019-07-11 18:56 - 2018-04-12 02:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-11 18:55 - 2017-03-25 20:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-11 00:09 - 2017-03-24 18:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-10 23:59 - 2017-03-24 18:06 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-09 22:11 - 2018-02-18 13:37 - 000000000 ____D C:\Users\erika\AppData\Local\PlaceholderTileLogoFolder
2019-07-09 15:22 - 2018-01-22 17:16 - 000000000 ____D C:\Users\erika\AppData\Local\Packages
2019-07-09 15:21 - 2018-02-16 16:53 - 000000000 ___HD C:\Users\erika\MicrosoftEdgeBackups
2019-07-09 15:13 - 2018-04-21 15:11 - 000000000 ____D C:\ProgramData\Autodesk
2019-07-09 14:43 - 2017-03-25 20:16 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-09 14:35 - 2018-04-24 22:00 - 000000000 ____D C:\Program Files\Tablet
2019-07-09 14:34 - 2016-05-05 19:09 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-26 17:50 - 2019-05-06 12:18 - 000000000 ____D C:\Users\erika\Documents\PS Vita
2019-06-22 18:12 - 2017-05-24 13:31 - 000000000 ____D C:\Program Files\UNP
2019-06-21 22:39 - 2019-06-08 15:46 - 000000000 ____D C:\Users\erika\Downloads\Bluetooth_Intel_19.60.0_W10x64_A
2019-06-21 22:06 - 2017-03-26 21:28 - 000000000 ____D C:\Users\erika\Documents\Ratsia, Rudi ja Jyri
2019-06-21 21:51 - 2017-03-24 14:31 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-21 21:51 - 2017-03-24 14:31 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-06-21 16:05 - 2018-01-12 18:23 - 000000000 ____D C:\Program Files\rempl
2019-06-15 00:47 - 2018-04-24 22:00 - 001813400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01011.dll
2019-06-15 00:47 - 2018-04-24 22:00 - 000131736 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Drivers\wachidrouter.sys
2019-06-15 00:47 - 2018-04-24 22:00 - 000033944 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Drivers\wacomrouterfilter.sys
2019-06-15 00:46 - 2018-04-24 22:00 - 002627528 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Tablet.dll
2019-06-15 00:46 - 2018-04-24 22:00 - 002620360 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Touch_Tablet.dll
2019-06-15 00:46 - 2018-04-24 22:00 - 002497480 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomMT.dll
2019-06-15 00:46 - 2018-04-24 22:00 - 002454984 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wintab32.dll
2019-06-15 00:46 - 2018-04-24 22:00 - 002038728 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Tablet.dll
2019-06-15 00:46 - 2018-04-24 22:00 - 002032072 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Touch_Tablet.dll
2019-06-15 00:46 - 2018-04-24 22:00 - 001890248 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\WacomMT.dll
2019-06-15 00:46 - 2018-04-24 22:00 - 001859528 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wintab32.dll

==================== Files in the root of some directories ================

2018-10-02 16:06 - 2018-10-02 16:06 - 000000000 _____ () C:\Users\erika\AppData\Local\oobelibMkey.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Y el addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2019
Ran by erika (15-07-2019 15:26:12)
Running from C:\Users\erika\Downloads
Windows 10 Home Version 1803 17134.885 (X64) (2018-06-01 11:53:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2731508216-3201492160-2286263701-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2731508216-3201492160-2286263701-503 - Limited - Disabled)
erika (S-1-5-21-2731508216-3201492160-2286263701-1001 - Administrator - Enabled) => C:\Users\erika
Invitado (S-1-5-21-2731508216-3201492160-2286263701-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2731508216-3201492160-2286263701-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: F-Secure SAFE (Disabled - Up to date) {8AC831E5-DF57-0DC0-D07B-4DE1A5FFFD9A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: F-Secure SAFE (Disabled - Up to date) {31A9D001-F96D-024E-EACB-7693DE78B727}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

${APPNAME} (HKLM-x32\...\${APPNAME}) (Version:  - )
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3021 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Jumpstart (HKLM-x32\...\{4B92BFBE-917D-4FA1-97E9-DB9D91286E90}) (Version: 3.0.18135.100 - Acer)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3004 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.01.3001 - Acer Incorporated)
Actualización de NVIDIA 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform)
CPUID HWMonitor 1.40 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.40 - CPUID, Inc.)
CrystalDiskInfo 8.2.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.2.0 - Crystal Dew World)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
ELAN HIDI2C Filter Driver X64 13.6.5.2_WHQL (HKLM\...\Elantech) (Version: 13.6.5.2 - ELAN Microelectronic Corp.)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
F-Secure SAFE (HKLM-x32\...\{4DA7D88D-BAE1-4FC3-B268-B2E64E8334F1}) (Version: 17.6 - F-Secure Corporation)
F-Secure Ultralight 1.1.24.0 (release) (HKLM-x32\...\{9FAE989F-A043-4017-B60F-9134E992BB55}) (Version: 1.1.24.0 - F-Secure Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{054B1964-A867-4962-AFBF-4674B02F4BB0}) (Version: 19.60.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.78 - McAfee, LLC.)
Microsoft Office 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.11727.20244 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2731508216-3201492160-2286263701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151135026\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 382.05 - NVIDIA Corporation) Hidden
Paquete de controladores de Windows - libusb-win32 PS Vita Type B (02/23/2013 1.2.6.0) (HKLM\...\52F55B7350CFAA8EB4941B1D74E758A1F2C2007A) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
Paquete de controladores de Windows - Microsoft PS Vita Type B (02/22/2013 6.1.7600.16385) (HKLM\...\A0EC80B5719D4DA4CF40C9219D7CB9CCAD6DBA40) (Version: 02/22/2013 6.1.7600.16385 - Microsoft)
Pokemon Uranium (HKLM-x32\...\Pokemon Uranium) (Version: 1.2.1 - Pokemon Uranium Team)
Qcma (HKLM\...\Qcma) (Version: 0.4.1 - codestation)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10299 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.191 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8569 - Realtek Semiconductor Corp.)
RPG Maker XP 1.02a (HKLM-x32\...\RPG Maker XP) (Version: 1.02a - Enterbrain, inc.)
SC Ver 2.71 (HKLM-x32\...\Super Card_is1) (Version:  - Super Card)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Software para dispositivos de chipset Intel® (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel(R) Corporation) Hidden
Spotify (HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\...\Spotify) (Version: 1.1.10.540.gfcf0430f - Spotify AB)
Spotify (HKU\S-1-5-21-2731508216-3201492160-2286263701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151135026\...\Spotify) (Version: 1.1.10.540.gfcf0430f - Spotify AB)
Spotify Weblink (HKLM-x32\...\{8CADF0CB-E834-4019-9B11-B84E051F2A8E}) (Version: 1.16.1210 - Acer)
Tableta Wacom (HKLM\...\Wacom Tablet Driver) (Version: 6.3.35-3 - Wacom Technology Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WinDS PRO 2017.08.03 (HKLM\...\{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1) (Version: 2017.08.03 - WinDS PRO Central)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

Packages:
=========
Complemento de teléfono de Microsoft -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-13] (Microsoft Corporation)
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation) [MS Ad]
Cover - lector de comics -> C:\Program Files\WindowsApps\FrenchFry.Cover_3.5.919.0_x64__a3mvwcjazefp4 [2019-05-18] (French Fry)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-15] (Microsoft Corporation) [MS Ad]
Microsoft News: Noticias destacadas en español -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11723.0_x64__8wekyb3d8bbwe [2019-07-02] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-17] (Microsoft Studios) [MS Ad]
Movie Maker & Video Editor -> C:\Program Files\WindowsApps\30139PicsPhotoFactory.MovieMakerVideoEditor_1.1.30.0_x64__mfhp9532h0t10 [2018-05-12] (PicsPhotoFactory) [MS Ad]
MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-16] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw [2018-01-22] (MAGIX)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-07-02] (Netflix, Inc.)
Teléfono Microsoft -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-10] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2731508216-3201492160-2286263701-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [F-Secure DataGuard Icon Overlay] -> {CA789262-D278-40F7-AC12-19C0395F9DD9} => C:\Program Files (x86)\F-Secure\SAFE\FsShellExtension64.dll [2019-03-25] (F-Secure Corporation -> F-Secure Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxDTCM.dll [2017-02-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-03-02 12:16 - 2016-03-02 12:16 - 000008704 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2016-10-13 22:42 - 2016-02-17 09:40 - 001249872 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 10:24 - 2019-07-14 18:00 - 000000988 _____ C:\WINDOWS\system32\drivers\etc\hosts

0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net 
0.0.0.0 gads.pubmatic.com 
0.0.0.0 ads.pubmatic.com 

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151134810\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151134907\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\erika\Documents\Ratsia, Rudi ja Jyri\RUDI_pic NEW\rudi_auto72.jpg
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151135026\Control Panel\Desktop\\Wallpaper -> C:\Users\erika\Documents\Ratsia, Rudi ja Jyri\RUDI_pic NEW\rudi_auto72.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151135026\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151135026\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151135026\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2731508216-3201492160-2286263701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019151135026\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5885212C-9E2A-436F-BD66-E0DBFB01798E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9C35B053-0376-4B18-BE87-98ECC0964784}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3C2C53B6-E8E1-4E28-9417-E9EC2D793987}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{90F8E26B-FFAC-41AA-9EB1-FED13BC6A443}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{E7171E90-6D8C-47E8-9C77-E1BBE2ECB2E0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{A76AF19C-95BD-4659-B2FE-B5E2E23C6E3B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{4FBCDDD8-C04A-4986-BD2B-DC00A2443DE1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{78B9D49C-ECF2-4D85-B090-3E9A79E801DA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{EA8B81A6-5486-4437-90F3-3D807938648E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3B9FD7D1-D768-4BAC-A1A0-8AB07301C863}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{18A65836-4FAA-4348-844D-68340F21F721}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{38162A02-1CD3-4984-821A-EDEEFB2E4BBF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2FF83208-C03B-4D06-BE3B-F3978213E1D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{10A1E434-D875-49D3-8D76-EC1391EEA526}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{57387CBA-01B2-469F-9C0D-1BD928AEFF96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D1AA6140-4378-4880-8826-852C1405022F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{B66594E4-B137-49FF-BE4B-C28AC669E252}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{6512EFC0-5432-401E-81EE-BAB4F4A33E3B}C:\users\erika\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\erika\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{080F5D75-ABCA-40F7-9851-C98263A39D42}C:\users\erika\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\erika\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5E54298D-8FF2-4BD6-9359-4ED68901B021}] => (Block) C:\users\erika\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{22034CA2-E8E0-4FDA-AC3D-A720184AB371}] => (Block) C:\users\erika\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{403EFF96-8BA0-4190-A859-F6297408FD8B}C:\program files\qcma\qcma.exe] => (Allow) C:\program files\qcma\qcma.exe () [File not signed]
FirewallRules: [UDP Query User{619141E9-85AA-4F25-BF8A-4F6A8D595BAB}C:\program files\qcma\qcma.exe] => (Allow) C:\program files\qcma\qcma.exe () [File not signed]
FirewallRules: [{81C3EEC2-8805-4638-A633-BBCA4FDFD581}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{89F141E3-8373-4EB2-A913-E65AACCCF84A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

12-07-2019 20:53:55 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2019 03:16:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Audacity\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.885_none_fb42a3473065565f.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.885_none_42efda1e44e17f65.manifest.

Error: (07/15/2019 03:14:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Audacity\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.885_none_fb42a3473065565f.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.885_none_42efda1e44e17f65.manifest.

Error: (07/14/2019 09:19:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Audacity\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.829_none_fb46a5473061b9d5.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.829_none_42f3dc1e44dde2db.manifest.

Error: (07/14/2019 09:19:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Audacity\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.829_none_fb46a5473061b9d5.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.829_none_42f3dc1e44dde2db.manifest.

Error: (07/14/2019 09:17:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Audacity\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.829_none_fb46a5473061b9d5.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.829_none_42f3dc1e44dde2db.manifest.

Error: (07/14/2019 09:17:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Audacity\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.829_none_fb46a5473061b9d5.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.829_none_42f3dc1e44dde2db.manifest.

Error: (07/14/2019 09:17:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Audacity\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.829_none_fb46a5473061b9d5.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.829_none_42f3dc1e44dde2db.manifest.

Error: (07/14/2019 09:17:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Audacity\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.829_none_fb46a5473061b9d5.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.829_none_42f3dc1e44dde2db.manifest.


System errors:
=============
Error: (07/15/2019 03:18:34 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2KGR0EIF)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario LAPTOP-2KGR0EIF\erika con SID (S-1-5-21-2731508216-3201492160-2286263701-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/15/2019 03:17:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/15/2019 03:16:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Remediation Service no respondió después de iniciar.

Error: (07/15/2019 03:13:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/15/2019 03:09:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio IntelSSTSvc no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (07/15/2019 03:09:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio IntelSSTSvc.

Error: (07/14/2019 11:10:30 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-2KGR0EIF)
Description: El servidor Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy!App.AppX9s1cz53zc86xn39kwrb02jyft9ecn62r.mca no se registró con DCOM dentro del tiempo de espera requerido.

Error: (07/14/2019 08:54:48 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2KGR0EIF)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario LAPTOP-2KGR0EIF\erika con SID (S-1-5-21-2731508216-3201492160-2286263701-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2018-12-27 00:01:02.002
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {87D75C29-41CD-4549-B2C5-D7B914B75E0F}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-12-19 23:28:35.655
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {66E40DEC-8966-4BB6-921C-FCD6731BD965}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-12-19 23:22:01.932
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {5B026209-11BB-4932-B7C2-3866DD1DF6F9}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-12-19 23:09:44.361
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {E4E19C28-CD22-498C-9319-FED29060AAE9}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-12-19 22:24:51.008
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {AB566C29-9BC2-400E-B060-E09574C8D0BC}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-12-20 11:35:31.788
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 1.283.1045.0
Versión de firma anterior: 1.283.985.0
Origen de actualización: Usuario
Tipo de firma: AntiSpyware
Tipo de actualización: Diferencia
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 1.1.15500.2
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80509004
Descripción del error: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-12-20 11:35:31.787
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 1.283.1045.0
Versión de firma anterior: 1.283.985.0
Origen de actualización: Usuario
Tipo de firma: AntiVirus
Tipo de actualización: Diferencia
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 1.1.15500.2
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80509004
Descripción del error: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-12-12 12:40:12.060
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.275.500.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15200.1
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-11-04 13:11:56.142
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.275.500.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.15200.1
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2018-11-04 13:11:56.141
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.275.500.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.15200.1
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

CodeIntegrity:
===================================

Date: 2019-03-30 15:15:50.445
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\erika\AppData\Roaming\Spotify\Spotify.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1552296247\fshook32.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-01 11:51:41.047
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\erika\AppData\Roaming\Spotify\Spotify.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1548938651\fshook32.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-14 18:12:33.454
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1544703598\fshook64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-20 12:41:52.217
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1537179249\fshook64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-14 12:45:07.361
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1537179249\fshook64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-09-10 19:18:33.844
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1536578944\fshook64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-31 17:26:08.450
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1530012511\fshook64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: Insyde Corp. V1.15 09/19/2016
Motherboard: Acer Ironman_SK
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8060.13 MB
Available physical RAM: 5127.97 MB
Total Virtual: 9532.13 MB
Available Virtual: 6645.41 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:727.33 GB) NTFS

\\?\Volume{4b09fdbc-cf78-4f56-8fe5-d6d97ffe2855}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.6 GB) NTFS
\\?\Volume{8411d078-06f5-4fab-bf52-86f6209ed817}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6DA02503)

Partition: GPT.

==================== End of Addition.txt ============================

Gracias, un saludo.

Hola

No descargaste y ejecutaste FRST desde el escritorio como te indiqué, muevelo allí si no no funcionará el siguiente paso.

MUY Importante Realiza una copia de seguridad del registro :

• Para hacerlo descarga DelFix.exe( en tu escritorio).

• Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

• Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

• Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación inicia tu equipo desde el Modo Seguro de Windows sin función de red

Con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

• Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
(Visicom Media Inc. -> Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1903344 2016-02-17] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\system32\vorbis.acm [1562432 2016-12-15] (Image Line -> HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1456448 2016-12-15] (Image Line -> HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Task: {5B12E1D2-CF81-4EE9-BA95-31D412973719} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {956D445F-8449-4627-8107-354AFED6A5CC} - no filepath
Task: {9CF1E26A-1D04-47DA-AEB4-44A6F59D3434} - no filepath
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
CHR Extension: (Chrome Media Router) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-21]
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-11-06] (Visicom Media Inc. -> Visicom Media Inc.)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc. -> Visicom Media Inc.)
2019-07-14 17:53 - 2017-03-24 15:00 - 000000000 ____D C:\ProgramData\panda_url_filtering
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
FirewallRules: [TCP Query User{403EFF96-8BA0-4190-A859-F6297408FD8B}C:\program files\qcma\qcma.exe] => (Allow) C:\program files\qcma\qcma.exe () [File not signed]
FirewallRules: [UDP Query User{619141E9-85AA-4F25-BF8A-4F6A8D595BAB}C:\program files\qcma\qcma.exe] => (Allow) C:\program files\qcma\qcma.exe () [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

• Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
• Presionar el botón FIX y aguardar a que termine.
• La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

Hola Daniela,

Aquí está el reporte:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by erika (17-07-2019 15:21:22) Run:1
Running from C:\Users\erika\Desktop
Loaded Profiles: erika (Available Profiles: erika)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
(Visicom Media Inc. -> Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1903344 2016-02-17] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\system32\vorbis.acm [1562432 2016-12-15] (Image Line -> HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1456448 2016-12-15] (Image Line -> HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Task: {5B12E1D2-CF81-4EE9-BA95-31D412973719} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {956D445F-8449-4627-8107-354AFED6A5CC} - no filepath
Task: {9CF1E26A-1D04-47DA-AEB4-44A6F59D3434} - no filepath
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
CHR Extension: (Chrome Media Router) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-21]
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-11-06] (Visicom Media Inc. -> Visicom Media Inc.)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc. -> Visicom Media Inc.)
2019-07-14 17:53 - 2017-03-24 15:00 - 000000000 ____D C:\ProgramData\panda_url_filtering
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
FirewallRules: [TCP Query User{403EFF96-8BA0-4190-A859-F6297408FD8B}C:\program files\qcma\qcma.exe] => (Allow) C:\program files\qcma\qcma.exe () [File not signed]
FirewallRules: [UDP Query User{619141E9-85AA-4F25-BF8A-4F6A8D595BAB}C:\program files\qcma\qcma.exe] => (Allow) C:\program files\qcma\qcma.exe () [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe => No running process found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ShadowPlay" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.vorbis" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.vorbis" => not found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B12E1D2-CF81-4EE9-BA95-31D412973719}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B12E1D2-CF81-4EE9-BA95-31D412973719}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{956D445F-8449-4627-8107-354AFED6A5CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{956D445F-8449-4627-8107-354AFED6A5CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9CF1E26A-1D04-47DA-AEB4-44A6F59D3434}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CF1E26A-1D04-47DA-AEB4-44A6F59D3434}" => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => not found
HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin => removed successfully
CHR Extension: (Chrome Media Router) - C:\Users\erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-21] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam => removed successfully
HKLM\System\CurrentControlSet\Services\panda_url_filtering => removed successfully
panda_url_filtering => service removed successfully
HKLM\System\CurrentControlSet\Services\panda_url_filteringd => removed successfully
panda_url_filteringd => service removed successfully
C:\ProgramData\panda_url_filtering => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{403EFF96-8BA0-4190-A859-F6297408FD8B}C:\program files\qcma\qcma.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{619141E9-85AA-4F25-BF8A-4F6A8D595BAB}C:\program files\qcma\qcma.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2731508216-3201492160-2286263701-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores



========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 262634382 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 215082414 B
Edge => 0 B
Chrome => 12948669 B
Firefox => 7268948 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 6432 B
LocalService => 0 B
NetworkService => 83883058 B
NetworkService => 0 B
erika => 132943164 B

RecycleBin => 113065897 B
EmptyTemp: => 797.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:21:55 ====

Tras el reinicio he abierto exclusivamente el administrador de tareas para comprobar su funcionamiento. Si bien noto una ligera mejoría en cuanto a arranque se refiere, sigue yendo bastante lento los primeros 5-10 minutos. Exceptuando algún pico puntual de F-secure host process, registro y sistema, en todo momento hay un pico elevado de Superfetch y/o Interrupciones del sistema, siendo el primero el que más perdura. (De hecho si intento abrir una aplicación en los primeros 5 minutos ni siquiera responde). He hecho un segundo reinicio para comprobar nuevamente el funcionamiento y el pc se ha quedado colgado en una pantalla negra sin llegar a cargar siquiera el logo de Acer. El tercer reinicio tiene practicamente los mismos resultados que el primero, interrupciones del sistema con uso de CPU al 49’3% varios minutos y Superfetch súper elevado (adjunto foto).

superfetch.png667×591 33.7 KB

En resumen, inicia bastante más rápido pero los primeros 5-10 minutos tengo que dejarlo sí o sí para que vaya “cargando”. Y con respecto al problema inicial, ya no hay rastro

Gracias, un saludo.

Hola

Realiza un análisis con EsetOnline como se indica en el manual.

Pega el reporte y comenta como sigue el problema.

Un saludo

Hola, te dejo el reporte:

18/07/2019 19:27:02
Archivos explorados: 499364
Archivos infectados: 12
Amenazas eliminadas: 12
Tiempo total de exploración 04:05:27
Estado de la exploración: Finalizado


C:\AdwCleaner\Quarantine\v1\20190711.230212\11\Host App Service\Engine\HostAppServiceUpdateManager.exe#B48BECC7A9B7AD30	una variante de Win64/Pokki.C aplicación potencialmente no deseada	desinfectado por eliminación
C:\AdwCleaner\Quarantine\v1\20190711.230212\11\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B	una variante de Win64/Pokki.B aplicación potencialmente no deseada	desinfectado por eliminación
C:\AdwCleaner\Quarantine\v1\20190711.230212\11\Host App Service\Uninstall (1).exe#895879AA94E52644	una variante de Win32/Pokki.A aplicación potencialmente no deseada	desinfectado por eliminación
C:\AdwCleaner\Quarantine\v1\20190711.230212\12\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B	una variante de Win64/Pokki.B aplicación potencialmente no deseada	desinfectado por eliminación
C:\AdwCleaner\Quarantine\v1\20190711.230212\14\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B	una variante de Win64/Pokki.B aplicación potencialmente no deseada	desinfectado por eliminación
C:\AdwCleaner\Quarantine\v1\20190711.230212\2\pandasecuritytb\uninstall.exe#5A462DAA1FEC4A84	una variante de Win32/Visicom.A aplicación potencialmente no deseada	desinfectado por eliminación
C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringd.sys	una variante de Win64/NetFilter.A aplicación potencialmente no segura	desinfectado por eliminación
C:\Users\Default\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe	una variante de Win64/Pokki.B aplicación potencialmente no deseada	desinfectado por eliminación
C:\Users\erika\Documents\Instalación programas\ccsetup527.exe	Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura	desinfectado por eliminación
C:\Users\erika\Documents\Instalación programas\ccsetup546.exe	Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura	desinfectado por eliminación
C:\Users\erika\Documents\Instalación programas\rcsetup153.exe	Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura	desinfectado por eliminación
C:\Users\erika\Documents\Instalación programas\Sony Vegas Pro 13 (64 bits).rar	una variante de Win32/HackTool.Patcher.AD aplicación potencialmente no segura	eliminado

Por el momento he reiniciado el pc pero no noto grandes cambios. Los primeros 10 minutos 100% de uso de disco, siguientes 5 minutos más del 80% y pasado este rato sí que tiene menos picos y baja el uso de todo en general, con un uso de disco mínimo (1-15%). Adjunto un par de capturas tras reinicio y pasados 20 minutos:

superfetch2.png663×591 29.6 KB

superfetch3.png663×595 29.5 KB

Gracias, un saludo.

Hola

Es normal que Superfetch consuma bastantes recursos del disco.

Vamos a realizar una comprobación del disco.

Para intentar verificar como tienes el disco duro de tu equipo, sigue el 3er. MÉTODO: descrito en esta Faq de ayuda ¿Cómo usar CHKDSK para realizar una comprobación del disco?, que es válida también para un Windows 10.

Una vez terminado el proceso, que puede/debe durar bastante rato, y ya iniciando en modo normal de windows debes poner el informe que se habrá guardado por parte de Windows y que tienes que encontrar siguiendo estos pasos ¿Cuándo y cómo usar el visor de eventos (eventvwr.msc)?

Fíjate bien en como es el informe que viene en ese tema, para que busques algo similar y NO pongas cualquier otra cosa.

Nos pones el informe y comentas como sigue el problema del equipo.

Un saludo

Hola Daniela,

Disculpa, he estado fuera por trabajo y no tenía acceso al Pc. De momento está analizando, ha completado en seguida el 10% pero lleva más de 3 horas sin pasar del 11%, ¿es normal?. Me preocupa que pueda sufrir daños si tengo que dejarlo toda la noche encendido al ser un portátil porque se calienta un poco (lo tengo con un ventilador de pie apuntándole ahora). Tan pronto como me sea posible enviaré el informe resultante.

Gracias por tu paciencia y dedicación, Un saludo

Hola,

No he dicho nada, ha sido enviar el mensaje y finalizar.

Te dejo el informe:

Nombre de registro:Application
Origen:        Microsoft-Windows-Wininit
Fecha:         24/07/2019 21:35:26
Id. del evento:1001
Categoría de la tarea:Ninguno
Nivel:         Información
Palabras clave:Clásico
Usuario:       No disponible
Equipo:        LAPTOP-2KGR0EIF
Descripción:


Comprobando el sistema de archivos en C:
El tipo del sistema de archivos es NTFS.
La etiqueta de volumen es Acer.

Uno de los discos necesita ser comprobado para ver coherencias.
Se puede cancelar la comprobación de disco, pero se recomienda
que continúe.
Windows comprobará ahora el disco.                                        

Etapa 1: Examen de la estructura básica del sistema de archivos...
Liberando etiquetas de instancia para el archivo 0x10205.
  634624 registros de archivos procesados.                                                        


Comprobación de archivos completada.
  31433 registros de archivos grandes procesados.                       


  0 registros de archivos no válidos procesados.                    



Etapa 2: Examen de la vinculación de nombres de archivos...
  52282 registros de análisis procesados.                               


  805046 entradas de índice procesadas.                                                       


Comprobación de índices completada.
  0 archivos no indizados examinados.                               


  0 archivos no indizados recuperados en objetos perdidos.                  


  52282 registros de análisis procesados.                               



Etapa 3: Examen de los descriptores de seguridad...
Liberando 7372 entradas de índice no usadas del índice $SII del archivo 0x9.
Liberando 7372 entradas de índice no usadas del índice $SDH del archivo 0x9.
Liberando 7372 descriptores de seguridad no usados.
CHKDSK está compactando la secuencia de descriptores de seguridad
Comprobación de descriptores de seguridad completada.
  85212 archivos de datos procesados.                                   


CHKDSK está comprobando el diario USN...
Se ha completado la comprobación del diario USN.

Etapa 4: Búsqueda de clústeres incorrectos en los datos del archivo de usuario...
  634608 archivos procesados.                                                               


Comprobación de datos de archivo completada.

Etapa 5: Búsqueda de clústeres incorrectos disponibles...
  186487922 clústeres disponibles procesados.                                                       


La comprobación del espacio disponible se completó.
Corrigiendo errores en el mapa de bits del volumen.

Windows ha hecho algunas correcciones en el sistema de archivos.
No se requiere ninguna otra acción.

 975593471 KB de espacio total en disco.
 228636412 KB en 402537 archivos.
    262052 KB en 85215 índices.
         0 KB en sectores defectuosos.
    743315 KB en uso por el sistema.
El archivo de registro ha ocupado      65536 kilobytes.
 745951692 KB disponibles en disco.

      4096 bytes en cada unidad de asignación.
 243898367 unidades de asignación en disco en total.
 186487923 unidades de asignación disponibles en disco.

Información interna:
00 af 09 00 ff 70 07 00 6b 7a 0d 00 00 00 00 00  .....p..kz......
fb 2c 00 00 3f 9f 00 00 00 00 00 00 00 00 00 00  .,..?...........

Windows ha finalizado la comprobación del disco.
Espere mientras se reinicia el sistema.

XML de evento:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2019-07-24T18:35:26.351901200Z" />
    <EventRecordID>59775</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>LAPTOP-2KGR0EIF</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Gracias, un saludo.

Hola

Como sigue el problema.

Un saludo

Hola,

Lo he estado probando este tiempo y va muy bien, ahora no le cuesta tanto iniciar y va todo bastante más fluido. No tengo ninguna queja.

¡Muchísimas gracias!

Un saludo

Hola @Ventanita

Sigue estos pasos, para eliminar las herramientas utilizadas:

Para hacerlo utiliza de nuevo/descarga >> DelFix.exe en tu escritorio.

• Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)

• Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.

Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte

Nos alegramos que se te haya resuelto Damos el tema por solucionado.

Un saludo