Hola nuevamente,

Bueno tu sistema tiene bastantes temas. Si te parece vamos abordando por partes.

Realiza lo siguiente:

Crea una copia de seguridad del registro con Registry Backup, no importa si es la versión portable o instalable:

• Después de instalar o descomprimir ejecuta el programa (de ser portable es el ejecutable TweakingRegistryBackup.exe).
• Asegurate que en la pestaña Registry Backup este todo moarcado.
• En Backup Name puedes dejarlo por defecto o asignar algún nombre
• Presiona el botón BackUp now

Deshabilita nuevamente tu antivirus: ¿Cómo deshabilitar temporalmente su Antivirus?

En el equipo, con los demás programas cerrados abra el notepad; puede abrirlo en la barra de búsqueda de windows y escribiendo notepad.exe

Posteriormente, copie y pegue este script de reparación dentro del Notepad comenzando en Start y terminando en End:

Start
SystemRestore: On
CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\...\MountPoints2: {35b77baf-2cdb-11eb-8950-101f74bc76e9} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\...\MountPoints2: {d31ba268-150f-11e8-a494-101f74bc76e9} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\...\MountPoints2: {ff23a2de-b1e6-11e8-89c3-101f74bc76e9} - F:\setup.exe -a  
GroupPolicy: Restricción ? <==== ATENCIÓN
Policies: C:\ProgramData\NTUSER.pol: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Google: Restricción <==== ATENCIÓN
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-04-16]
C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => no encontrado
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [Ningún archivo]
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [Ningún archivo]
S2 AGMService; "C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe" [X]
S2 AGSService; "C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
S4 BstHdAndroidSvc; "C:\Program Files\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [X]
S2 DFWSIDService; C:\Program Files\Wondershare\drfone\WsidService.exe [X]
S2 ElevationService; C:\Program Files\Wondershare\drfone\Addins\SocialApps\ElevationService.exe [X]
S4 HuaweiHiSuiteService.exe; "C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe" -/service [X]
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [X]
S2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [X]
S4 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X]
S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [X]
S4 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]
S2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [X]
S2 BstHdDrv; \??\C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [X]
S3 H1dVzRms1AL9i2; \??\C:\Users\Public\Pictures\3nyy5B8gW7qP35i.sys [X]
R3 EnigmaFileMonDriver; C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys [68040 2021-07-06] (EnigmaSoft Limited -> EnigmaSoft Limited)
S4 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [416720 2021-07-05] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [10142160 2021-07-05] (EnigmaSoft Limited -> EnigmaSoft Limited)
C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.2198\McCHSvc.exe [317376 2021-04-30] (McAfee, LLC. -> McAfee, LLC)
C:\Program Files\McAfee Security Scan
2021-07-05 13:41 - 2021-07-05 13:41 - 000000020 _____ C:\Windows\u
2021-07-05 20:50 - 2021-07-05 20:50 - 000000000 ____D C:\Users\User\AppData\LocalLow\IGDump
2021-07-05 00:55 - 2021-07-05 00:55 - 000001191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter5.lnk
2021-07-05 00:55 - 2021-07-05 00:55 - 000001167 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2021-07-05 00:55 - 2021-07-05 00:55 - 000001167 _____ C:\ProgramData\Desktop\SpyHunter5.lnk
2021-07-05 00:55 - 2021-07-05 00:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2021-07-05 00:55 - 2021-07-05 00:55 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2021-07-05 00:54 - 2021-07-05 00:55 - 000000000 ____D C:\sh5ldr
2021-07-05 00:50 - 2021-07-05 00:50 - 000000000 ____D C:\Program Files\EnigmaSoft
2021-07-04 20:52 - 2021-07-04 20:52 - 001564823 _____ C:\ProgramData\4649
2021-07-04 20:51 - 2021-07-04 22:55 - 000000000 ____D C:\winCrtdhcpcommon
2021-07-04 20:51 - 2021-07-04 20:51 - 001564823 _____ C:\ProgramData\5969
2021-07-04 22:55 - 2021-05-03 15:21 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2021-07-04 21:35 - 2018-06-05 21:00 - 000000000 ____D C:\a7b025c7bbc7de3a317674c0830409b6
unlock: C:\Windows\system32\config\SYSTEM
folder: C:\Windows\system32\config\SYSTEM
unlock: C:\Windows\system32\Drivers\uUjC52.sys
C:\Windows\system32\Drivers\uUjC52.sys
Winsock: Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => Ningún archivo 
Winsock: Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => Ningún archivo 
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\...\ChromeHTML: -> C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) <==== ATENCIÓN
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Ningún archivo
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Ningún archivo
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [136]
Toolbar: HKU\S-1-5-21-4047135609-2362062722-1061616882-1001 -> Sin Nombre - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Ningún archivo
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: McAfeeSafeConnect => C:\Program Files\McAfee Safe Connect\McAfee Safe Connect.exe
FirewallRules: [{68D90DCB-A96A-44C5-9C01-8CDA326AA262}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe => Ningún archivo
FirewallRules: [{6EB3D35F-17AE-4BD0-BD5E-FB353F044912}] => (Allow) LPort=2869
FirewallRules: [{F622BC74-DACB-40CB-8F47-D146EF86E13D}] => (Allow) LPort=1900
FirewallRules: [{2430A369-CC3B-4DB9-8FFB-8E6035C1A6B5}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe => Ningún archivo
FirewallRules: [{406BE2A6-04A1-4CD7-8944-2EB23AE54BE8}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe => Ningún archivo
FirewallRules: [{082FFD7C-E17D-4EC3-9A39-F11EFFF11A7D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe => Ningún archivo
FirewallRules: [TCP Query User{E3E9DACB-1954-4959-961D-DEDC68F7E7A4}C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe] => (Allow) C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe => Ningún archivo
FirewallRules: [UDP Query User{2D035A5B-A4E7-45F6-BF13-F68C259779D8}C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe] => (Allow) C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe => Ningún archivo
FirewallRules: [TCP Query User{CBA5AA69-8A0F-493E-BDFD-6E69171FB41D}C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe] => (Block) C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe => Ningún archivo
FirewallRules: [UDP Query User{2DE4F982-99BB-4DB7-899D-A6D0A17A64F5}C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe] => (Block) C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe => Ningún archivo
FirewallRules: [TCP Query User{5167E24C-8032-4EE1-9B8B-3908DA6DBB82}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe => Ningún archivo
FirewallRules: [UDP Query User{2FCE2A4B-0313-4BBD-9268-C599DB3499FA}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe => Ningún archivo
FirewallRules: [TCP Query User{C4B5C004-2937-4E02-9202-C0D0FB6F294C}C:\program files\electronic arts\eadm\core.exe] => (Block) C:\program files\electronic arts\eadm\core.exe => Ningún archivo
FirewallRules: [UDP Query User{1EDADA10-58C6-4578-AB68-653FFFC52C2F}C:\program files\electronic arts\eadm\core.exe] => (Block) C:\program files\electronic arts\eadm\core.exe => Ningún archivo
FirewallRules: [{83A7EF67-52D5-4269-A758-57151448C0B6}] => (Allow) C:\Users\User\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe => Ningún archivo
FirewallRules: [{2113F40E-53CD-4F4E-85B0-AD7209852B64}] => (Allow) C:\Users\User\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe => Ningún archivo
FirewallRules: [{74B2AE77-2028-4B2C-8A7F-B56540F0EC1D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe => Ningún archivo
FirewallRules: [{E60591A8-1C6A-44F3-959E-E9EDE41DD529}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe => Ningún archivo
FirewallRules: [{A8F737AC-BFAA-436A-B7BF-331972B78740}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe => Ningún archivo
FirewallRules: [{37E69C99-0441-4874-8F38-9FDAE29BFD61}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe => Ningún archivo
FirewallRules: [{BBE74FDD-6852-4072-AA84-E3874F5111FF}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe => Ningún archivo
FirewallRules: [{1ABEF459-2E02-4FA3-9CD3-7F01638459AA}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe => Ningún archivo
FirewallRules: [{F8A6D215-E4E9-444A-BA79-B6EE9F08E430}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe => Ningún archivo
FirewallRules: [{D346AF02-9A5B-4C79-8A5C-D0D445E5EE5C}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\77.0.4054.90\opera.exe => Ningún archivo
FirewallRules: [{48749A90-21F3-4FAC-A9AA-D20101CB47AB}] => (Block) C:\Program Files\UltData for Android\NetFrameCheck.exe => Ningún archivo
FirewallRules: [{AFD932D5-6BF4-420C-AC88-B4B66E46EB4A}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\77.0.4054.172\opera.exe => Ningún archivo

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: netsh winsock reset catalog
CMD: netsh int ip reset all
CMD: bitsadmin /reset /allusers 
EmptyTemp:
Hosts:
End

• Vaya a Archivo y selecciona Guardar Como.
• En la parte de Códificación eliga Unicode o UTF8 según le de la opción.
• Guardelo bajo el nombre de fixlist.txt en el escritorio al igual que FRST. Esto es muy importante.

¡ATENCIÓN! El anterior Script de reparación fue hecho específicamente por un miembro del Staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

• Ejecute Frst.exe. y presione el botón Fix / Corregir
• Espere pacientemente a que termine y no use el equipo. Al terminar el equipo podría reiniciarse
• La Herramienta guardara el reporte en su escritorio (Fixlog.txt).

Utiliza RevoUnisntaller en para desinstalar SpyHunter con un analisis avanzado:

Nos traerías el reporte de FixLog y comentarios de como esta funcionando el sistema.

Saludos

muchas gracias te envio el reporte ,

Resultados de la corrección de Farbar Recovery Scan Tool (x86) Versión: 05-07-2021
Ejecutado por User (06-07-2021 18:48:28) Run:1
Ejecutado desde C:\Users\User\Desktop
Perfiles cargados: User
Modo de Inicio: Normal

==============================================

fixlist contenido:
*****************
Start
SystemRestore: On
CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\...\MountPoints2: {35b77baf-2cdb-11eb-8950-101f74bc76e9} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\...\MountPoints2: {d31ba268-150f-11e8-a494-101f74bc76e9} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\...\MountPoints2: {ff23a2de-b1e6-11e8-89c3-101f74bc76e9} - F:\setup.exe -a  
GroupPolicy: Restricción ? <==== ATENCIÓN
Policies: C:\ProgramData\NTUSER.pol: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Google: Restricción <==== ATENCIÓN
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-04-16]
C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => no encontrado
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [Ningún archivo]
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [Ningún archivo]
S2 AGMService; "C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe" [X]
S2 AGSService; "C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
S4 BstHdAndroidSvc; "C:\Program Files\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [X]
S2 DFWSIDService; C:\Program Files\Wondershare\drfone\WsidService.exe [X]
S2 ElevationService; C:\Program Files\Wondershare\drfone\Addins\SocialApps\ElevationService.exe [X]
S4 HuaweiHiSuiteService.exe; "C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe" -/service [X]
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [X]
S2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [X]
S4 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X]
S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [X]
S4 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]
S2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [X]
S2 BstHdDrv; \??\C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [X]
S3 H1dVzRms1AL9i2; \??\C:\Users\Public\Pictures\3nyy5B8gW7qP35i.sys [X]
R3 EnigmaFileMonDriver; C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys [68040 2021-07-06] (EnigmaSoft Limited -> EnigmaSoft Limited)
S4 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [416720 2021-07-05] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [10142160 2021-07-05] (EnigmaSoft Limited -> EnigmaSoft Limited)
C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.2198\McCHSvc.exe [317376 2021-04-30] (McAfee, LLC. -> McAfee, LLC)
C:\Program Files\McAfee Security Scan
2021-07-05 13:41 - 2021-07-05 13:41 - 000000020 _____ C:\Windows\u
2021-07-05 20:50 - 2021-07-05 20:50 - 000000000 ____D C:\Users\User\AppData\LocalLow\IGDump
2021-07-05 00:55 - 2021-07-05 00:55 - 000001191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter5.lnk
2021-07-05 00:55 - 2021-07-05 00:55 - 000001167 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2021-07-05 00:55 - 2021-07-05 00:55 - 000001167 _____ C:\ProgramData\Desktop\SpyHunter5.lnk
2021-07-05 00:55 - 2021-07-05 00:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2021-07-05 00:55 - 2021-07-05 00:55 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2021-07-05 00:54 - 2021-07-05 00:55 - 000000000 ____D C:\sh5ldr
2021-07-05 00:50 - 2021-07-05 00:50 - 000000000 ____D C:\Program Files\EnigmaSoft
2021-07-04 20:52 - 2021-07-04 20:52 - 001564823 _____ C:\ProgramData\4649
2021-07-04 20:51 - 2021-07-04 22:55 - 000000000 ____D C:\winCrtdhcpcommon
2021-07-04 20:51 - 2021-07-04 20:51 - 001564823 _____ C:\ProgramData\5969
2021-07-04 22:55 - 2021-05-03 15:21 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2021-07-04 21:35 - 2018-06-05 21:00 - 000000000 ____D C:\a7b025c7bbc7de3a317674c0830409b6
unlock: C:\Windows\system32\config\SYSTEM
folder: C:\Windows\system32\config\SYSTEM
unlock: C:\Windows\system32\Drivers\uUjC52.sys
C:\Windows\system32\Drivers\uUjC52.sys
Winsock: Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => Ningún archivo 
Winsock: Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => Ningún archivo 
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\...\ChromeHTML: -> C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) <==== ATENCIÓN
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Ningún archivo
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Ningún archivo
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [136]
Toolbar: HKU\S-1-5-21-4047135609-2362062722-1061616882-1001 -> Sin Nombre - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Ningún archivo
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: McAfeeSafeConnect => C:\Program Files\McAfee Safe Connect\McAfee Safe Connect.exe
FirewallRules: [{68D90DCB-A96A-44C5-9C01-8CDA326AA262}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe => Ningún archivo
FirewallRules: [{6EB3D35F-17AE-4BD0-BD5E-FB353F044912}] => (Allow) LPort=2869
FirewallRules: [{F622BC74-DACB-40CB-8F47-D146EF86E13D}] => (Allow) LPort=1900
FirewallRules: [{2430A369-CC3B-4DB9-8FFB-8E6035C1A6B5}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe => Ningún archivo
FirewallRules: [{406BE2A6-04A1-4CD7-8944-2EB23AE54BE8}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe => Ningún archivo
FirewallRules: [{082FFD7C-E17D-4EC3-9A39-F11EFFF11A7D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe => Ningún archivo
FirewallRules: [TCP Query User{E3E9DACB-1954-4959-961D-DEDC68F7E7A4}C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe] => (Allow) C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe => Ningún archivo
FirewallRules: [UDP Query User{2D035A5B-A4E7-45F6-BF13-F68C259779D8}C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe] => (Allow) C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe => Ningún archivo
FirewallRules: [TCP Query User{CBA5AA69-8A0F-493E-BDFD-6E69171FB41D}C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe] => (Block) C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe => Ningún archivo
FirewallRules: [UDP Query User{2DE4F982-99BB-4DB7-899D-A6D0A17A64F5}C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe] => (Block) C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe => Ningún archivo
FirewallRules: [TCP Query User{5167E24C-8032-4EE1-9B8B-3908DA6DBB82}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe => Ningún archivo
FirewallRules: [UDP Query User{2FCE2A4B-0313-4BBD-9268-C599DB3499FA}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe => Ningún archivo
FirewallRules: [TCP Query User{C4B5C004-2937-4E02-9202-C0D0FB6F294C}C:\program files\electronic arts\eadm\core.exe] => (Block) C:\program files\electronic arts\eadm\core.exe => Ningún archivo
FirewallRules: [UDP Query User{1EDADA10-58C6-4578-AB68-653FFFC52C2F}C:\program files\electronic arts\eadm\core.exe] => (Block) C:\program files\electronic arts\eadm\core.exe => Ningún archivo
FirewallRules: [{83A7EF67-52D5-4269-A758-57151448C0B6}] => (Allow) C:\Users\User\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe => Ningún archivo
FirewallRules: [{2113F40E-53CD-4F4E-85B0-AD7209852B64}] => (Allow) C:\Users\User\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe => Ningún archivo
FirewallRules: [{74B2AE77-2028-4B2C-8A7F-B56540F0EC1D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe => Ningún archivo
FirewallRules: [{E60591A8-1C6A-44F3-959E-E9EDE41DD529}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe => Ningún archivo
FirewallRules: [{A8F737AC-BFAA-436A-B7BF-331972B78740}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe => Ningún archivo
FirewallRules: [{37E69C99-0441-4874-8F38-9FDAE29BFD61}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe => Ningún archivo
FirewallRules: [{BBE74FDD-6852-4072-AA84-E3874F5111FF}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe => Ningún archivo
FirewallRules: [{1ABEF459-2E02-4FA3-9CD3-7F01638459AA}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe => Ningún archivo
FirewallRules: [{F8A6D215-E4E9-444A-BA79-B6EE9F08E430}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe => Ningún archivo
FirewallRules: [{D346AF02-9A5B-4C79-8A5C-D0D445E5EE5C}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\77.0.4054.90\opera.exe => Ningún archivo
FirewallRules: [{48749A90-21F3-4FAC-A9AA-D20101CB47AB}] => (Block) C:\Program Files\UltData for Android\NetFrameCheck.exe => Ningún archivo
FirewallRules: [{AFD932D5-6BF4-420C-AC88-B4B66E46EB4A}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\77.0.4054.172\opera.exe => Ningún archivo

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: netsh winsock reset catalog
CMD: netsh int ip reset all
CMD: bitsadmin /reset /allusers 
EmptyTemp:
Hosts:
End
*****************

SystemRestore: On => completado
El punto de restauración fue creado correctamente.
Procesos cerrados correctamente.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => eliminado correctamente
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => eliminado correctamente
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35b77baf-2cdb-11eb-8950-101f74bc76e9} => eliminado correctamente
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d31ba268-150f-11e8-a494-101f74bc76e9} => eliminado correctamente
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff23a2de-b1e6-11e8-89c3-101f74bc76e9} => eliminado correctamente
C:\Windows\system32\GroupPolicy\Machine => movido correctamente
C:\Windows\system32\GroupPolicy\GPT.ini => movido correctamente
C:\ProgramData\NTUSER.pol => movido correctamente
HKLM\SOFTWARE\Policies\Mozilla => eliminado correctamente
HKLM\SOFTWARE\Policies\Google => eliminado correctamente
C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js => movido correctamente
"C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js" => no encontrado
"HKLM\Software\Mozilla\Thunderbird\Extensions\\[email protected]" => eliminado correctamente
HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922 => eliminado correctamente
HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0 => eliminado correctamente
HKLM\System\CurrentControlSet\Services\AGMService => eliminado correctamente
AGMService => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\AGSService => eliminado correctamente
AGSService => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\BstHdAndroidSvc => eliminado correctamente
BstHdAndroidSvc => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\BstHdLogRotatorSvc => eliminado correctamente
BstHdLogRotatorSvc => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\DFWSIDService => eliminado correctamente
DFWSIDService => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\ElevationService => eliminado correctamente
ElevationService => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\HuaweiHiSuiteService.exe => eliminado correctamente
HuaweiHiSuiteService.exe => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\Motorola Device Manager => eliminado correctamente
Motorola Device Manager => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\PST Service => eliminado correctamente
PST Service => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\SkypeUpdate => eliminado correctamente
SkypeUpdate => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\wlcrasvc => eliminado correctamente
wlcrasvc => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\wlidsvc => eliminado correctamente
wlidsvc => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\Wondershare InstallAssist => eliminado correctamente
Wondershare InstallAssist => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\BstHdDrv => eliminado correctamente
BstHdDrv => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\H1dVzRms1AL9i2 => eliminado correctamente
H1dVzRms1AL9i2 => servicio eliminado correctamente
EnigmaFileMonDriver => servicio no encontrado.
HKLM\System\CurrentControlSet\Services\ShMonitor => eliminado correctamente
ShMonitor => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\EsgShKernel => eliminado correctamente
EsgShKernel => servicio eliminado correctamente
"C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys" => no encontrado
HKLM\System\CurrentControlSet\Services\McComponentHostService => eliminado correctamente
McComponentHostService => servicio eliminado correctamente
C:\Program Files\McAfee Security Scan => movido correctamente
C:\Windows\u => movido correctamente
C:\Users\User\AppData\LocalLow\IGDump => movido correctamente
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter5.lnk => movido correctamente
C:\Users\Public\Desktop\SpyHunter5.lnk => movido correctamente
"C:\ProgramData\Desktop\SpyHunter5.lnk" => no encontrado
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft => movido correctamente
C:\ProgramData\EnigmaSoft Limited => movido correctamente
C:\sh5ldr => movido correctamente
C:\Program Files\EnigmaSoft => movido correctamente
C:\ProgramData\4649 => movido correctamente
C:\winCrtdhcpcommon => movido correctamente
C:\ProgramData\5969 => movido correctamente
C:\ProgramData\McAfee Security Scan => movido correctamente
C:\a7b025c7bbc7de3a317674c0830409b6 => movido correctamente
"C:\Windows\system32\config\SYSTEM" => no pudo ser desbloqueado

========================= folder: C:\Windows\system32\config\SYSTEM ========================

C:\Windows\system32\config\SYSTEM = Archivo

====== Final de Folder: ======

"C:\Windows\system32\Drivers\uUjC52.sys" => no pudo ser desbloqueado
No pudo ser movido "C:\Windows\system32\Drivers\uUjC52.sys" => Programado para moverse al reiniciar.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007 => eliminado correctamente
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 => eliminado correctamente
HKU\S-1-5-21-4047135609-2362062722-1061616882-1001_Classes\ChromeHTML => eliminado correctamente
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => eliminado correctamente
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => eliminado correctamente
C:\ProgramData\Temp => ":5C321E34" ADS eliminado correctamente
"HKU\S-1-5-21-4047135609-2362062722-1061616882-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => eliminado correctamente
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => eliminado correctamente
C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup => movido correctamente
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\McAfeeSafeConnect => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68D90DCB-A96A-44C5-9C01-8CDA326AA262}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6EB3D35F-17AE-4BD0-BD5E-FB353F044912}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F622BC74-DACB-40CB-8F47-D146EF86E13D}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2430A369-CC3B-4DB9-8FFB-8E6035C1A6B5}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{406BE2A6-04A1-4CD7-8944-2EB23AE54BE8}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{082FFD7C-E17D-4EC3-9A39-F11EFFF11A7D}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E3E9DACB-1954-4959-961D-DEDC68F7E7A4}C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2D035A5B-A4E7-45F6-BF13-F68C259779D8}C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CBA5AA69-8A0F-493E-BDFD-6E69171FB41D}C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2DE4F982-99BB-4DB7-899D-A6D0A17A64F5}C:\program files\cisco packet tracer 6.1sv\bin\packettracer6.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5167E24C-8032-4EE1-9B8B-3908DA6DBB82}C:\program files\electronic arts\eadm\core.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2FCE2A4B-0313-4BBD-9268-C599DB3499FA}C:\program files\electronic arts\eadm\core.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C4B5C004-2937-4E02-9202-C0D0FB6F294C}C:\program files\electronic arts\eadm\core.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1EDADA10-58C6-4578-AB68-653FFFC52C2F}C:\program files\electronic arts\eadm\core.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{83A7EF67-52D5-4269-A758-57151448C0B6}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2113F40E-53CD-4F4E-85B0-AD7209852B64}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{74B2AE77-2028-4B2C-8A7F-B56540F0EC1D}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E60591A8-1C6A-44F3-959E-E9EDE41DD529}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8F737AC-BFAA-436A-B7BF-331972B78740}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{37E69C99-0441-4874-8F38-9FDAE29BFD61}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BBE74FDD-6852-4072-AA84-E3874F5111FF}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1ABEF459-2E02-4FA3-9CD3-7F01638459AA}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8A6D215-E4E9-444A-BA79-B6EE9F08E430}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D346AF02-9A5B-4C79-8A5C-D0D445E5EE5C}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{48749A90-21F3-4FAC-A9AA-D20101CB47AB}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AFD932D5-6BF4-420C-AC88-B4B66E46EB4A}" => eliminado correctamente

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= Final de CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::79c6:6ac6:281f:1bed%15
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.100
   M scara de subred . . . . . . . . . . . . : 0.0.0.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

Adaptador de t£nel isatap.{859E84F1-9BA5-4325-8CF8-78038544BFF1}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= Final de CMD: =========


========= netsh winsock reset catalog =========

La funci¢n de inicializaci¢n InitHelperDll en NSHHTTP.DLL no pudo iniciar, c¢digo de error
11003

El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= Final de CMD: =========


========= netsh int ip reset all =========

La funci¢n de inicializaci¢n InitHelperDll en NSHHTTP.DLL no pudo iniciar, c¢digo de error
11003
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= Final de CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= Final de CMD: =========

C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18024531 B
Java, Flash, Steam htmlcache => 495 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 407259060 B
Firefox => 26545576 B
Opera => 704644 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42737645 B
LocalService => 42737645 B
NetworkService => 42737645 B
User => 65642050 B
MSSQL$SQLEXPRESS2012 => 65642050 B

RecycleBin => 4577569935 B
EmptyTemp: => 4.9 GB datos temporales Eliminados.

================================

Resultado de los archivos programados para mover (Modo de Inicio: Normal) (Fecha y Hora: 06-07-2021 18:55:39)

"C:\Windows\system32\Drivers\uUjC52.sys" => No pudo ser movido.

==== Final  Fixlog 18:55:39 ====

Muchas gracias @ErdrickBass por tu ayuda y paciencia,Te comento el.inicio esta mas rapido, pero cuando estaba iniciando aparecio una pantalla negra

IMG_20210706_2045473968×2976 1.49 MB

Como me comentaste que vamos por parte significa que la pc aun esta infectado?

Hola nuevamente,

La pantalla negra es parte de Windows, es el escaneo de disco. Pero según informa este no puede abrirse

De hecho mi idea original era eliminar las infecciones en esta pasada y usar algunas opciones para reparar tu equipo. El problema es que parte de la infección no pudo ser eliminada. Por lo que vamos a tener que hacer un proceso más complicado para desinfectar tu equipo si estas de acuerdo.

Te voy a dar un procedimiento que puede ser algo lioso, con pasos específicos para Windows 7 (el tuyo). Léelo con calma y no dudes en preguntar cualquier duda. Vamos a usar la consola de recuperación de Windows.

Realice lo siguiente:

Herramientas necesarias:

• Un ordenador limpio con conexión a Internet (preferible).
• Un USB, debe estar formateado.
• Imprima, tome captura o revise desde el móvil estas instrucciones para su fácil acceso.

Si cuentas con un ordenador limpio:

• Descargue Farbar Recovery Scan Tool considerando la versión adecuada para tu equipo a su escritorio (de 32 bits).
• Copie la herramienta a su unidad USB y conéctelo al ordenado infectado.

De no contar con un equipo limpio puede copiar FRST de su equipo actual a la USB.

Desde el equipo infectado:
Ingresa en las opciones de reparación del sistema. Accede a las Opciones de Recuperación del Sistema de las opciones de inicio avanzadas:

Si usas Windows Vista o 7

• Reinicie el equipo. Tan pronto como se carga el BIOS presione la tecla F8 hasta que aparezcan las Opciones avanzadas de arranque.

imagen960×640 86.2 KB

• Selecciona Reparar el Equipo y presione enter.
• Espera a que cargue, seleccione el Idioma y configuración de teclado, clic en Siguiente.
• Seleccione el sistema operativo que desee reparar y haga clic en Siguiente.
• Seleccione su cuenta de Usuario haga clic en Siguiente.

Estando en el entorno de Recuperación

En el menú de Opciones de Recuperación del Sistema vera algunas de las siguientes opciones:

• Seleccione el Símbolo del Sistema, la última opción.
• En la Ventana de comandos, escriba Notepad.exe y presione enter.
• En la parte superior del Bloc de notas vaya a Archivo > Abrir > Seleccione “Equipo” anota la letra correspondientemente a la unidad extraible USB.
• Cierra el Bloc de notas para regresar a la ventana de comandos
• Una vez dentro de la Ventana de Comandos escribe tal cual x:frst.exe donde X debe ser reemplazada por la letra de su unidad USB (para x64 escribe x:frst64.exe).
• Presionas enter para que a herramienta comience a correr.
• Cuando la herramienta se abra le mostrara la ventana Disclaimer, haga clic en Sí

Luego abrirá la ventana del programa:

• Pulse el botón Scan para comenzar el análisis.
• Al finalizar el escaneo se creara un reporte Frst.txt en el dispositivo USB

Al terminar

Conecte de nuevo el USB en el ordenador limpio o reinicie el equipo en modo normal, abra al archivo Frst.txt, copie y pegue su contenido en su próxima respuesta.

Esperamos ese nuevo reporte y estamos atentos a cualquier comentario.

Saludos

Buenos dias no puedo ingresar a la.opcion que me.indicas me.sale.lo.siguiente

IMG_20210707_0642173968×2976 1.79 MB

Hola nuevamente,

Eso complica un poco las cosas. Imagino no tendrás disponible el disco de Windows, ¿o si? Podría servir aunque no sea el de tu máquina como tal.

Por lo demás realiza lo siguiente:

Revisa el siguiente manual y ejecuta TDSSKiller:

Sigue las instrucciones y realiza un escaneo con la herramienta. Procura marcar de manera adicional las casillas:

• Verify files digital signatures
• Detect TDLFS files system.

Procura seguir las instrucciones del manual para obtener el reporte.

Descargue Malwarebytes Anti-Rootkit Beta y ejecútelo según su manual.

1. Ejecute el programa siguiendo las instrucciones del manual.
2. Es importante que actualice.
3. Espere a que termine el escaneo
4. Terminando, si hay infección siga los pasos del manual para desinfectar, si no haga clic en Exit. De pedir reiniciar, proceda.

Como los reportes podrían ser algo largos puedes adjuntarlos

Nos traerías:

• El reporte de TDSSKiller.
• Los reportes de MBAR (si te da problemas puedes obviar el de System).
• Cualquier comentario de como notes el sistema.

Saludos

hola @ErdrickBass no tengo ese windows, tengo es el windows 8.1 32bits y otra consulta esas instrucciones que me enviaste ultimo las realizo despues de colocar el windows y hacer las instrucciones de reparar sistema o antes?

Aqui esta el reporte frst lo enviare por partes

scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2021
Ran by SYSTEM on MININT-TJ66580 (07-07-2021 13:54:56)
Running from D:\
Platform: Windows 7 Starter Service Pack 1 (X86) Language: Español (España, internacional) -> Español (España, internacional)
Boot Mode: Recovery
Default: ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]


==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [111896 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
HKU\User\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [7388488 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\User\...\Run: [EPSON TX420W Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCL.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\User\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIUNE.EXE [379008 2017-09-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Windows NT x86\Print Processors\OneNotePrint2007: C:\Windows\System32\spool\prtprocs\W32X86\msonpppr.dll [33104 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\EPSON L3150 Series 32MonitorBE: C:\Windows\system32\E_TLMBUNE.DLL [146432 2017-07-14] (Seiko Epson Corporation)
HKLM\...\Print\Monitors\EPSON TX420W Series 32MonitorBL: C:\Windows\system32\E_FLBGCL.DLL [93696 2008-11-12] (SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [385024 2016-09-14] (SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\HP 8711 Status Monitor: C:\Windows\system32\hpinksts8711LM.dll [269200 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\Send To Microsoft OneNote Monitor: C:\Windows\system32\msonpmon.dll [32592 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
SubSystems: [Windows] => "%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07CF6755-316B-4C32-AC7E-6D1E27D80284} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {2320597B-51B7-4E00-BEE5-CE3E4FBA8E12} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
Task: {331295C1-3E30-42B4-BE70-223AEE9CA31F} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\User\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-07-07] (ESET, spol. s r.o. -> ESET)
Task: {361C940C-3C92-4DDA-B5F6-D994EF1871E3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1546480 2021-07-06] (Avast Software s.r.o. -> Avast Software)
Task: {3D27C406-36DB-416B-8466-F0B06A3E02E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
Task: {4325C261-C5B0-4070-A2D0-933F4707D2BD} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4342552 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
Task: {59EBD1CC-02C2-4455-B455-2C42DD2B42AD} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
Task: {5C2B8C9C-1AB7-422E-9C3B-A90D8F1B060F} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2030160 2021-06-18] (Avast Software s.r.o. -> AVAST Software)
Task: {5CD655D3-E799-48B6-B83E-78A4A9F3CF66} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {6DF86C0C-AFBC-433A-AC76-31A4EBF1CC88} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {70165080-2A75-4800-96D1-E50206124AC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {737538FE-4804-4304-8ED5-F074153BF8B6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)
Task: {7F382591-A56F-41CA-8905-048FF825FE06} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {815730E6-F128-410B-8A9E-2BE3CD61DF9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {877242F4-BDB7-4BC7-BD5C-8BFAF6EFCECC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {92CBD9E1-4E6B-4402-B3C4-EE193B84924A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {A7524879-45B8-4EF9-890A-E91AC7CCE121} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C858076A-9BC3-4D08-B6B2-841E42B2C8BA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {D311A68F-09DA-476A-8D49-809D59BAF6D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {FEC6D16E-DB06-45BC-9C6B-641C3231AA82} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\User\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-07-07] (ESET, spol. s r.o. -> ESET)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\ Update {7A1DE94B-8FF7-4C11-B782-84462DA7338A}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSUNE.EXE:/EXE:{7A1DE94B-8FF7-4C11-B782-84462DA7338A} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON L3150 Series Update {DD86AEFB-1EA0-4D48-ACF4-61AFFC7FCFB5}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSUNE.EXE:/EXE:{DD86AEFB-1EA0-4D48-ACF4-61AFFC7FCFB5} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4047135609-2362062722-1061616882-1001Core1cf671c4ec37ad4.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4047135609-2362062722-1061616882-1001Core1d093f027c3f5c4.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4047135609-2362062722-1061616882-1001UA1cf72ac33623b59.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4047135609-2362062722-1061616882-1001UA1d0447714d75660.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4047135609-2362062722-1061616882-1001UA1d093f027ff03d1.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"HKLM\System\ControlSet001\Services\{45487F67-EC9F-4449-A6F2-2D0970F9B80B}" => removed successfully.
C:\Windows\System32\drivers\uUjC52.sys => moved successfully
S2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-26] (Adobe Inc. -> Adobe Inc.)
S4 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [284672 2011-02-28] (Advanced Micro Devices, Inc.)
S2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [140224 2010-06-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S2 Apache2.4; C:\xampp\apache\bin\httpd.exe [23040 2018-03-22] (Apache Software Foundation)
S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7401552 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [567064 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [349464 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\91.0.10362.115\elevation_service.exe [1196008 2021-06-18] (Avast Software s.r.o. -> AVAST Software)
S2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S4 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-20] (SEIKO EPSON CORPORATION)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [223560 2018-01-29] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
S2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-26] (Microsoft Corporation)
S2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet, Inc. -> SafeNet Inc.)
S3 hpqcaslwmiex; C:\Program Files\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (Hewlett-Packard Company -> HP)
S4 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1784320 2015-06-01] (Realsil Microelectronics Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [5959136 2021-07-05] (Malwarebytes Inc -> Malwarebytes)
S2 MSSQL$SQLEXPRESS2012; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS2012\MSSQL\Binn\sqlservr.exe [206424 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
S2 MSSQLSERVER; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-25] (Microsoft Corporation -> Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-25] (Microsoft Corporation -> Microsoft Corporation)
S2 mysql; C:\xampp\mysql\bin\mysqld.exe [11552680 2018-02-04] (MariaDB Corporation Ab -> )
S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [262226 2010-12-17] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated)
S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-26] (Microsoft Corporation)
S2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.242\WsAppService.exe [495720 2018-08-29] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] (Microsoft Corporation)
S1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2010-11-20] (Microsoft Corporation)
S3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [45528 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [356864 2010-09-27] (SafeNet Inc.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [238208 2009-03-13] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [16384 2009-06-22] (Aladdin Knowledge Systems Ltd.)
S3 amdiox86; C:\Windows\System32\DRIVERS\amdiox86.sys [37944 2010-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [55296 2009-07-14] (Microsoft Corporation)
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [238592 2011-02-28] (Advanced Micro Devices, Inc.)
S3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [52736 2009-07-14] (Microsoft Corporation)
S0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66176 2011-01-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [32384 2011-01-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] (Microsoft Corporation)
S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [33608 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183152 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [292880 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206352 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [91672 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [39320 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [152992 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [379536 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2021-07-06] (AVAST Software s.r.o. -> AVAST Software)
S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [92752 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71408 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [691224 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [388848 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [161880 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [277616 2021-07-06] (Avast Software s.r.o. -> AVAST Software)
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] (Microsoft Corporation)
S0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [14392 2010-06-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation)
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation)
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl6.sys [1131008 2009-07-13] (Broadcom Corporation)
S1 Beep; C:\Windows\System32\Drivers\Beep.sys [6144 2009-07-14] (Microsoft Corporation)
S1 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [35328 2009-07-14] (Microsoft Corporation)
S3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2009-07-14] (Microsoft Corporation)
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [13568 2009-07-13] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [5248 2009-07-13] (Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-13] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-13] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-13] (Brother Industries Ltd.)
S3 BthEnum; C:\Windows\System32\DRIVERS\BthEnum.sys [34816 2009-07-14] (Microsoft Corporation)
S3 BTHMODEM; C:\Windows\System32\DRIVERS\bthmodem.sys [56320 2009-07-14] (Microsoft Corporation)
S3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [93696 2009-07-14] (Microsoft Corporation)
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [393216 2010-11-20] (Microsoft Corporation)
S3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [60416 2010-11-20] (Microsoft Corporation)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] (Microsoft Corporation)
S1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2010-11-20] (Microsoft Corporation)
S3 circlass; C:\Windows\system32\drivers\circlass.sys [37888 2009-07-14] (Microsoft Corporation)
S3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [14080 2009-07-14] (Microsoft Corporation)
S3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] (Microsoft Corporation)
S1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] (Microsoft Corporation)
S1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] (Microsoft Corporation)
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5120 2009-07-14] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation)
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-14] (Microsoft Corporation)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [15360 2020-06-29] (Huawei Technologies Co., Ltd.)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [142336 2009-07-14] (Microsoft Corporation)
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [148480 2009-07-14] (Microsoft Corporation)
S3 fdc; C:\Windows\system32\drivers\fdc.sys [25088 2009-07-14] (Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] (Microsoft Corporation)
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [19968 2009-07-14] (Microsoft Corporation)
S2 hardlock; C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-10] (SafeNet Inc.)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] (Hauppauge Computer Works, Inc.)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [304128 2010-11-20] (Microsoft Corporation)
S3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] (Microsoft Corporation)
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [21504 2009-07-14] (Microsoft Corporation)
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [91136 2009-07-14] (Microsoft Corporation)
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [37888 2009-07-14] (Microsoft Corporation)
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] (Microsoft Corporation)
S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] (Microsoft Corporation)
S5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2020-06-29] (Huawei Technologies Co., Ltd.)
S3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] (Microsoft Corporation)
S3 intelppm; C:\Windows\system32\drivers\intelppm.sys [53760 2009-07-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] (Microsoft Corporation)
S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [28160 2010-11-20] (Microsoft Corporation)
S2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] (Microsoft Corporation)
S2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [213936 2021-07-07] (Malwarebytes Inc -> Malwarebytes)
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] (Microsoft Corporation)
S3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] (Microsoft Corporation)
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] (Microsoft Corporation)
S3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2010-11-20] (Microsoft Corporation)
S3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2010-11-20] (Microsoft Corporation)
S3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223232 2010-11-20] (Microsoft Corporation)
S3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2010-11-20] (Microsoft Corporation)
S1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [22528 2009-07-14] (Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] (Microsoft Corporation)
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] (Microsoft Corporation)
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] (Microsoft Corporation)
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [12288 2009-07-14] (Microsoft Corporation)
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] (Microsoft Corporation)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] (Microsoft Corporation)
S3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] (Microsoft Corporation)
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] (Microsoft Corporation)
S3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] (Microsoft Corporation)
S3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [48640 2010-11-20] (Microsoft Corporation)
S1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] (Microsoft Corporation)
S1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] (Microsoft Corporation)
S1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [35328 2009-07-14] (Microsoft Corporation)
S1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] (Microsoft Corporation)
S1 Null; C:\Windows\System32\Drivers\Null.sys [4608 2009-07-14] (Microsoft Corporation)
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x32.sys [347264 2009-07-13] (NVIDIA Corporation)
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] (Microsoft Corporation)
S3 Parport; C:\Windows\system32\drivers\parport.sys [79360 2009-07-14] (Microsoft Corporation)
S2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [8704 2009-07-14] (Microsoft Corporation)
S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] (Microsoft Corporation)
S3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] (Microsoft Corporation)
S3 Processor; C:\Windows\system32\drivers\processr.sys [52224 2009-07-14] (Microsoft Corporation)
S1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] (Microsoft Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] (Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] (Microsoft Corporation)
S3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] (Microsoft Corporation)
S3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] (Microsoft Corporation)
S3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] (Microsoft Corporation)
S3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] (Microsoft Corporation)
S1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] (Microsoft Corporation)
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [18944 2009-07-14] (Microsoft Corporation)
S1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] (Microsoft Corporation)
S1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] (Microsoft Corporation)
S1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] (Microsoft Corporation)
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [183808 2010-11-20] (Microsoft Corporation)
S3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [129536 2009-07-14] (Microsoft Corporation)
S1 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [268888 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
S3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2015-06-01] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] (Microsoft Corporation)
S3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [84992 2010-11-20] (Microsoft Corporation)
S2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [17920 2009-07-14] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [83456 2009-07-14] (Microsoft Corporation)
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2009-07-14] (Microsoft Corporation)
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] (Microsoft Corporation)
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] (Microsoft Corporation)
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] (Microsoft Corporation)
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13824 2009-07-14] (Microsoft Corporation)
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] (Microsoft Corporation)
S3 srv; C:\Windows\System32\DRIVERS\srv.sys [311296 2010-11-20] (Microsoft Corporation)
S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [309248 2010-11-20] (Microsoft Corporation)
S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114176 2010-11-20] (Microsoft Corporation)
S3 SydexFDD; C:\Windows\system32\Drivers\sydexfdd.sys [13359 2010-04-15] (Windows (R) 2000 DDK provider)
S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2010-11-20] (Microsoft Corporation)
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] (Microsoft Corporation)
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2010-11-20] (Microsoft Corporation)
S1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2010-11-20] (Microsoft Corporation)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2020-03-19] (TeamViewer GmbH)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2010-11-20] (Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-20] (Microsoft Corporation)
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [27264 2010-11-20] (Microsoft Corporation)
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] (Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] (Microsoft Corporation)
S3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2010-11-20] (Microsoft Corporation)
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [8192 2009-07-14] (Microsoft Corporation)
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75776 2010-11-20] (Microsoft Corporation)
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2009-07-14] (Microsoft Corporation)
S3 usbehci; C:\Windows\system32\drivers\usbehci.sys [42496 2010-11-20] (Microsoft Corporation)
S3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [35968 2010-11-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 usbhub; C:\Windows\system32\drivers\usbhub.sys [258560 2010-11-20] (Microsoft Corporation)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2009-07-14] (Microsoft Corporation)
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] (Microsoft Corporation)
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35840 2009-07-14] (Microsoft Corporation)
S3 usbser; C:\Windows\System32\DRIVERS\USBSER.sys [28160 2020-06-29] (Microsoft Corporation)
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2010-11-20] (Microsoft Corporation)
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2009-07-14] (Microsoft Corporation)
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146432 2010-11-20] (Microsoft Corporation)
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] (Microsoft Corporation)
S1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] (Microsoft Corporation)
S3 ViaC7; C:\Windows\system32\drivers\viac7.sys [52736 2009-07-14] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-14] (Microsoft Corporation -> Microsoft Corporation)
S3 vusbbus; C:\Windows\System32\DRIVERS\vusbbus.sys [2665472 2012-01-03] (Chingachguk & Denger2k)
S3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] (Microsoft Corporation)
S1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] (Microsoft Corporation)
S3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-14] (Microsoft Corporation)
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [21632 2009-07-14] (Microsoft Corporation)
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation)
S1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation)
S1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] (Microsoft Corporation)
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] (Microsoft Corporation)
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-14] (Microsoft Corporation)
S2 wntpport; C:\Windows\System32\Drivers\wntpport.sys [28416 2009-10-29] (Vireo Software)
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] (Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2010-11-20] (Microsoft Corporation)
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [132224 2010-11-20] (Microsoft Corporation)
UpperFilters: [{4D36E967-E325-11CE-BFC1-08002BE10318}] -> [PartMgr aswArDisk]
UpperFilters: [{4D36E96B-E325-11CE-BFC1-08002BE10318}] -> [aswKbd kbdclass]
LowerFilters: [{71A27CDD-812A-11D0-BEC7-08002BE2092F}] -> [fvevol rdyboost]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (All) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-07 10:33 - 2021-07-07 10:33 - 000003756 _____ C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn
2021-07-07 10:33 - 2021-07-07 10:33 - 000003316 _____ C:\Windows\System32\Tasks\EOSv3 Scheduler onTime
2021-07-07 04:32 - 2021-07-07 04:32 - 000001160 _____ C:\Users\User\Desktop\ESET Online Scanner.lnk
2021-07-07 02:32 - 2021-07-07 11:34 - 000000000 ____D C:\Users\User\AppData\LocalLow\IGDump
2021-07-07 01:59 - 2021-07-07 02:01 - 011697056 _____ (ESET) C:\Users\User\Desktop\esetonlinescanner.exe
2021-07-07 01:42 - 2021-07-07 01:54 - 210366080 _____ (Malwarebytes) C:\Users\User\Downloads\mb4-setup-consumer-4.3.0.218-1.0.1273-1.0.39721.exe
2021-07-07 01:30 - 2021-07-07 01:33 - 000002122 _____ C:\Users\User\Desktop\Rkill.txt
2021-07-07 01:29 - 2021-07-07 01:30 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\iExplore.exe
2021-07-07 01:24 - 2021-07-07 01:25 - 000000000 ____D C:\Users\User\Desktop\Nueva carpeta (2)
2021-07-07 00:47 - 2021-07-07 00:47 - 000001191 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2021-07-07 00:47 - 2021-07-07 00:47 - 000000000 ____D C:\Program Files\VS Revo Group
2021-07-07 00:46 - 2021-07-07 00:47 - 007510656 _____ (VS Revo Group ) C:\Users\User\Documents\revosetup.exe
2021-07-07 00:25 - 2021-07-07 00:25 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-07-07 00:18 - 2021-07-07 00:25 - 000025178 _____ C:\Users\User\Desktop\Fixlog.txt
2021-07-07 00:15 - 2021-07-07 00:15 - 000000207 _____ C:\Windows\tweaking.com-regbackup-USER-HP-Windows-7-Starter-(32-bit).dat
2021-07-07 00:14 - 2021-07-07 00:14 - 000000000 ____D C:\RegBackup
2021-07-07 00:09 - 2021-07-07 00:13 - 005509218 _____ C:\Users\User\Desktop\tweaking.com_registry_backup_portable.zip
2021-07-06 23:31 - 2021-07-06 23:31 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2021-07-06 19:33 - 2021-07-06 20:14 - 000089559 _____ C:\Users\User\Desktop\Addition.txt
2021-07-06 19:30 - 2021-07-06 20:14 - 000073032 _____ C:\Users\User\Desktop\FRST.txt
2021-07-06 18:59 - 2021-07-07 00:25 - 000000000 ____D C:\FRST
2021-07-06 15:52 - 2021-07-06 15:52 - 000000917 _____ C:\Windows\Tasks\ Update {7A1DE94B-8FF7-4C11-B782-84462DA7338A}.job
2021-07-06 03:52 - 2021-07-06 03:52 - 002014208 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2021-07-06 03:48 - 2021-07-06 03:48 - 000002804 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2021-07-06 03:47 - 2021-07-07 03:48 - 000000000 ____D C:\Program Files\CCleaner
2021-07-06 03:47 - 2021-07-06 23:26 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2021-07-06 03:47 - 2021-07-06 03:47 - 000000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-07-06 03:46 - 2021-07-06 03:46 - 000000000 ____D C:\Users\User\AppData\Roaming\ZHP
2021-07-06 03:46 - 2021-07-06 03:46 - 000000000 ____D C:\Users\User\AppData\Local\ZHP
2021-07-06 03:45 - 2021-07-06 03:46 - 035958288 _____ (Piriform Software Ltd) C:\Users\User\Documents\ccsetup582.exe
2021-07-06 03:44 - 2021-07-06 03:45 - 003258008 _____ (Nicolas Coolman) C:\Users\User\Documents\ZHPCleaner.exe
2021-07-06 03:35 - 2021-07-06 03:35 - 000003720 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2021-07-06 03:35 - 2021-07-06 03:35 - 000002406 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2021-07-06 03:33 - 2021-07-06 03:33 - 000003498 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
2021-07-06 03:33 - 2021-07-06 03:33 - 000003370 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
2021-07-06 03:28 - 2021-07-06 03:41 - 000000000 ____D C:\Users\User\AppData\Local\Avast Software
2021-07-06 03:28 - 2021-07-06 03:28 - 000002079 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-07-06 03:28 - 2021-07-06 03:28 - 000000000 ____D C:\Users\User\AppData\Roaming\Avast Software
2021-07-06 03:22 - 2021-07-06 03:22 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2021-07-06 03:21 - 2021-07-06 23:26 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2021-07-06 03:21 - 2021-07-06 03:21 - 000691224 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2021-07-06 03:21 - 2021-07-06 03:21 - 000388848 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2021-07-06 03:21 - 2021-07-06 03:21 - 000379536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNetHub.sys
2021-07-06 03:21 - 2021-07-06 03:21 - 000287000 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2021-07-06 03:21 - 2021-07-06 03:21 - 000277616 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2021-07-06 03:21 - 2021-07-06 03:21 - 000206352 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsh.sys
2021-07-06 03:21 - 2021-07-06 03:21 - 000183152 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2021-07-06 03:21 - 2021-07-06 03:21 - 000161880 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2021-07-06 03:21 - 2021-07-06 03:21 - 000152992 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2021-07-06 03:21 - 2021-07-06 03:21 - 000092752 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2021-07-06 03:21 - 2021-07-06 03:21 - 000091672 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbuniv.sys
2021-07-06 03:21 - 2021-07-06 03:21 - 000071408 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2021-07-06 03:21 - 2021-07-06 03:21 - 000039320 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2021-07-06 03:21 - 2021-07-06 03:21 - 000036104 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNetNd6.sys
2021-07-06 03:21 - 2021-07-06 03:21 - 000033608 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArDisk.sys
2021-07-06 03:21 - 2021-07-06 03:21 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-07-06 03:21 - 2021-07-06 03:20 - 000292880 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdriver.sys
2021-07-06 03:17 - 2021-07-06 03:32 - 000000000 ____D C:\Program Files\Avast Software
2021-07-06 03:16 - 2021-07-07 11:34 - 000000000 ____D C:\ProgramData\Avast Software
2021-07-06 03:11 - 2021-07-06 03:11 - 000143224 _____ C:\Windows\Minidump\070521-41075-01.dmp
2021-07-06 01:03 - 2021-07-06 01:05 - 000225816 _____ (AVAST Software) C:\Users\User\Documents\avast_free_antivirus_setup_online.exe
2021-07-06 01:03 - 2021-07-06 01:05 - 000225816 _____ (AVAST Software) C:\Users\User\Desktop\avast_free_antivirus_setup_online.exe
2021-07-05 21:06 - 2021-07-05 21:06 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2021-07-05 21:04 - 2021-07-05 21:04 - 000002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2021-07-05 21:04 - 2021-07-05 21:04 - 000001041 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2021-07-05 21:04 - 2021-07-05 21:04 - 000000000 ____D C:\Program Files\SpywareBlaster
2021-07-05 21:03 - 2021-07-07 11:33 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2021-07-05 21:03 - 2021-07-07 10:34 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-07-05 21:03 - 2018-02-06 23:20 - 000030056 _____ (Safer-Networking Ltd.) C:\Windows\System32\sdnclean.exe
2021-07-05 20:57 - 2021-07-05 20:58 - 008553680 _____ (Malwarebytes) C:\Users\User\Documents\adwcleaner_8.3.0.exe
2021-07-05 20:56 - 2021-07-05 20:57 - 004432784 _____ (BrightFort LLC ) C:\Users\User\Documents\spywareblastersetup60.exe
2021-07-05 20:55 - 2021-07-05 20:59 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\User\Documents\spybotsd-2.7.64.0.exe
2021-07-05 19:29 - 2021-07-05 19:29 - 000000000 ____D C:\Users\User\AppData\Roaming\Motorola
2021-07-05 15:21 - 2021-07-05 15:21 - 000000000 ____D C:\Users\User\Desktop\Nueva carpeta
2021-07-05 15:16 - 2021-07-07 02:02 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-07-05 15:15 - 2021-07-07 01:59 - 000213936 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2021-07-05 15:14 - 2021-07-05 15:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-07-05 15:14 - 2021-07-05 15:13 - 000163800 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbae.sys
2021-07-05 13:35 - 2021-07-05 13:35 - 000001847 _____ C:\Users\User\Desktop\ShadowExplorer.lnk
2021-07-05 13:35 - 2021-07-05 13:35 - 000000000 ____D C:\Users\User\AppData\Roaming\www.shadowexplorer.com
2021-07-05 13:34 - 2021-07-05 13:35 - 000000000 ____D C:\Program Files\ShadowExplorer
2021-07-05 08:02 - 2021-07-05 08:02 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2021-07-05 06:40 - 2021-07-05 06:40 - 000000000 ____D C:\Program Files\Malwarebytes
2021-07-05 05:05 - 2021-07-05 13:49 - 001358136 _____ C:\Windows\ntbtlog.txt
2021-07-05 04:50 - 2021-07-07 00:19 - 000000000 ____D C:\Windows\pss
2021-07-05 03:26 - 2021-07-05 03:26 - 000000000 ____D C:\Users\User\AppData\Local\Yandex
2021-07-05 03:05 - 2021-07-05 03:05 - 000000558 _____ C:\Users\User\AppData\Local\bowsakkdestx.txt
2021-07-05 03:05 - 2021-07-05 03:05 - 000000000 ____D C:\SystemID
2021-07-05 02:59 - 2021-07-07 11:35 - 020185088 _____ C:\Windows\System32\C_32770.NLS
2021-07-04 19:18 - 2021-07-05 03:47 - 000000000 ____D C:\Program Files\UltData for Android
2021-07-04 15:50 - 2021-07-04 15:50 - 000000000 ____D C:\Users\User\AppData\Roaming\Wondershare
2021-07-04 03:07 - 2021-07-07 06:26 - 000000000 ____D C:\Tenorshare
2021-07-04 02:52 - 2021-07-07 00:57 - 000000000 ____D C:\Program Files\Tenorshare
2021-06-29 19:01 - 2021-07-06 03:10 - 345746991 _____ C:\Windows\MEMORY.DMP
2021-06-29 19:01 - 2021-06-29 19:01 - 000143296 _____ C:\Windows\Minidump\062921-43368-01.dmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-07 11:34 - 2018-06-06 02:25 - 000196608 _____ C:\Windows\System32\Ikeext.etl
2021-07-07 11:34 - 2009-07-14 05:34 - 000016480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-07-07 11:34 - 2009-07-14 05:34 - 000016480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-07-07 11:32 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-07 09:05 - 2020-03-30 04:59 - 000000000 ____D C:\xampp
2021-07-07 07:29 - 2018-02-26 12:46 - 000000000 ____D C:\users\Yasmin
2021-07-07 06:31 - 2014-03-10 09:47 - 000000000 ____D C:\users\MSSQL$SQLEXPRESS2012
2021-07-07 06:26 - 2019-07-09 14:51 - 000000000 ____D C:\Temp
2021-07-07 06:26 - 2011-02-10 20:23 - 000000000 ___HD C:\SYSTEM.SAV
2021-07-07 06:25 - 2011-02-10 20:23 - 000000000 ____D C:\SWSetup
2021-07-07 06:19 - 2014-06-19 22:04 - 000000000 ____D C:\Samples - EmbroideryStudio e1.5
2021-07-07 06:18 - 2017-09-21 23:37 - 000000000 ___HD C:\respaldo
2021-07-07 06:18 - 2014-06-19 22:08 - 000000000 ____D C:\SampleDatabase
2021-07-07 04:49 - 2014-03-10 09:05 - 000000000 ____D C:\HP_TOOLS_mountHPSF
2021-07-07 04:49 - 2011-02-16 19:51 - 000000000 ___HD C:\HP
2021-07-07 04:48 - 2014-06-19 22:04 - 000000000 ____D C:\Clipart
2021-07-07 04:46 - 2020-03-29 18:58 - 000000000 ____D C:\AdwCleaner
2021-07-07 04:46 - 2017-09-19 19:05 - 000000000 ____D C:\Adjustment Program
2021-07-07 04:31 - 2013-10-23 23:34 - 000000000 ____D C:\Users\User\AppData\Local\ESET
2021-07-07 04:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\System32\NDF
2021-07-07 01:39 - 2018-07-16 21:15 - 000000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2021-07-07 01:00 - 2020-11-24 12:01 - 000000000 ____D C:\Program Files\Wondershare
2021-07-07 00:20 - 2020-12-02 19:14 - 000000000 ____D C:\Users\User\AppData\LocalLow\Temp
2021-07-07 00:19 - 2009-07-14 03:37 - 000000000 ___HD C:\Windows\System32\GroupPolicy
2021-07-06 18:48 - 2011-04-12 18:22 - 000795536 _____ C:\Windows\System32\perfh00A.dat
2021-07-06 18:48 - 2011-04-12 18:22 - 000177236 _____ C:\Windows\System32\perfc00A.dat
2021-07-06 18:48 - 2010-11-20 22:01 - 001811308 _____ C:\Windows\System32\PerfStringBackup.INI
2021-07-06 18:48 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2021-07-06 03:11 - 2015-01-31 18:17 - 000000000 ____D C:\Windows\Minidump
2021-07-06 01:13 - 2020-10-28 21:07 - 000007605 _____ C:\Users\User\AppData\Local\Resmon.ResmonCfg
2021-07-05 23:37 - 2011-07-20 00:48 - 000000000 ____D C:\ProgramData\Temp
2021-07-05 19:29 - 2019-07-09 14:51 - 000000000 ____D C:\Program Files\Motorola Mobility
2021-07-05 19:29 - 2011-04-12 08:58 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2021-07-05 19:12 - 2011-04-12 08:54 - 000000000 ____D C:\Program Files\Windows Live
2021-07-05 19:11 - 2011-04-12 08:55 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2021-07-05 19:09 - 2009-07-14 03:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-07-05 19:06 - 2018-03-19 20:16 - 000000000 ____D C:\ProgramData\Electronic Arts
2021-07-05 15:17 - 2014-05-04 01:42 - 000000000 ____D C:\Program Files\epson
2021-07-05 15:15 - 2020-09-20 15:52 - 000131352 _____ C:\Windows\System32\GDIPFONTCACHEV1.DAT
2021-07-05 15:10 - 2009-07-14 03:37 - 000000000 __RHD C:\Users\Public\Libraries
2021-07-05 15:08 - 2018-03-20 23:30 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2021-07-05 15:08 - 2013-02-19 01:44 - 000000000 ____D C:\Program Files\Pixlr
2021-07-05 15:06 - 2011-10-14 03:28 - 000000000 ____D C:\ProgramData\Skype
2021-07-05 15:05 - 2018-10-15 14:05 - 000000000 ____D C:\Program Files\Nokia
2021-07-05 15:05 - 2017-02-22 23:30 - 000000000 ____D C:\Users\User\AppData\Local\SkypePlugin
2021-07-05 15:04 - 2020-03-26 05:13 - 000000000 ____D C:\Program Files\VideoLAN
2021-07-05 14:56 - 2020-08-10 17:31 - 000000917 _____ C:\Windows\Tasks\EPSON L3150 Series Update {DD86AEFB-1EA0-4D48-ACF4-61AFFC7FCFB5}.job
2021-07-05 14:56 - 2020-05-15 03:10 - 000000000 ____D C:\Users\User\AppData\Roaming\Zoom
2021-07-05 14:56 - 2018-08-09 14:22 - 003870592 _____ C:\Windows\System32\FNTCACHE.DAT
2021-07-05 14:56 - 2015-02-09 15:45 - 000001042 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4047135609-2362062722-1061616882-1001UA1d0447714d75660.job
2021-07-05 14:54 - 2019-08-03 03:03 - 000000000 ____D C:\Program Files\TeamViewer
2021-07-05 14:53 - 2020-06-04 22:21 - 000000000 ____D C:\Users\User\AppData\Local\WebEx
2021-07-05 13:34 - 2015-01-31 20:58 - 000000000 ____D C:\Users\User\Documents\Bluetooth Folder
2021-07-05 06:20 - 2014-05-18 16:16 - 000001042 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4047135609-2362062722-1061616882-1001UA1cf72ac33623b59.job
2021-07-05 04:26 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\AppCompat
2021-07-05 04:25 - 2020-05-23 21:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-05 04:25 - 2019-02-13 13:11 - 000000000 ____D C:\Users\User\Downloads\RESET_EPSON_TX430W TX420W
2021-07-05 04:25 - 2018-05-22 06:55 - 000000000 ____D C:\Users\User\Downloads\Canaima
2021-07-05 04:25 - 2018-03-17 01:51 - 000000000 ____D C:\Users\User\Downloads\Nueva carpeta
2021-07-05 04:25 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\registration
2021-07-05 04:22 - 2020-11-24 12:01 - 000000000 ____D C:\ProgramData\Wondershare
2021-07-05 03:35 - 2018-02-22 13:00 - 000000000 ____D C:\Users\User\Downloads\redes
2021-07-05 03:34 - 2019-08-20 19:51 - 000000000 ____D C:\Users\User\Downloads\Ready Set Go Patterns 2 by Harper Finch
2021-07-05 03:34 - 2019-08-20 19:50 - 000000000 ____D C:\Users\User\Downloads\Ready Set Go! Patterns by Harper Finch
2021-07-05 03:34 - 2019-05-07 17:13 - 000000000 ____D C:\Users\User\Downloads\LABELS
2021-07-05 03:34 - 2019-03-18 11:13 - 000000000 ____D C:\Users\User\Downloads\body niña
2021-07-05 03:34 - 2018-07-29 21:08 - 000000000 ____D C:\Users\User\Downloads\planos
2021-07-05 03:34 - 2018-07-17 02:56 - 000000000 ____D C:\Users\User\Downloads\Fluttershy M&T Pattern Release
2021-07-05 03:11 - 2019-08-20 20:27 - 000047149 _____ C:\Users\User\Downloads\{3D} RENDER DELANTE.jpg.zqqw
2021-07-05 03:11 - 2019-08-20 20:27 - 000046015 _____ C:\Users\User\Downloads\{3D} RENDER ATRAS.jpg.zqqw
2021-07-05 03:11 - 2019-08-20 20:27 - 000043874 _____ C:\Users\User\Downloads\{3D}NIVEL 2.jpg.zqqw
2021-07-05 03:11 - 2019-08-19 18:19 - 000028519 _____ C:\Users\User\Downloads\renov.docx.zqqw
2021-07-05 03:11 - 2019-06-28 15:48 - 000468674 _____ C:\Users\User\Downloads\Yasmin C. Flores L..pdf.zqqw
2021-07-05 03:11 - 2019-06-28 07:08 - 065457540 _____ C:\Users\User\Downloads\publicidad-Recuperado.psd.zqqw
2021-07-05 03:11 - 2019-05-05 05:11 - 000121446 _____ C:\Users\User\Downloads\Sistema-de-Facturacion-Ejemplo.xlsm.zqqw
2021-07-05 03:11 - 2019-05-01 16:52 - 036252309 _____ C:\Users\User\Downloads\publicidad.psd.zqqw
2021-07-05 03:11 - 2019-04-25 01:55 - 000768846 _____ C:\Users\User\Downloads\TESTIGOS DE JEHOVA DE VENEZUELA.doc.zqqw
2021-07-05 03:11 - 2019-02-14 06:04 - 000275278 _____ C:\Users\User\Downloads\Solicitud_Contrato_Afiliacion_Establecimiento_TDC_TDD (2).doc.zqqw
2021-07-05 03:11 - 2019-02-14 06:03 - 000275278 _____ C:\Users\User\Downloads\Solicitud_Contrato_Afiliacion_Establecimiento_TDC_TDD (1).doc.zqqw
2021-07-05 03:11 - 2019-02-14 05:59 - 000275278 _____ C:\Users\User\Downloads\Solicitud_Contrato_Afiliacion_Establecimiento_TDC_TDD.doc.zqqw
2021-07-05 03:11 - 2018-10-30 12:42 - 000050524 _____ C:\Users\User\Downloads\WhatsApp Image 2018-10-30 at 7.16.10 AM.jpeg.zqqw
2021-07-05 03:11 - 2018-10-17 06:56 - 000033614 _____ C:\Users\User\Downloads\programming_and_unlock_quick_reference-1.xls.zqqw
2021-07-05 03:11 - 2018-09-30 23:44 - 000014359 _____ C:\Users\User\Downloads\Resolución N° 031 de fecha 1° de febrero de 1999, mediante la cual se establece que las personas, para profesar su fe religiosa y ejercer su culto, que necesiten constituir iglesias (1).docx.zqqw
2021-07-05 03:11 - 2018-09-30 23:43 - 000066732 _____ C:\Users\User\Downloads\Reglamento Organico MPPRIJP (2).docx.zqqw
2021-07-05 03:11 - 2018-09-30 23:11 - 000066732 _____ C:\Users\User\Downloads\Reglamento Organico MPPRIJP (1).docx.zqqw
2021-07-05 03:11 - 2018-09-30 23:04 - 000014359 _____ C:\Users\User\Downloads\Resolución N° 031 de fecha 1° de febrero de 1999, mediante la cual se establece que las personas, para profesar su fe religiosa y ejercer su culto, que necesiten constituir iglesias.docx.zqqw
2021-07-05 03:11 - 2018-09-30 22:17 - 000066732 _____ C:\Users\User\Downloads\Reglamento Organico MPPRIJP.docx.zqqw
2021-07-05 03:11 - 2018-09-12 13:35 - 000031290 _____ C:\Users\User\Downloads\rifyas.pdf.zqqw
2021-07-05 03:11 - 2018-07-17 02:35 - 000093168 _____ C:\Users\User\Downloads\pony_plush_tutorials_and_pattern_by_adamlhumphreys-d88hibu.png.zqqw
2021-07-05 03:11 - 2018-07-16 22:11 - 000482827 _____ C:\Users\User\Downloads\pony_plushie_pattern_v2_0_by_jackiekie-d5hjacn.png.zqqw
2021-07-05 03:11 - 2018-05-22 06:57 - 000937926 _____ C:\Users\User\Downloads\zRufus-2.11.exe.zqqw
2021-07-05 03:11 - 2018-05-22 06:57 - 000227009 _____ C:\Users\User\Downloads\Windows7 MiniOS-Desktop.pdf.zqqw
2021-07-05 03:11 - 2018-05-14 06:54 - 000043854 _____ C:\Users\User\Downloads\Solicitud_Registro_Nacimiento_Mayores_Formato_3.doc.zqqw
2021-07-05 03:11 - 2018-03-21 15:03 - 000030979 _____ C:\Users\User\Downloads\Sin título-3.png.zqqw
2021-07-05 03:11 - 2018-03-02 21:49 - 000191829 _____ C:\Users\User\Downloads\REDES.docx.zqqw
2021-07-05 03:11 - 2018-02-22 18:29 - 005481822 _____ C:\Users\User\Downloads\Yaskawaii Informacion.docx.zqqw
2021-07-05 03:11 - 2018-02-22 18:22 - 001224513 _____ C:\Users\User\Downloads\Yaskawaii Informacion.pdf.zqqw
2021-07-05 03:11 - 2018-01-31 07:45 - 000091910 _____ C:\Users\User\Downloads\WhatsApp Image 2018-01-31 at 1.40.04 AM.jpeg.zqqw
2021-07-05 03:11 - 2018-01-31 07:45 - 000089606 _____ C:\Users\User\Downloads\WhatsApp Image 2018-01-31 at 1.44.47 AM.jpeg.zqqw
2021-07-05 03:11 - 2018-01-31 07:45 - 000086731 _____ C:\Users\User\Downloads\WhatsApp Image 2018-01-31 at 1.44.48 AM.jpeg.zqqw
2021-07-05 03:11 - 2018-01-31 07:44 - 000083968 _____ C:\Users\User\Downloads\WhatsApp Image 2018-01-31 at 1.40.00 AM.jpeg.zqqw
2021-07-05 03:11 - 2018-01-29 14:29 - 000560109 _____ C:\Users\User\Downloads\WhatsApp Image 2018-01-29 at 8.29.19 AM.jpeg.zqqw
2021-07-05 03:10 - 2021-06-03 22:29 - 011175398 _____ C:\Users\User\Downloads\FileZilla_3.52.2_win32-setup.exe.zqqw
2021-07-05 03:10 - 2021-06-03 22:25 - 011166806 _____ C:\Users\User\Downloads\FileZilla_3.51.0_win32-setup.exe.zqqw
2021-07-05 03:10 - 2021-02-25 22:06 - 000000496 ____H C:\Users\User\Documents\~$sson plan.docx.zqqw
2021-07-05 03:10 - 2021-02-25 22:05 - 000000496 ____H C:\Users\User\Documents\~$t  5A, 5B (II M).Prof Omar Leonet(Cramer,Inec,Combinatoria).docx.zqqw
2021-07-05 03:10 - 2021-02-25 21:46 - 000450019 ____H C:\Users\User\Documents\~WRL0003.tmp.zqqw
2021-07-05 03:10 - 2020-09-18 23:24 - 000179282 _____ C:\Users\User\Downloads\logo.png.zqqw
2021-07-05 03:10 - 2020-09-15 13:38 - 000026628 ____H C:\Users\User\Documents\~WRL0168.tmp.zqqw
2021-07-05 03:10 - 2020-08-09 23:24 - 000014281 ____H C:\Users\User\Documents\~WRL3256.tmp.zqqw
2021-07-05 03:10 - 2020-04-09 04:52 - 000012651 _____ C:\Users\User\Downloads\Informe de Pagos  ChocoWawita.xlsx.zqqw
2021-07-05 03:10 - 2020-03-02 13:44 - 000311630 _____ C:\Users\User\Downloads\ADP_013_solicitud_contrato_afiliacion_de_establecimiento_al_uso_de_tarjetas_de_credito_debito.doc.zqqw
2021-07-05 03:10 - 2020-03-02 13:44 - 000311630 _____ C:\Users\User\Downloads\ADP_013_solicitud_contrato_afiliacion_de_establecimiento_al_uso_de_tarjetas_de_credito_debito (1).doc.zqqw
2021-07-05 03:10 - 2020-01-23 12:57 - 000120576 _____ C:\Users\User\Downloads\credencial.jpg.zqqw
2021-07-05 03:10 - 2020-01-20 07:13 - 013359231 _____ C:\Users\User\Downloads\animationinstalacion.rar.zqqw
2021-07-05 03:10 - 2020-01-08 16:47 - 001614158 _____ C:\Users\User\Downloads\chocowawita FINAL.doc.zqqw
2021-07-05 03:10 - 2020-01-08 16:02 - 001614158 _____ C:\Users\User\Downloads\chocowawita (1).doc.zqqw
2021-07-05 03:10 - 2019-10-22 04:48 - 002033850 _____ C:\Users\User\Downloads\etique3.psd.zqqw
2021-07-05 03:10 - 2019-10-22 04:47 - 000322851 _____ C:\Users\User\Downloads\etiquetaimpre.docx.zqqw
2021-07-05 03:10 - 2019-10-21 14:49 - 000504300 _____ C:\Users\User\Downloads\etiqueta.docx.zqqw
2021-07-05 03:10 - 2019-10-21 14:33 - 000087732 _____ C:\Users\User\Downloads\etiqueta2.png.zqqw
2021-07-05 03:10 - 2019-10-21 14:31 - 000067711 _____ C:\Users\User\Downloads\etiqueta.png.zqqw
2021-07-05 03:10 - 2019-10-21 08:30 - 000321557 _____ C:\Users\User\Downloads\logo.docx.zqqw
2021-07-05 03:10 - 2019-10-21 07:51 - 003782925 _____ C:\Users\User\Downloads\CHOCOWAWITAETIQUETA.psd.zqqw
2021-07-05 03:10 - 2019-10-03 13:07 - 001199677 _____ C:\Users\User\Downloads\impre.docx.zqqw
2021-07-05 03:10 - 2019-10-03 13:07 - 001199677 _____ C:\Users\User\Downloads\impre (1).docx.zqqw
2021-07-05 03:10 - 2019-10-02 15:58 - 000046500 _____ C:\Users\User\Downloads\IMG-20191001-WA0002.jpg.zqqw
2021-07-05 03:10 - 2019-10-01 23:06 - 000012715 _____ C:\Users\User\Downloads\mINISTERIO a POSTOLADO A LAS NACIONES.docx.zqqw
2021-07-05 03:10 - 2019-09-27 03:29 - 000016077 _____ C:\Users\User\Downloads\DGJRIC.REGLAMENTOINTERNO.docx.zqqw
2021-07-05 03:10 - 2019-08-22 12:41 - 000286055 _____ C:\Users\User\Downloads\img263.jpg.zqqw
2021-07-05 03:10 - 2019-08-19 18:40 - 000162638 _____ C:\Users\User\Downloads\mayo.doc.zqqw
2021-07-05 03:10 - 2019-08-15 20:53 - 001576118 _____ C:\Users\User\Downloads\logoseriochoco.psd.zqqw
2021-07-05 03:10 - 2019-08-15 20:27 - 005633024 _____ C:\Users\User\Downloads\deliverychoco.psd.zqqw
2021-07-05 03:10 - 2019-08-07 13:49 - 000272718 _____ C:\Users\User\Downloads\CREDITO_AL_CONSUMO18.doc.zqqw
2021-07-05 03:10 - 2019-08-07 13:49 - 000053070 _____ C:\Users\User\Downloads\CNE_348_balance_personal.xls.zqqw
2021-07-05 03:10 - 2019-08-07 13:49 - 000038734 _____ C:\Users\User\Downloads\CNE.377_carta_explicativa.doc.zqqw
2021-07-05 03:10 - 2019-07-24 14:08 - 000133688 _____ C:\Users\User\Downloads\66083429_349494929285350_2628159947479092388_n.jpg.zqqw
2021-07-05 03:10 - 2019-07-07 01:47 - 000632318 _____ C:\Users\User\Downloads\cupg.png.zqqw
2021-07-05 03:10 - 2019-06-28 15:49 - 000540078 _____ C:\Users\User\Downloads\Pasteleria Básica - Yennifer López.pdf.zqqw
2021-07-05 03:10 - 2019-06-24 18:22 - 000081488 _____ C:\Users\User\Downloads\62514321_633812383765789_7898804517905367040_n (1).jpg.zqqw
2021-07-05 03:10 - 2019-06-20 03:02 - 002377464 _____ C:\Users\User\Downloads\impre.png.zqqw
2021-07-05 03:10 - 2019-06-07 14:00 - 000595895 _____ C:\Users\User\Downloads\l.png.zqqw
2021-07-05 03:10 - 2019-06-06 04:39 - 000608035 _____ C:\Users\User\Downloads\23_motivos_cute_by_by_kary_d4tuigz.pat.zqqw
2021-07-05 03:10 - 2019-05-26 11:03 - 000171031 _____ C:\Users\User\Downloads\juegoajedrez.png.zqqw
2021-07-05 03:10 - 2019-05-09 01:15 - 000000499 ____H C:\Users\User\Documents\~$tortabase.xlsx.zqqw
2021-07-05 03:10 - 2019-05-08 00:54 - 043335786 _____ C:\Users\User\Downloads\chocowawitaafiche.psd.zqqw
2021-07-05 03:10 - 2019-05-07 19:02 - 008698982 _____ C:\Users\User\Downloads\afiche.png.zqqw
2021-07-05 03:10 - 2019-05-05 08:28 - 000019318 _____ C:\Users\User\Downloads\planilla-de-excel-calculadora-de-costo-de-recetas.xlsx.zqqw
2021-07-05 03:10 - 2019-05-01 15:07 - 001692565 _____ C:\Users\User\Downloads\logobebe.psd.zqqw
2021-07-05 03:10 - 2019-04-25 02:20 - 000496462 _____ C:\Users\User\Downloads\CONSTANCIA TESTIGO DE JEHOVA DFE VENEZUELA.doc.zqqw
2021-07-05 03:10 - 2019-03-09 11:20 - 000771406 _____ C:\Users\User\Downloads\2019_Macaracuay_Tickes - Pto de Venta (1).doc.zqqw
2021-07-05 03:10 - 2019-02-27 07:22 - 000014689 _____ C:\Users\User\Downloads\9900884ad46a4bbf53c0ecde3c1d20e9.jpg.zqqw
2021-07-05 03:10 - 2019-02-27 07:21 - 000014479 _____ C:\Users\User\Downloads\610630500ebf3c5a8d5cbd5ee1ba2907 (1).jpg.zqqw
2021-07-05 03:10 - 2019-02-27 07:18 - 000015542 _____ C:\Users\User\Downloads\5ca8aa769d816868cad347a34fa540f8.jpg.zqqw
2021-07-05 03:10 - 2019-02-27 07:15 - 000011398 _____ C:\Users\User\Downloads\711d17af865a6be481c95c3bc8257996.jpg.zqqw
2021-07-05 03:10 - 2019-02-27 07:14 - 000007016 _____ C:\Users\User\Downloads\04e9a5a899b9a272507a561ddd82b4ec.jpg.zqqw
2021-07-05 03:10 - 2019-02-27 07:03 - 000040401 _____ C:\Users\User\Downloads\e92f581a995a422f515d3b78df675658.jpg.zqqw
2021-07-05 03:10 - 2019-02-27 06:57 - 000133815 _____ C:\Users\User\Downloads\60184718105684d313303697846ab661.jpg.zqqw
2021-07-05 03:10 - 2019-02-14 12:29 - 000018687 _____ C:\Users\User\Downloads\2e1e66f8240bc87c41006246a6075dcb.jpg.zqqw
2021-07-05 03:10 - 2019-02-14 12:01 - 000043173 _____ C:\Users\User\Downloads\Planos-para-construir-casas-gratis.png.zqqw
2021-07-05 03:10 - 2019-02-14 11:15 - 000054606 _____ C:\Users\User\Downloads\FO_Planilla_Afiliacion_ Instalacion_POS.xls.zqqw
2021-07-05 03:10 - 2019-02-13 07:13 - 000437070 _____ C:\Users\User\Downloads\FO_Solicitud_de_Creditos_Sociales.xls.zqqw
2021-07-05 03:10 - 2019-02-08 02:26 - 000053070 _____ C:\Users\User\Downloads\MAXIMO FLORES RODRÍGUEZ.doc.zqqw
2021-07-05 03:10 - 2018-12-05 15:38 - 000284406 _____ C:\Users\User\Downloads\modelo_solicitud_balances.xlsx.zqqw
2021-07-05 03:10 - 2018-12-05 14:58 - 000020334 _____ C:\Users\User\Downloads\Certificado-de-ingresos-expedida-por-contador-público-1.docx.zqqw
2021-07-05 03:10 - 2018-11-01 12:57 - 000055118 _____ C:\Users\User\Downloads\ACTA DE ASOCIACION SANTIDAD DE DIOS.doc.zqqw
2021-07-05 03:10 - 2018-10-30 01:31 - 000041420 _____ C:\Users\User\Downloads\imagen.png.jpeg.zqqw
2021-07-05 03:10 - 2018-10-17 06:36 - 000045390 _____ C:\Users\User\Downloads\COMPATIBILIDAD NOKIA.doc.zqqw
2021-07-05 03:10 - 2018-10-15 21:12 - 000000496 ____H C:\Users\User\Desktop\~$TA CONSTITUTIVA MODELO.docx.zqqw
2021-07-05 03:10 - 2018-10-11 12:27 - 000169350 _____ C:\Users\User\Downloads\cedula.pptx.zqqw
2021-07-05 03:10 - 2018-09-15 01:54 - 000077737 _____ C:\Users\User\Downloads\IVSS%2c INVERSIONES DALUPA.COM%2c C.A.docx.zqqw
2021-07-05 03:10 - 2018-08-25 20:36 - 000205811 _____ C:\Users\User\Downloads\01_MANUAL COMPRADOR VERSION BETA.pdf.zqqw
2021-07-05 03:10 - 2018-07-22 17:56 - 000027312 _____ C:\Users\User\Downloads\f3c29b073ab5a9db5bf7d6b36fce5e7c.jpg.zqqw
2021-07-05 03:10 - 2018-07-22 17:55 - 000052529 _____ C:\Users\User\Downloads\6b45bcac18c7e78642b702d28c42bf80.jpg.zqqw
2021-07-05 03:10 - 2018-07-22 17:55 - 000047522 _____ C:\Users\User\Downloads\328ad1643df6a458aafe02527c8bb4f1.jpg.zqqw
2021-07-05 03:10 - 2018-07-22 17:55 - 000025729 _____ C:\Users\User\Downloads\a714c61ce3c6f2d4dd33bc193fe5a631.jpg.zqqw
2021-07-05 03:10 - 2018-07-22 17:53 - 000091960 _____ C:\Users\User\Downloads\013adc6b99b2b327e283ae121d081fbe.jpg.zqqw
2021-07-05 03:10 - 2018-07-22 17:52 - 000028397 _____ C:\Users\User\Downloads\8d54dc0a8c87ee49b6e9b7ace605f4c4.jpg.zqqw
2021-07-05 03:10 - 2018-07-22 16:20 - 000090806 _____ C:\Users\User\Downloads\BeeZeeArt_unicorn_165_1280x1280.jpg.zqqw
2021-07-05 03:10 - 2018-07-22 06:40 - 000030844 _____ C:\Users\User\Downloads\be7161c12be2b14af215fa221d87ddb6.jpg.zqqw
2021-07-05 03:10 - 2018-07-22 06:37 - 000046522 _____ C:\Users\User\Downloads\482c5fa9dae66b1846352133c741d9d4.jpg.zqqw
2021-07-05 03:10 - 2018-07-22 06:37 - 000029354 _____ C:\Users\User\Downloads\042c09c222301d54d31467f531362727.jpg.zqqw
2021-07-05 03:10 - 2018-07-20 04:27 - 003229357 _____ C:\Users\User\Downloads\IMG_20180719_224512.jpg.zqqw
2021-07-05 03:10 - 2018-07-20 04:27 - 003055282 _____ C:\Users\User\Downloads\IMG_20180719_224505.jpg.zqqw
2021-07-05 03:10 - 2018-07-20 04:27 - 002887153 _____ C:\Users\User\Downloads\IMG_20180719_221829.jpg.zqqw
2021-07-05 03:10 - 2018-07-17 06:08 - 000029147 _____ C:\Users\User\Downloads\359487_scanttt0005.jpg.zqqw
2021-07-05 03:10 - 2018-07-17 03:06 - 000076576 _____ C:\Users\User\Downloads\free_alicorn_plush_pattern_by_inept77-d8kgmmw.png.zqqw
2021-07-05 03:10 - 2018-07-17 03:02 - 000127042 _____ C:\Users\User\Downloads\1.jpg.zqqw
2021-07-05 03:10 - 2018-07-17 03:02 - 000087799 _____ C:\Users\User\Downloads\cont2.jpg.zqqw
2021-07-05 03:10 - 2018-07-17 02:34 - 000055605 _____ C:\Users\User\Downloads\pattern_tutorial_body_side_by_adamlhumphreys-d88hghy.png.zqqw
2021-07-05 03:10 - 2018-07-16 21:44 - 000019070 _____ C:\Users\User\Downloads\390ed17c79ae33fc0583b851740de5d3.jpg.zqqw
2021-07-05 03:10 - 2018-06-22 16:10 - 000240591 _____ C:\Users\User\Downloads\maximo florez.PDF.zqqw
2021-07-05 03:10 - 2018-06-21 12:06 - 006937442 _____ C:\Users\User\Downloads\IMG_20180621_062801.jpg.zqqw
2021-07-05 03:10 - 2018-06-14 16:57 - 000082252 _____ C:\Users\User\Downloads\MOVTRA201806141157164990655780.XLS.zqqw
2021-07-05 03:10 - 2018-06-06 01:36 - 000272718 _____ C:\Users\User\Downloads\CNE.263_solicitud_credito_consumo.doc.zqqw
2021-07-05 03:10 - 2018-05-25 05:39 - 000173390 _____ C:\Users\User\Downloads\Estados_financieros_(Excel)94082000_201003 (1).xls.zqqw
2021-07-05 03:10 - 2018-05-25 05:39 - 000056142 _____ C:\Users\User\Downloads\analisis-de-estados-financieros-vertical.xls.zqqw
2021-07-05 03:10 - 2018-05-24 15:19 - 000075598 _____ C:\Users\User\Downloads\234_formato71.xls.zqqw
2021-07-05 03:10 - 2018-05-24 15:12 - 000497998 _____ C:\Users\User\Downloads\Metodos de Depreciacion.xls.zqqw
2021-07-05 03:10 - 2018-05-23 20:15 - 000080033 _____ C:\Users\User\Downloads\ctrl_entry-point_2015-01-01.xlsx.zqqw
2021-07-05 03:10 - 2018-05-23 20:14 - 000173390 _____ C:\Users\User\Downloads\Estados_financieros_(Excel)94082000_201003.xls.zqqw
2021-07-05 03:10 - 2018-05-16 19:59 - 000036230 _____ C:\Users\User\Downloads\BINGO201805161430296732599140.PDF.zqqw
2021-07-05 03:10 - 2018-05-15 03:35 - 000136797 _____ C:\Users\User\Downloads\Pañal G.pdf.zqqw
2021-07-05 03:10 - 2018-05-15 03:35 - 000131972 _____ C:\Users\User\Downloads\Pañal M.pdf.zqqw
2021-07-05 03:10 - 2018-05-15 03:35 - 000072693 _____ C:\Users\User\Downloads\Alita M.pdf.zqqw
2021-07-05 03:10 - 2018-05-15 03:35 - 000072299 _____ C:\Users\User\Downloads\Alita P.pdf.zqqw
2021-07-05 03:10 - 2018-05-15 03:35 - 000072273 _____ C:\Users\User\Downloads\Alita G.pdf.zqqw
2021-07-05 03:10 - 2018-05-15 03:34 - 000125509 _____ C:\Users\User\Downloads\Pañal P.pdf.zqqw
2021-07-05 03:10 - 2018-05-14 06:36 - 000048462 _____ C:\Users\User\Downloads\PLANILLA_PARA_TRAMITE_DE_DNI.doc.zqqw
2021-07-05 03:10 - 2018-05-14 06:35 - 000016699 _____ C:\Users\User\Downloads\DECLARACION JURADA DE NO RENUNCIA A LA NACIONALIDAD-2014 - MODELO (1).docx.zqqw
2021-07-05 03:10 - 2018-05-14 06:28 - 000018059 _____ C:\Users\User\Downloads\DECLARACION JURADA DE PARENTESCO-2014 - MODELO (2).docx.zqqw
2021-07-05 03:10 - 2018-05-05 16:45 - 000081405 _____ C:\Users\User\Downloads\MOVTRA201805051117090420582891.XLS.zqqw
2021-07-05 03:10 - 2018-05-04 16:05 - 001783582 _____ C:\Users\User\Downloads\IMG_20180504_103503.jpg.zqqw
2021-07-05 03:10 - 2018-05-04 15:07 - 002899136 _____ C:\Users\User\Downloads\IMG_20180503_192150.jpg.zqqw
2021-07-05 03:10 - 2018-03-23 15:27 - 000056654 _____ C:\Users\User\Downloads\INVERSIONES EDILYAS CONDOMINIOS ARVERGAR.doc.zqqw
2021-07-05 03:10 - 2018-03-22 04:43 - 000100686 _____ C:\Users\User\Downloads\CB852920180321231417.xls.zqqw
2021-07-05 03:10 - 2018-03-21 15:00 - 000027873 _____ C:\Users\User\Downloads\LUBRO.png.zqqw
2021-07-05 03:10 - 2018-03-19 18:03 - 000049746 _____ C:\Users\User\Downloads\IMG-20171024-WA0035.jpg.zqqw
2021-07-05 03:10 - 2018-03-19 18:01 - 000122272 _____ C:\Users\User\Downloads\IMG-20171024-WA0043.jpg.zqqw
2021-07-05 03:10 - 2018-03-19 18:01 - 000065102 _____ C:\Users\User\Downloads\IMG-20171024-WA0040.jpg.zqqw
2021-07-05 03:10 - 2018-02-22 19:30 - 000231202 _____ C:\Users\User\Downloads\IMG-20160306-WA0011.jpg.zqqw
2021-07-05 03:10 - 2018-02-22 19:30 - 000176919 _____ C:\Users\User\Downloads\IMG-20160225-WA0008.jpg.zqqw
2021-07-05 03:10 - 2018-02-09 19:28 - 000000000 ____D C:\Users\User\Cisco Packet Tracer 6.1sv
2021-07-05 03:10 - 2018-02-06 02:32 - 000133702 _____ C:\Users\User\Downloads\IMG-20180205-WA0026.jpg.zqqw
2021-07-05 03:10 - 2018-02-06 02:32 - 000129313 _____ C:\Users\User\Downloads\IMG-20180205-WA0028.jpg.zqqw
2021-07-05 03:10 - 2018-02-06 02:32 - 000122929 _____ C:\Users\User\Downloads\IMG-20180205-WA0024.jpg.zqqw
2021-07-05 03:10 - 2018-02-06 02:32 - 000102463 _____ C:\Users\User\Downloads\IMG-20180205-WA0025.jpg.zqqw
2021-07-05 03:10 - 2018-01-31 08:00 - 000673316 _____ C:\Users\User\Downloads\25cm.png.zqqw
2021-07-05 03:10 - 2018-01-31 07:55 - 000969814 _____ C:\Users\User\Downloads\pel.png.zqqw
2021-07-05 03:10 - 2018-01-29 07:18 - 000005094 _____ C:\Users\User\Downloads\modelo-nota-de-entrega-excel.xlsx.zqqw
2021-07-05 03:10 - 2015-12-04 03:28 - 000000000 ____D C:\Users\User\.android
2021-07-05 03:08 - 2020-09-26 11:00 - 007407342 _____ C:\Users\User\basquet.psd.zqqw
2021-07-05 03:08 - 2018-02-09 19:28 - 000000508 _____ C:\Users\User\.packettracer.zqqw
2021-07-05 03:08 - 2011-10-14 05:04 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-07-05 02:23 - 2009-07-14 03:03 - 019660800 _____ C:\Windows\System32\config\BCD00000000
2021-07-04 03:02 - 2015-05-21 19:01 - 000001042 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4047135609-2362062722-1061616882-1001UA1d093f027ff03d1.job
2021-07-03 18:36 - 2014-05-03 23:09 - 000000990 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4047135609-2362062722-1061616882-1001Core1cf671c4ec37ad4.job
2021-07-03 04:02 - 2015-05-21 19:01 - 000000990 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4047135609-2362062722-1061616882-1001Core1d093f027c3f5c4.job
2021-07-01 23:14 - 2009-07-14 05:52 - 000000000 ____D C:\Windows\System32\FxsTmp
2021-06-30 21:38 - 2012-01-10 02:45 - 000002323 _____ C:\Users\User\Desktop\Google Chrome.lnk
2021-06-28 00:32 - 2020-03-26 05:16 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-06-22 23:54 - 2014-10-04 02:36 - 000000000 ____D C:\Users\User\AppData\Roaming\FileZilla
2021-06-17 15:30 - 2018-08-08 05:27 - 000008224 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2021-06-14 03:33 - 2014-05-04 16:05 - 000000000 ____D C:\Users\User\AppData\Roaming\Epson

==================== KnownDLLs (Whitelisted) =========================


==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\dllhost.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================

Restore point date: 2021-07-04 03:10
Restore point date: 2021-07-05 15:06
Restore point date: 2021-07-05 15:08
Restore point date: 2021-07-05 15:09
Restore point date: 2021-07-05 19:09
Restore point date: 2021-07-05 19:10
Restore point date: 2021-07-05 19:17
Restore point date: 2021-07-05 19:18
Restore point date: 2021-07-05 19:20
Restore point date: 2021-07-05 19:29
Restore point date: 2021-07-05 23:32
Restore point date: 2021-07-06 19:00
Restore point date: 2021-07-06 19:02
Restore point date: 2021-07-06 19:26
Restore point date: 2021-07-07 00:19
Restore point date: 2021-07-07 09:25

==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 1786.9 MB
Available physical RAM: 1177.02 MB
Total Virtual: 1786.9 MB
Available Virtual: 1183.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:453.39 GB) (Free:362.27 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Removable) (Total:1.89 GB) (Free:1.89 GB) FAT
Drive f: (Disco Local) (Fixed) (Total:12.07 GB) (Free:11.96 GB) NTFS
Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: (HRM_CCSA_X86FRE_ES-ES_DV5) (CDROM) (Total:2.4 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5E9F2CBA)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 32CEC0D6)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0E)

LastRegBack: 2021-07-01 10:59
==================== End of FRST.txt ========================

logre hacerlo con cd de windows, ya voy a empezar a seguir las otras instrucciones

TDSSKiller.3.1.0.28_07.07.2021_14.36.53_log.txt (222,2 KB)

TDSSKiller.3.1.0.28_07.07.2021_14.46.48_log.txt (5,0 KB)

Aparecieron estos dos reportes de TDSSkiller

Hola nuevamente,

Comento por parte de windows 7 ya que es el que me muestran las herramientas que tienes. Despues revisamos bien porque es algo raro que marquen tienes 7 si es 8.1

Viendo el reporte de TDSSKiller:

14:40:19.0866 0x0784  ================ Scan MBR ==================================
14:40:19.0890 0x0784  [ 321F15F5DD6D1A8AC926714AA52D2C5B ] \Device\Harddisk0\DR0
14:40:19.0894 0x0784  Suspicious mbr (Forged): \Device\Harddisk0\DR0
14:40:19.0999 0x0784  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Backboot.e ( 0 )
14:40:19.0999 0x0784  \Device\Harddisk0\DR0 ( Rootkit.Boot.Backboot.e ) - infected
14:40:23.0059 0x0784  ================ Scan VBR ==================================
14:40:23.0103 0x0784  [ 60F5B5600A5A65150BE3649937D526A5 ] \Device\Harddisk0\DR0\Partition1
14:40:23.0148 0x0784  \Device\Harddisk0\DR0\Partition1 - ok
14:40:23.0174 0x0784  [ 4A4B1B81B4ED0E99F5FDCC783426B57D ] \Device\Harddisk0\DR0\Partition2
14:40:23.0197 0x0784  \Device\Harddisk0\DR0\Partition2 - ok
14:40:23.0234 0x0784  [ 9E1FBB750A3F1AE6EDCFABDBABAC64B4 ] \Device\Harddisk0\DR0\Partition3
14:40:23.0263 0x0784  \Device\Harddisk0\DR0\Partition3 - ok
14:40:23.0287 0x0784  [ B12B0E3A9BE3AE0883D46E2AFF3BCD2D ] \Device\Harddisk0\DR0\Partition4
14:40:23.0306 0x0784  \Device\Harddisk0\DR0\Partition4 - ok
14:40:23.0307 0x0784  ================ Scan generic autorun ======================
14:40:24.0169 0x0784  [ 06B43CB00B61BE55B6D100B15EDFBC39, AE6BA7C0A7E10E2197CF21C5BA98630A14C366D0D3402EEA0FEB42B6AAD3827B ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
14:40:25.0024 0x0784  SDTray - ok
14:40:25.0216 0x0784  [ E3D9D360B30C404E683CAE0CE6A57118, C6AFC45A6E502ED6BEA62BA43F36C8CF83894A98E40AE72B50C1D7B2E2A622E2 ] C:\Program Files\Avast Software\Avast\AvLaunch.exe
14:40:25.0255 0x0784  AvastUI.exe - ok
14:40:26.0040 0x0784  [ 0FDE330837830102673073FA4C5EEAD7, 7C171704A89F00CAAADA1C491EEFCA738351734E8FCF93E4F8444E55B4CA2EC4 ] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
14:40:27.0019 0x0784  Spybot-S&D Cleaning - ok
14:40:27.0170 0x0784  [ C59C2E8A24E556C84C26EF5F972DFD44, 4BC6E5595F50E9E94914FFB51C8288AF30894D98B6F2D7899497781A48CC1E78 ] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCL.EXE
14:40:27.0222 0x0784  EPSON TX420W Series - ok
14:40:27.0286 0x0784  [ A55D06C3CD5C6E08F35AF7190DB18FD8, 482E0175A73C2D211EBC22A960A5F7EA0ACE24B7FA6045F67C120763127DFADA ] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIUNE.EXE
14:40:27.0342 0x0784  EPLTarget\P0000000000000000 - ok
14:40:27.0346 0x0784  Waiting for KSN requests completion. In queue: 5
14:40:28.0349 0x0784  Waiting for KSN requests completion. In queue: 5
14:40:29.0349 0x0784  Waiting for KSN requests completion. In queue: 5
14:40:31.0551 0x0784  Win FW state via NFP2: enabled ( trusted )
14:40:34.0434 0x0784  ============================================================
14:40:34.0435 0x0784  Scan finished
14:40:34.0435 0x0784  ============================================================
14:40:34.0464 0x1794  Detected object count: 2
14:40:34.0466 0x1794  Actual detected object count: 2
14:40:52.0587 0x1794  vusbbus ( UnsignedFile.Multi.Generic ) - skipped by user
14:40:52.0588 0x1794  vusbbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:41:25.0184 0x1794  \Device\Harddisk0\DR0\# - copied to quarantine
14:41:25.0191 0x1794  \Device\Harddisk0\DR0 - copied to quarantine
14:41:25.0372 0x1794  \Device\Harddisk0\DR0 - processing error
14:42:46.0373 0x1794  \Device\Harddisk0\DR0 - will be restored on reboot
14:42:46.0373 0x1794  \Device\Harddisk0\DR0 ( Rootkit.Boot.Backboot.e ) - User select action: Cure Restore 
14:42:46.0479 0x1794  KLMD registered as C:\Windows\system32\drivers\35840947.sys
14:42:55.0001 0x0cd4  Deinitialize success

Parece que este se encargo de la parte dura de la infracción

Esperamos el reporte de MBAR.

Saludos

buenas tardes, disculpa no me explique yo tengo windows 7 en la pc, pero tengo es un cd de windows 8 como me mencionaste que servia otro windows que no fuera el mismo para entrar en el modo reparar.

aqui esta el otro informe

mbar-log-2021-07-07 (16-12-00).txt (2,1 KB)

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2021.07.07.04
  rootkit: v2021.07.07.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-HP [administrator]

07/07/2021 04:12:00 p.m.
mbar-log-2021-07-07 (16-12-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 227018
Time elapsed: 1 hour(s), 3 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

hola nuevamente aqui te anexo el segundo informe que dice el manual system.log

la pc anda mas rapida para iniciar y abrir programas, ya no esta como antes qe empezaba hasta sonar como si estuviera forzandose, claro como te comente aun sale la pantalla negra con el mensaje del escaneo del disco.

muchas gracias de veras por tu paciencia, como vamos hasta los momentos bien?

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 1873702912, free: 173236224

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 1873702912, free: 162742272

Downloaded database version: v2021.07.07.04
Downloaded database version: v2021.07.07.04
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     07/07/2021 15:00:33
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\35840947.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\aswRvrt.sys
\SystemRoot\system32\drivers\aswVmm.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\aswbuniv.sys
\SystemRoot\system32\drivers\aswbidsh.sys
\SystemRoot\system32\drivers\aswArDisk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\RsFx0200.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\drivers\aswNetHub.sys
\SystemRoot\system32\DRIVERS\aswNetNd6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\drivers\aswbidsdriver.sys
\SystemRoot\system32\drivers\aswArPot.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\amdiox86.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vusbbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\aksusb.sys
\SystemRoot\system32\DRIVERS\AKSCLASS.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\stwrt.sys
\SystemRoot\system32\DRIVERS\akshasp.sys
\SystemRoot\system32\DRIVERS\akshhl.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\wntpport.SYS
\SystemRoot\system32\DRIVERS\aksfridge.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\System32\Drivers\MbamChameleon.sys
\SystemRoot\system32\DRIVERS\mwac.sys
\??\C:\Windows\system32\drivers\mbae.sys
\SystemRoot\system32\DRIVERS\farflt.sys
\??\C:\Windows\system32\drivers\7766B16D.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2021.07.07.04
  rootkit: v2021.07.07.04

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff860ad030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff860adad0, DeviceName: Unknown, DriverName: \Driver\aswArDisk\
DevicePointer: 0xffffffff860adcd0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff860ad030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff860a63f8, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xffffffff85e874b8, DeviceName: \Device\00000063\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5E9F2CBA

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 950831104
    Partition is bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 951240704  Numsec = 25319424
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992
    Partition is not bootable
    Partition file system is FAT32

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Scan started
Database versions:
  main:    v2021.07.07.04
  rootkit: v2021.07.07.04

<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5E9F2CBA

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 950831104
    Partition is bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 951240704  Numsec = 25319424
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992
    Partition is not bootable
    Partition file system is FAT32

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-409600-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-951240704-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-976560128-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Hola nuevamente,

De hecho vamos muy bien.En cuanto a FRST lo ideal es usar el disco correspondiente a la versión que usas. Si es distinto digamos que nos limitamos un poco en cuanto a algunas cosas. Pero podemos hacer algunas cosas.

Realice lo siguiente:

Desde el ordenador limpio o modo normal:

• Abra el notepad; puede abrirlo en la barra de búsqueda de windows y escribiendo notepad.exe
• Posteriormente, copie y pegue este script de reparación dentro del Notepad comenzando en Start y terminando en End:

start
2021-07-05 03:26 - 2021-07-05 03:26 - 000000000 ____D C:\Users\User\AppData\Local\Yandex
2021-07-05 03:05 - 2021-07-05 03:05 - 000000558 _____ C:\Users\User\AppData\Local\bowsakkdestx.txt
2021-07-07 02:32 - 2021-07-07 11:34 - 000000000 ____D C:\Users\User\AppData\LocalLow\IGDump
C:\Windows\System32\drivers\uUjC52.sys
end

• Vaya a Archivo y selecciona Guardar Como.
• En la parte de Códificación eliga Unicode o UTF8 según le de la opción.
• Guardelo bajo el nombre de fixlist.txt en el escritorio.
• Copie el archivo fixlist.txt en la misma memoria USB donde esta frst.exe Esto es muy importante.

¡ATENCIÓN! El anterior Script de reparación fue hecho específicamente por un miembro del Staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

Desde el modo recovery en equipo infectado:

• Ingrese nuevamente a FRST como lo ha echo antes en el ordenador infectado.
• Haga clic una sola vez en el botón Fix / Corregir de FRST.
• Espere paciente a que termine el trabajo. Se guardara un archivo en tu unidad USB de nombre Fixlog.txt
• Si la ventana del programa sigue abierta cierrela. Luego en el Símbolo del sistema escriba shutdown /r y espera por el reinicio.

Desde el ordenador infectado en modo normal:

1. Después de reiniciar abra el archivo Fixlog.txt del USB y va a pegar todo su contenido en la siguiente respuesta comentando el estado del problema y el sistema.
2. Ejecute otro escaneo en FRST en modo normal para generar nuevos reportes.

Nos traerías:

• El reporte Fixlog de tu USB
• Los reportes frescos de FRST (adition y frst)
• Comentarios de cualquer anomalia que notes

Si vemos todo en orden te daría algunos pasos para procurar reparar el equipo. Puedes adjuntar los reportes si se complica pegarlos.

Saludos

mil gracias ya voy a realizar eso y te envio esos reportes

@ErdrickBass coloco shutdown/r y me indica que no se reconoce como comando interno o externo

te envio el reporte Fixlog.txt (870 Bytes)

Buenas,

Respecto al comando, solo tendría que llevar espacio entre la n y el /. Si no basta con cerrar la pantalla.

shutdown /r

El reporte nos muestra que se pudo eliminar todo y confirmo que parte de la infección fue eliminada con éxito en el escaneo de FRST.

Faltaría los reportes del nuevo escaneo de FRST en modo normal para ver si una vez eliminado el bootkit que tenías encontramos algo que estaba oculto.

Saludos

te comento ahorita la pc esta haciendo es la pantalla negra como scaneo y lleva 43% de entras de indice procesada eso es normal?

Buenas,

La pantalla negra es normal y que este haciendo sus procesos es buena señal.

Se trata de chkdisk, la cual es una herramienta que sirve para corregir errores de disco y del sistema de archivos. La infección que tenias evitaba que hiciera estas revisiones. Espera pacientemente a que termine y cuando lo haga procedes con lo demás.

Saludos