Trojan.Autoit.CKU systeminfo.exe


#1

Hola a todos! Soy nueva por aquí, espero explicarme correctamente. Desde hace unos días el ordenador funcionaba con la CPU casi al 100% hasta que abría el administrador de tareas, que bajaba de golpe. Probé con varios antivirus (malwarebytes entre ellos) y no detectaban nada, hasta que SpyHunter dio con él. Cada vez que inicia el PC detecta el Trojan.Autoit.CKU en C/users/vero/appdata/local/temp/systeminfo.exe {83810cf7b00943bdfa775107d70ae742}, lo pone en cuarentena pero sigue apareciendo con cada reinicio del sistema. ¿Cómo puedo eliminarlo por completo? Muchísimas gracias de antemano!!!


#2

Buenas @fageda bienvenido al Foro.

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos Javier.


#3

Hola Javier. Muchas gracias por tu rápida respuesta!

Copio los resultados:

  • Malwarebytes:

Malwarebytes

www.malwarebytes.com

-Detalles del registro-

Fecha del análisis: 16/3/19

Hora del análisis: 09:46

Archivo de registro: 1bcf854e-47e1-11e9-8aff-1c7508ac0dfe.json

-Información del software-

Versión: 3.7.1.2839

Versión de los componentes: 1.0.538

Versión del paquete de actualización: 1.0.9698

Licencia: Prueba

-Información del sistema-

SO: Windows 10 (Build 17134.648)

CPU: x64

Sistema de archivos: NTFS

Usuario: VeroPc\Vero

-Resumen del análisis-

Tipo de análisis: Análisis de amenazas

Análisis iniciado por:: Manual

Resultado: Completado

Objetos analizados: 389025

Amenazas detectadas: 0

Amenazas en cuarentena: 0

Tiempo transcurrido: 2 min, 5 seg

-Opciones de análisis-

Memoria: Activado

Inicio: Activado

Sistema de archivos: Activado

Archivo: Activado

Rootkits: Desactivado

Heurística: Activado

PUP: Detectar

PUM: Detectar

-Detalles del análisis-

Proceso: 0

(No hay elementos maliciosos detectados)

Módulo: 0

(No hay elementos maliciosos detectados)

Clave del registro: 0

(No hay elementos maliciosos detectados)

Valor del registro: 0

(No hay elementos maliciosos detectados)

Datos del registro: 0

(No hay elementos maliciosos detectados)

Secuencia de datos: 0

(No hay elementos maliciosos detectados)

Carpeta: 0

(No hay elementos maliciosos detectados)

Archivo: 0

(No hay elementos maliciosos detectados)

Sector físico: 0

(No hay elementos maliciosos detectados)

WMI: 0

(No hay elementos maliciosos detectados)

(end)
  • AdwCleaner:

# -------------------------------

# Malwarebytes AdwCleaner 7.2.7.0

# -------------------------------

# Build: 01-30-2019

# Database: 2019-01-25.2 (Local)

# Support: https://www.malwarebytes.com/support

#

# -------------------------------

# Mode: Scan

# -------------------------------

# Start: 03-16-2019

# Duration: 00:00:23

# OS: Windows 10 Pro

# Scanned: 31769

# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

AdwCleaner[S00].txt - [2243 octets] - [10/06/2018 10:41:48]

AdwCleaner[C00].txt - [2011 octets] - [10/06/2018 10:42:07]

AdwCleaner[S01].txt - [1424 octets] - [10/06/2018 10:55:38]

AdwCleaner[C01].txt - [1572 octets] - [10/06/2018 11:01:27]

AdwCleaner[S02].txt - [1547 octets] - [16/03/2019 12:13:32]

AdwCleaner[C02].txt - [1713 octets] - [16/03/2019 12:14:17]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########
  • Junkware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.4 (07.09.2017)

Operating System: Windows 10 Enterprise x64

Ran by Vero (Administrator) on 16/03/2019 at 12:23:16.05

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\WINDOWS\wininit.ini (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 16/03/2019 at 12:26:40.77

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#4
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.03.2019 01
Ran by Vero (administrator) on VEROPC (16-03-2019 12:27:37)
Running from C:\Users\Vero\Desktop
Loaded Profiles: Vero (Available Profiles: Vero)
Platform: Windows 10 Pro Version 1803 17134.648 (X64) Language: Español (España, internacional)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\WINWORD.EXE
(Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator\FoxitProxyServer_Socket_RD.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19646312 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\Run: [59c9f93e] => C:\ProgramData\59c9f93e\59c9f93e.exe C:\ProgramData\59c9f93e\59c9f93etest.au3
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-05] (Google LLC -> Google Inc.)
Startup: C:\Users\Vero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2019-03-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Vero\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f06f3a44-81cc-4ef7-a2f6-ad4a9267ec3c}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2019-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2019-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-03-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-08] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: c3nf4kus.default
FF ProfilePath: C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default [2019-03-16]
FF Homepage: Mozilla\Firefox\Profiles\c3nf4kus.default -> hxxp://google.es/
FF Session Restore: Mozilla\Firefox\Profiles\c3nf4kus.default -> is enabled.
FF Extension: (MEGA) - C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default\Extensions\[email protected] [2019-03-16] [UpdateUrl:hxxps://eu.static.mega.co.nz/3/firefox-web-extension-updates.json]
FF Extension: (signTextJS plus) - C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default\Extensions\[email protected] [2018-07-14]
FF Extension: (Avast Passwords) - C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default\Extensions\[email protected] [2019-01-31] [UpdateUrl:hxxps://pamcdn.avast.com/pamcdn/extensions/firefox/update.json]
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default\Extensions\[email protected] [2019-02-08]
FF Extension: (Avast Online Security) - C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default\Extensions\[email protected] [2019-01-31]
FF Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-03-16]
FF Extension: (Auto Unload Tab) - C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default\Extensions\{d3c46ca0-999d-11da-a72b-0800200c9a66}.xpi [2016-12-25] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-23] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-23] (Adobe Systems Incorporated -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-10-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-22] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-22] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://portalempleado.aragon.es/portal/page?_pageid=193,1&_dad=portal&_schema=PORTAL","hxxps://www.google.com/calendar/render?tab=mc","hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxps://mail.google.com/mail/?hl%3Des&ss=1&scc=1&ltmpl=default&ltmplcache=2&hl=es"
CHR NewTab: Default ->  Active:"chrome-extension://bhloflhklmhfpedakmangadcdofhnnoh/index.html"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default [2019-03-16]
CHR Extension: (Presentaciones) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-08]
CHR Extension: (Documentos) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-08]
CHR Extension: (Google Drive) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-04]
CHR Extension: (Earth View from Google Earth) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhloflhklmhfpedakmangadcdofhnnoh [2019-03-05]
CHR Extension: (YouTube) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-04]
CHR Extension: (AceProject) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnilfhgoncpjoccagknfhhepbocjpmkm [2015-07-08]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-03-14]
CHR Extension: (Búsqueda de Google) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-04]
CHR Extension: (Dropbox para Gmail) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2019-02-07]
CHR Extension: (Gmail sin conexión) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-03-18]
CHR Extension: (Chris Delbuck) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\elgfababjopgjalkgbfndlempbfdiecf [2015-03-18]
CHR Extension: (¿Qué cocino hoy?) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\enadeelnincmhhilgbiphjbjnnagnhmh [2015-03-18]
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-07]
CHR Extension: (Hojas de cálculo) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-08]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-14]
CHR Extension: (AdBlock) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-27]
CHR Extension: (Avast Online Security) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-02-18]
CHR Extension: (PDF Mergy - Merge PDF files) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2017-11-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-22]
CHR Extension: (Project Naptha) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2018-09-22]
CHR Extension: (Email tracking para Gmail - Mailtrack) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2019-03-14]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-22]
CHR HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ArcGIS License Manager; C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe [1431440 2008-08-02] (Acresso Software Inc. -> Acresso Software Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6758976 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357304 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd -> Disc Soft Ltd)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [10191664 2019-03-10] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737560 2019-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [539440 2019-03-10] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2017-01-17] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-10-09] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-10-09] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [225680 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196072 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320696 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57960 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [249672 2019-02-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167304 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034432 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474456 2019-02-18] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216784 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [379952 2019-03-11] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2015-03-15] (Disc Soft Ltd -> Disc Soft Ltd)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [69432 2019-03-16] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [12311776 2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-16] (Malwarebytes Corporation -> Malwarebytes)
S2 Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL64.SYS [141888 2006-04-20] (SafeNet, Inc. -> SafeNet, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-10-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [352424 2018-10-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60584 2018-10-09] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-16 12:26 - 2019-03-16 12:26 - 000000606 _____ C:\Users\Vero\Desktop\JRT.txt
2019-03-16 12:20 - 2019-03-16 12:20 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-16 12:20 - 2019-03-16 12:20 - 000000000 ____D C:\ProgramData\ZwbEgv
2019-03-16 12:17 - 2019-03-16 12:21 - 000069432 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2019-03-16 12:14 - 2019-03-16 12:14 - 000000000 ____D C:\ProgramData\bVnHrt
2019-03-16 12:09 - 2019-03-16 12:09 - 000000000 ____D C:\ProgramData\vFrJrqLG
2019-03-16 12:03 - 2019-03-16 12:03 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-16 12:03 - 2019-03-16 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-16 12:03 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-16 12:03 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-16 12:01 - 2019-03-16 12:01 - 000008166 _____ C:\Users\Vero\Desktop\cc_20190316_120111.reg
2019-03-16 11:58 - 2019-03-16 11:58 - 002433536 _____ (Farbar) C:\Users\Vero\Desktop\FRST64 (1).exe
2019-03-16 11:57 - 2019-03-16 11:57 - 007316688 _____ (Malwarebytes) C:\Users\Vero\Desktop\adwcleaner_7.2.7.0.exe
2019-03-16 11:57 - 2019-03-16 11:57 - 001790024 _____ (Malwarebytes) C:\Users\Vero\Desktop\JRT.exe
2019-03-16 11:56 - 2019-03-16 11:57 - 062171224 _____ (Malwarebytes ) C:\Users\Vero\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9698.exe
2019-03-16 11:56 - 2019-03-16 11:56 - 021205512 _____ (Piriform Software Ltd) C:\Users\Vero\Desktop\ccsetup555.exe
2019-03-15 22:37 - 2019-03-15 22:37 - 000002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2019-03-15 22:37 - 2019-03-15 22:37 - 000002283 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2019-03-12 19:47 - 2019-03-06 16:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-12 19:47 - 2019-03-06 16:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-12 19:47 - 2019-03-06 16:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-12 19:47 - 2019-03-06 16:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-12 19:47 - 2019-03-06 16:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-12 19:47 - 2019-03-06 16:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-12 19:47 - 2019-03-06 16:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-12 19:47 - 2019-03-06 16:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-12 19:47 - 2019-03-06 16:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-12 19:47 - 2019-03-06 16:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-12 19:47 - 2019-03-06 16:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-12 19:47 - 2019-03-06 16:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-12 19:47 - 2019-03-06 16:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-12 19:47 - 2019-03-06 16:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-12 19:47 - 2019-03-06 16:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-12 19:47 - 2019-03-06 16:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-12 19:47 - 2019-03-06 13:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-12 19:47 - 2019-03-06 13:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-12 19:47 - 2019-03-06 13:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-12 19:47 - 2019-03-06 13:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-12 19:47 - 2019-03-06 13:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-12 19:47 - 2019-03-06 13:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-12 19:47 - 2019-03-06 13:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-12 19:47 - 2019-03-06 13:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-12 19:47 - 2019-03-06 13:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-12 19:47 - 2019-03-06 12:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-12 19:47 - 2019-03-06 10:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-12 19:47 - 2019-03-06 10:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-12 19:47 - 2019-03-06 10:16 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-12 19:47 - 2019-03-06 10:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-12 19:47 - 2019-03-06 10:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-12 19:47 - 2019-03-06 10:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-12 19:47 - 2019-03-06 10:16 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-12 19:47 - 2019-03-06 10:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-12 19:47 - 2019-03-06 10:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-12 19:47 - 2019-03-06 10:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-12 19:47 - 2019-03-06 10:07 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-12 19:47 - 2019-03-06 10:07 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-12 19:47 - 2019-03-06 10:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-12 19:47 - 2019-03-06 10:06 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-12 19:47 - 2019-03-06 10:06 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-03-12 19:47 - 2019-03-06 10:06 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-03-12 19:47 - 2019-03-06 10:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-12 19:47 - 2019-03-06 10:05 - 000436240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-12 19:47 - 2019-03-06 10:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-12 19:47 - 2019-03-06 10:04 - 002765856 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-12 19:47 - 2019-03-06 10:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-12 19:47 - 2019-03-06 10:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-12 19:47 - 2019-03-06 10:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-12 19:47 - 2019-03-06 10:03 - 002719544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-12 19:47 - 2019-03-06 10:03 - 002465784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-12 19:47 - 2019-03-06 10:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-12 19:47 - 2019-03-06 10:03 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-03-12 19:47 - 2019-03-06 10:03 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-12 19:47 - 2019-03-06 10:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-12 19:47 - 2019-03-06 10:02 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-12 19:47 - 2019-03-06 10:02 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-12 19:47 - 2019-03-06 10:02 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-12 19:47 - 2019-03-06 10:02 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-12 19:47 - 2019-03-06 10:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-12 19:47 - 2019-03-06 09:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-12 19:47 - 2019-03-06 09:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-12 19:47 - 2019-03-06 09:36 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-12 19:47 - 2019-03-06 09:34 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-12 19:47 - 2019-03-06 09:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-12 19:47 - 2019-03-06 09:32 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-12 19:47 - 2019-03-06 09:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-12 19:47 - 2019-03-06 09:32 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2019-03-12 19:47 - 2019-03-06 09:32 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2019-03-12 19:47 - 2019-03-06 09:31 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-12 19:47 - 2019-03-06 09:31 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-12 19:47 - 2019-03-06 09:31 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-03-12 19:47 - 2019-03-06 09:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-12 19:47 - 2019-03-06 09:29 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-12 19:47 - 2019-03-06 09:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-12 19:47 - 2019-03-06 09:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-12 19:47 - 2019-03-06 09:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-12 19:47 - 2019-03-06 09:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-12 19:47 - 2019-03-06 09:27 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-12 19:47 - 2019-03-06 09:27 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-12 19:47 - 2019-03-06 09:27 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-12 19:47 - 2019-03-06 09:27 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-12 19:47 - 2019-03-06 09:26 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-12 19:47 - 2019-03-06 09:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-12 19:47 - 2019-03-06 09:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-12 19:47 - 2019-03-06 09:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-12 19:47 - 2019-03-06 08:08 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-03-12 19:47 - 2019-03-06 07:17 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-12 19:47 - 2019-03-06 07:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-12 19:47 - 2019-03-06 07:15 - 002253488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-12 19:47 - 2019-03-06 07:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-12 19:47 - 2019-03-06 07:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-12 19:47 - 2019-03-06 07:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-12 19:47 - 2019-03-06 07:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-12 19:47 - 2019-03-06 07:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-12 19:47 - 2019-03-06 07:14 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-12 19:47 - 2019-03-06 07:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-12 19:47 - 2019-03-06 07:05 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-12 19:47 - 2019-03-06 06:56 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-12 19:47 - 2019-03-06 06:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-12 19:47 - 2019-03-06 06:53 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-12 19:47 - 2019-03-06 06:52 - 005790720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-12 19:47 - 2019-03-06 06:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-12 19:47 - 2019-03-06 06:52 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-12 19:47 - 2019-03-06 06:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-12 19:47 - 2019-03-06 06:51 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-12 19:47 - 2019-03-06 06:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-12 19:47 - 2019-03-06 06:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-12 19:47 - 2019-03-06 06:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-12 19:47 - 2019-03-06 06:50 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-12 19:47 - 2019-03-06 06:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-12 19:47 - 2019-03-06 06:49 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-12 19:47 - 2019-03-06 06:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-03-12 19:47 - 2019-03-06 06:48 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-12 19:47 - 2019-03-06 06:48 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-12 19:47 - 2019-02-21 04:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-12 19:47 - 2019-02-16 14:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-12 19:47 - 2019-02-16 14:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-12 19:47 - 2019-02-16 14:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-12 19:47 - 2019-02-16 14:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-12 19:47 - 2019-02-16 14:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-12 19:47 - 2019-02-16 14:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-12 19:47 - 2019-02-16 14:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-12 19:47 - 2019-02-16 14:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-12 19:47 - 2019-02-16 14:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 002266936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 001786672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 001627448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 001424696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000954168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-12 19:47 - 2019-02-16 13:57 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000399672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000257848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000231224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2019-03-12 19:47 - 2019-02-16 13:57 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000183608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mavinject.exe
2019-03-12 19:47 - 2019-02-16 13:57 - 000180528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2019-03-12 19:47 - 2019-02-16 13:57 - 000172856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2019-03-12 19:47 - 2019-02-16 13:57 - 000034104 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2019-03-12 19:47 - 2019-02-16 13:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-12 19:47 - 2019-02-16 13:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-12 19:47 - 2019-02-16 13:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-12 19:47 - 2019-02-16 13:36 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-03-12 19:47 - 2019-02-16 13:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-12 19:47 - 2019-02-16 13:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-12 19:47 - 2019-02-16 13:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-12 19:47 - 2019-02-16 13:33 - 002194432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2019-03-12 19:47 - 2019-02-16 13:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-12 19:47 - 2019-02-16 13:32 - 003646976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-03-12 19:47 - 2019-02-16 13:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-12 19:47 - 2019-02-16 13:32 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2019-03-12 19:47 - 2019-02-16 13:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-12 19:47 - 2019-02-16 13:31 - 001186816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2019-03-12 19:47 - 2019-02-16 13:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-12 19:47 - 2019-02-16 13:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-12 19:47 - 2019-02-16 13:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-12 19:47 - 2019-02-16 13:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-12 19:47 - 2019-02-16 13:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-12 19:47 - 2019-02-16 13:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-12 19:47 - 2019-02-16 13:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-12 19:47 - 2019-02-16 13:25 - 001539896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-03-12 19:47 - 2019-02-16 13:25 - 000148784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mavinject.exe
2019-03-12 19:47 - 2019-02-16 13:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-12 19:47 - 2019-02-16 13:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-12 19:47 - 2019-02-16 13:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-12 19:47 - 2019-02-16 13:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-12 19:47 - 2019-02-16 13:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-12 19:47 - 2019-02-16 13:06 - 002890752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-03-12 19:47 - 2019-02-16 13:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-12 19:47 - 2019-02-16 13:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-12 19:47 - 2019-02-16 13:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-12 19:47 - 2019-02-16 13:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-12 19:47 - 2019-02-16 13:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-12 19:47 - 2019-02-16 13:02 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAppMonitor.exe
2019-03-12 19:47 - 2019-02-16 12:55 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Common.dll
2019-03-12 19:47 - 2019-02-16 11:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-12 19:47 - 2019-02-16 11:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-12 19:47 - 2019-02-16 09:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-12 19:47 - 2019-02-16 09:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-12 19:47 - 2019-02-16 09:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-12 19:47 - 2019-02-16 09:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-12 19:47 - 2019-02-16 09:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-12 19:47 - 2019-02-16 09:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-12 19:47 - 2019-02-16 09:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-12 19:47 - 2019-02-16 09:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-12 19:47 - 2019-02-16 09:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-12 19:47 - 2019-02-16 09:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-12 19:47 - 2019-02-16 09:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-12 19:47 - 2019-02-16 09:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-12 19:47 - 2019-02-16 09:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-12 19:47 - 2019-02-16 09:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-12 19:47 - 2019-02-16 09:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-12 19:47 - 2019-02-16 09:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-12 19:47 - 2019-02-16 09:01 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 000735464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-12 19:47 - 2019-02-16 09:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 000480840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-12 19:47 - 2019-02-16 08:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-12 19:47 - 2019-02-16 08:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-12 19:47 - 2019-02-16 08:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-12 19:47 - 2019-02-16 08:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-12 19:47 - 2019-02-16 08:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-12 19:47 - 2019-02-16 08:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-12 19:47 - 2019-02-16 08:50 - 001171336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-12 19:47 - 2019-02-16 08:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-12 19:47 - 2019-02-16 08:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-12 19:47 - 2019-02-16 08:50 - 000560384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-03-12 19:47 - 2019-02-16 08:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-12 19:47 - 2019-02-16 08:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-12 19:47 - 2019-02-16 08:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-12 19:47 - 2019-02-16 08:36 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-03-12 19:47 - 2019-02-16 08:35 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-12 19:47 - 2019-02-16 08:35 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-12 19:47 - 2019-02-16 08:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-12 19:47 - 2019-02-16 08:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-03-12 19:47 - 2019-02-16 08:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-03-12 19:47 - 2019-02-16 08:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-12 19:47 - 2019-02-16 08:33 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-03-12 19:47 - 2019-02-16 08:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-12 19:47 - 2019-02-16 08:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-12 19:47 - 2019-02-16 08:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-12 19:47 - 2019-02-16 08:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-03-12 19:47 - 2019-02-16 08:32 - 002969088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-12 19:47 - 2019-02-16 08:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-12 19:47 - 2019-02-16 08:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-12 19:47 - 2019-02-16 08:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-12 19:47 - 2019-02-16 08:31 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-12 19:47 - 2019-02-16 08:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-12 19:47 - 2019-02-16 08:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-12 19:47 - 2019-02-16 08:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-12 19:47 - 2019-02-16 08:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-12 19:47 - 2019-02-16 08:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-12 19:47 - 2019-02-16 08:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-12 19:47 - 2019-02-16 08:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-12 19:47 - 2019-02-16 08:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-12 19:47 - 2019-02-16 08:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-12 19:47 - 2019-02-16 08:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-12 19:47 - 2019-02-16 08:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-12 19:47 - 2019-02-16 08:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-12 19:47 - 2019-02-16 08:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-12 19:47 - 2019-02-16 08:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-12 19:47 - 2019-02-16 08:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-12 19:47 - 2019-02-16 08:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-12 19:47 - 2019-02-16 08:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-12 19:47 - 2019-02-16 08:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-12 19:47 - 2019-02-16 08:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-12 19:47 - 2019-02-16 08:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-12 19:47 - 2019-02-16 08:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-12 19:47 - 2019-02-16 08:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-12 19:47 - 2019-02-16 08:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-12 19:47 - 2019-02-16 08:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-12 19:47 - 2019-02-16 08:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-12 19:47 - 2019-02-16 08:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-03-11 19:17 - 2019-03-11 19:27 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-03-11 19:17 - 2019-03-11 19:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2019-03-10 21:08 - 2019-03-10 21:08 - 000000000 ____D C:\ProgramData\zSUpptDj
2019-03-10 20:37 - 2019-03-10 20:37 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2019-03-10 20:37 - 2019-03-10 20:37 - 000000000 ____D C:\sh5ldr
2019-03-10 20:37 - 2019-03-10 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2019-03-10 20:37 - 2019-03-10 20:37 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2019-03-10 20:36 - 2019-03-10 20:36 - 000000000 ____D C:\Program Files\EnigmaSoft
2019-03-10 18:50 - 2019-03-10 18:53 - 000055376 _____ C:\Users\Vero\Desktop\Addition.txt
2019-03-10 18:47 - 2019-03-16 12:29 - 000022497 _____ C:\Users\Vero\Desktop\FRST.txt
2019-03-10 18:47 - 2019-03-16 12:27 - 000000000 ____D C:\FRST
2019-03-10 18:45 - 2019-03-10 18:45 - 002434560 _____ (Farbar) C:\Users\Vero\Desktop\FRST64.exe
2019-03-10 11:37 - 2019-03-10 18:58 - 000000000 ____D C:\Users\Vero\Doctor Web
2019-03-10 11:37 - 2019-03-10 11:37 - 000000000 ____D C:\ProgramData\Doctor Web
2019-03-10 11:04 - 2019-03-10 11:36 - 185028216 _____ C:\Users\Vero\Downloads\cureit.exe
2019-03-10 09:46 - 2019-03-10 09:46 - 002870984 _____ (ESET) C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe
2019-03-10 09:46 - 2019-03-10 09:46 - 000000000 ____D C:\Program Files (x86)\ESET
2019-03-07 20:04 - 2019-03-07 20:04 - 000000000 ____D C:\Users\Vero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

#5
2019-02-18 21:05 - 2019-02-06 08:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-18 21:05 - 2019-02-06 08:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-18 21:05 - 2019-02-06 04:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-18 21:05 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-18 21:05 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-18 21:05 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-18 21:05 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-18 21:05 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-18 21:05 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-18 21:05 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-18 21:04 - 2019-02-06 08:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-18 21:04 - 2019-02-06 04:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-18 21:04 - 2019-02-06 04:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-18 21:04 - 2019-02-06 04:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-18 21:04 - 2019-02-06 04:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-18 21:04 - 2019-02-06 04:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-18 21:04 - 2019-02-06 03:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-18 21:04 - 2019-02-06 03:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-18 21:04 - 2019-02-06 03:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-18 21:04 - 2019-02-06 03:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-18 21:04 - 2019-02-06 03:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-18 21:04 - 2019-02-06 03:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-18 21:04 - 2019-02-06 03:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-18 21:04 - 2019-02-06 03:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-18 21:04 - 2019-02-06 03:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-18 21:04 - 2019-01-12 03:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-18 21:04 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-18 21:04 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-18 21:04 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-18 21:04 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-18 21:04 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-18 21:04 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-18 21:04 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-18 21:04 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-18 21:04 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-18 21:04 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-18 21:04 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-18 21:04 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-18 21:04 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-18 21:04 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-18 21:04 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-18 21:04 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-18 21:04 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-18 21:04 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-18 21:04 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-18 21:04 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-18 21:04 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-18 21:04 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-18 21:04 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-18 21:04 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-18 21:04 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-18 21:04 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-18 21:04 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-18 21:04 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-18 21:04 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-18 21:04 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-18 21:04 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-18 21:04 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-18 21:04 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-18 21:04 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-18 21:04 - 2019-01-08 04:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-18 21:04 - 2019-01-08 04:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-18 20:37 - 2019-02-18 20:37 - 000249672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-16 12:29 - 2018-05-27 10:56 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-03-16 12:29 - 2018-05-27 10:56 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-03-16 12:27 - 2018-05-27 10:57 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-16 12:27 - 2018-04-12 17:19 - 000787744 _____ C:\WINDOWS\system32\perfh00A.dat
2019-03-16 12:27 - 2018-04-12 17:19 - 000155340 _____ C:\WINDOWS\system32\perfc00A.dat
2019-03-16 12:27 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-16 12:21 - 2017-12-21 11:37 - 000000000 ____D C:\Users\Vero\AppData\Local\AVAST Software
2019-03-16 12:21 - 2015-03-18 17:44 - 000000000 ___RD C:\Users\Vero\Dropbox
2019-03-16 12:20 - 2018-05-27 10:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-16 12:20 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-03-16 12:20 - 2016-11-22 07:12 - 000000000 ____D C:\Users\Vero\AppData\LocalLow\Mozilla
2019-03-16 12:17 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-16 12:03 - 2018-06-10 09:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-16 12:03 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-16 11:49 - 2018-05-27 10:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-16 09:32 - 2016-11-10 18:14 - 000001012 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001UA1d23b75e473373c.job
2019-03-16 09:32 - 2016-11-10 18:14 - 000000960 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001Core1d23b75e469aba5.job
2019-03-16 09:24 - 2018-05-29 21:24 - 000000000 ____D C:\Users\Vero\AppData\Roaming\a975240ebdddbed4a27eaf27b1a1f621
2019-03-15 22:37 - 2018-02-14 19:56 - 000000000 ____D C:\Program Files\Google
2019-03-15 22:37 - 2015-03-15 14:40 - 000000000 ____D C:\Program Files (x86)\Google
2019-03-15 00:05 - 2018-09-22 09:03 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-03-15 00:05 - 2018-06-03 09:33 - 000003782 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-03-15 00:05 - 2018-05-27 10:56 - 000003722 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001UA1d23b75e473373c
2019-03-15 00:05 - 2018-05-27 10:56 - 000003548 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-15 00:05 - 2018-05-27 10:56 - 000003454 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001Core1d23b75e469aba5
2019-03-15 00:05 - 2018-05-27 10:56 - 000003324 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-15 00:05 - 2018-05-27 10:56 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-03-15 00:05 - 2018-05-27 10:56 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-03-14 21:17 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-14 20:57 - 2015-03-18 18:27 - 000000000 ____D C:\Users\Vero\AppData\Roaming\qBittorrent
2019-03-14 19:04 - 2012-07-26 06:26 - 000000167 _____ C:\WINDOWS\win.ini
2019-03-14 18:58 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-14 17:44 - 2018-01-24 17:18 - 000000000 ____D C:\Users\Vero\AppData\Local\Packages
2019-03-13 15:56 - 2018-05-27 10:46 - 000479032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-13 15:55 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-13 15:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-03-13 15:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-13 15:54 - 2018-04-12 17:24 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-03-13 15:54 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-03-13 15:54 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-13 15:54 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-13 15:54 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-03-13 15:54 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-13 15:52 - 2015-03-15 15:47 - 000000000 ____D C:\Program Files\WinRAR
2019-03-12 19:51 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-12 19:46 - 2015-03-15 16:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-12 19:42 - 2015-03-15 16:46 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-03-12 18:54 - 2015-03-15 15:47 - 000000000 ____D C:\Users\Vero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-12 18:54 - 2015-03-15 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-11 19:05 - 2018-05-27 10:48 - 000000000 ____D C:\Users\Vero
2019-03-11 19:05 - 2016-11-21 21:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-03-11 19:05 - 2015-04-07 19:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-11 19:03 - 2018-05-27 09:29 - 000379952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-03-09 11:32 - 2017-12-21 17:35 - 000000000 ____D C:\ProgramData\Foxit Software
2019-03-08 17:10 - 2015-04-11 08:40 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-03-08 17:10 - 2015-04-11 08:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-03-08 17:09 - 2018-03-20 08:23 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-03-08 17:09 - 2015-04-11 08:39 - 000000000 ____D C:\Program Files (x86)\Java
2019-03-07 20:47 - 2015-04-07 19:13 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-03-07 20:05 - 2015-03-18 17:37 - 000000000 ____D C:\Users\Vero\AppData\Roaming\Dropbox
2019-03-05 20:01 - 2017-03-13 10:49 - 000014577 _____ C:\Users\Vero\Desktop\GASTOS_SAN_FCO.xlsx
2019-03-05 19:40 - 2017-08-30 11:12 - 000000000 ____D C:\Program Files\rempl
2019-03-05 19:36 - 2015-03-15 14:51 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-03 17:54 - 2018-09-14 18:46 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-03 17:54 - 2018-09-14 18:46 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-27 18:41 - 2015-03-22 14:46 - 000000000 ___RD C:\Users\Vero\Google Drive
2019-02-22 18:05 - 2018-09-22 09:02 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-20 19:41 - 2016-09-25 08:24 - 000000000 ____D C:\Program Files\CCleaner
2019-02-18 21:54 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-18 21:54 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-18 20:38 - 2018-05-27 09:29 - 000474456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

==================== Files in the root of some directories =======

2015-03-19 17:47 - 2015-05-08 17:30 - 000007594 _____ () C:\Users\Vero\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-27 10:46

==================== End of FRST.txt ============================

#6

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.03.2019 01

Ran by Vero (16-03-2019 12:29:53)

Running from C:\Users\Vero\Desktop

Windows 10 Pro Version 1803 17134.648 (X64) (2018-05-27 09:56:44)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrador (S-1-5-21-2869096185-1707726864-3217315644-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2869096185-1707726864-3217315644-503 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2869096185-1707726864-3217315644-1003 - Limited - Enabled)

Invitado (S-1-5-21-2869096185-1707726864-3217315644-501 - Limited - Disabled)

Vero (S-1-5-21-2869096185-1707726864-3217315644-1001 - Administrator - Enabled) =&gt; C:\Users\Vero

WDAGUtilityAccount (S-1-5-21-2869096185-1707726864-3217315644-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with &quot;Hidden&quot; flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated)

Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)

Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.12.0 - Ant Software)

ArcGIS Desktop (HKLM-x32\...\{5033400B-0977-45AB-94CE-CC135A8E1BBB}) (Version: 9.3.4000 - Environmental Systems Research Institute, Inc.) Hidden

ArcGIS Desktop (HKLM-x32\...\ArcGIS Desktop) (Version: 9.3.4000 - Environmental Systems Research Institute, Inc.)

ArcGIS License Manager (HKLM-x32\...\ArcGIS License Manager) (Version: - )

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)

Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)

Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version: - )

CCleaner (HKLM\...\CCleaner) (Version: 5.53 - Piriform)

DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)

Dropbox (HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\Dropbox) (Version: 68.4.102 - Dropbox, Inc.)

Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.4.1.16828 - Foxit Software Inc.)

Freemake Video Converter versión 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)

Google Earth Pro (HKLM-x32\...\{9D524A1E-F2FC-444D-B12A-7592CEB56EB5}) (Version: 7.3.2.5776 - Google)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden

Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)

Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)

Java 8 Update 172 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)

Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)

Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Mozilla Firefox 65.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 65.0.2 (x64 es-ES)) (Version: 65.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 65.0.2.6995 - Mozilla)

NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - )

PDF Split And Merge Basic (HKLM-x32\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)

PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge)

Python 2.5 numpy-1.0.3 (HKLM-x32\...\numpy-py2.5) (Version: - )

Python 2.5 numpy-1.0.3 (HKLM-x32\...\Python 2.5 numpy-1.0.3) (Version: - )

Python 2.5.1 (HKLM-x32\...\Python 2.5.1) (Version: - )

qBittorrent 4.0.2 (HKLM-x32\...\qBittorrent) (Version: 4.0.2 - The qBittorrent project)

Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Sentinel System Driver(64-bit) 7.2.2 (HKLM\...\{97407E09-4EA8-49F0-A513-2C1776A6DEC0}) (Version: 7.2.2 - SafeNet, Inc.)

SoftPerfect WiFi Guard version 1.0.6 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.6 - SoftPerfect)

SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.4.2.101 - EnigmaSoft Limited)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)

Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)

Update for Skype for Business 2016 (KB4462190) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{6428D011-1A83-483A-A60C-354311CFE2A2}) (Version: - Microsoft)

Update for Skype for Business 2016 (KB4462190) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{6428D011-1A83-483A-A60C-354311CFE2A2}) (Version: - Microsoft)

Update for Skype for Business 2016 (KB4462190) 64-Bit Edition (HKLM\...\{90160000-012B-0C0A-1000-0000000FF1CE}_Office16.PROPLUS_{6428D011-1A83-483A-A60C-354311CFE2A2}) (Version: - Microsoft)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)

VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.2 - VideoLAN)

WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -&gt; [OneDrive] =&gt; {a52bba46-e9e1-435f-b3d9-28daa648c0f6}

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -&gt; [Dropbox] =&gt; C:\Users\Vero\Dropbox [2015-03-18 17:44]

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -&gt; [dropbox-NamespaceExtensionRole.Business] =&gt;

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -&gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} =&gt; C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -&gt; Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -&gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} =&gt; C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -&gt; Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -&gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} =&gt; C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -&gt; Google)

ShellIconOverlayIdentifiers: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File

ShellIconOverlayIdentifiers: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File

ShellIconOverlayIdentifiers: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File

ShellIconOverlayIdentifiers: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File

ShellIconOverlayIdentifiers: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File

ShellIconOverlayIdentifiers: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File

ShellIconOverlayIdentifiers: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File

ShellIconOverlayIdentifiers: [&quot;DropboxExt1&quot;] -&gt; {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [&quot;DropboxExt2&quot;] -&gt; {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [&quot;DropboxExt3&quot;] -&gt; {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [&quot;DropboxExt4&quot;] -&gt; {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [&quot;DropboxExt5&quot;] -&gt; {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [&quot;DropboxExt6&quot;] -&gt; {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [&quot;DropboxExt7&quot;] -&gt; {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [&quot;DropboxExt8&quot;] -&gt; {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00asw] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -&gt; AVAST Software)

ShellIconOverlayIdentifiers: [00avast] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -&gt; AVAST Software)

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File

ContextMenuHandlers1: [avast] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -&gt; AVAST Software)

ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -&gt; {A94757A0-0226-426F-B4F1-4DF381C630D3} =&gt; C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -&gt; Foxit Software Inc.)

ContextMenuHandlers1: [GDContextMenu] -&gt; {BB02B294-8425-42E5-983F-41A1FA970CD6} =&gt; C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -&gt; Google)

ContextMenuHandlers1: [WinRAR] -&gt; {B41DB860-64E4-11D2-9906-E49FADC173CA} =&gt; C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -&gt; Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -&gt; {B41DB860-8EE4-11D2-9906-E49FADC173CA} =&gt; C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -&gt; Alexander Roshal)

ContextMenuHandlers3: [00asw] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -&gt; AVAST Software)

ContextMenuHandlers3: [MBAMShlExt] -&gt; {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =&gt; C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -&gt; Malwarebytes)

ContextMenuHandlers3: [UnlockerShellExtension] -&gt; [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} =&gt; -&gt; No File

ContextMenuHandlers4: [GDContextMenu] -&gt; {BB02B294-8425-42E5-983F-41A1FA970CD6} =&gt; C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -&gt; Google)

ContextMenuHandlers5: [igfxcui] -&gt; {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =&gt; C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -&gt; Intel Corporation)

ContextMenuHandlers6: [avast] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -&gt; AVAST Software)

ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -&gt; {A94757A0-0226-426F-B4F1-4DF381C630D3} =&gt; C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -&gt; Foxit Software Inc.)

ContextMenuHandlers6: [MBAMShlExt] -&gt; {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =&gt; C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -&gt; Malwarebytes)

ContextMenuHandlers6: [UnlockerShellExtension] -&gt; {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} =&gt; C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -&gt; )

ContextMenuHandlers6: [WinRAR] -&gt; {B41DB860-64E4-11D2-9906-E49FADC173CA} =&gt; C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -&gt; Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -&gt; {B41DB860-8EE4-11D2-9906-E49FADC173CA} =&gt; C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -&gt; Alexander Roshal)

ContextMenuHandlers1_S-1-5-21-2869096185-1707726864-3217315644-1001: [DropboxExt] -&gt; {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ContextMenuHandlers4_S-1-5-21-2869096185-1707726864-3217315644-1001: [DropboxExt] -&gt; {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ContextMenuHandlers5_S-1-5-21-2869096185-1707726864-3217315644-1001: [DropboxExt] -&gt; {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B32475F-2E04-45E9-8C11-E08F002C7C32} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001UA1d23b75e473373c =&gt; C:\Users\Vero\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -&gt; Dropbox, Inc.)

Task: {0DB72CAF-1AAB-45B6-ACAF-EB006796348A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {124CF614-C885-4CC3-A416-E0BB880675DE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate =&gt; C:\WINDOWS\ehome\mcupdate.exe

Task: {129706D3-D636-4F62-8C71-4E4DC1196E40} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -&gt; No File &lt;==== ATTENTION

Task: {14DF7460-A149-4B1C-8B53-C762406316D0} - System32\Tasks\GoogleUpdateTaskMachineCore =&gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -&gt; Google Inc.)

Task: {1575DEF9-F655-451B-9A7D-53668B7157A9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe

Task: {1E6ADC3A-E8B5-4012-9CE6-99F129000F5D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001Core1d23b75e469aba5 =&gt; C:\Users\Vero\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -&gt; Dropbox, Inc.)

Task: {2215C0F6-63F8-4EC2-BDF3-68D9D57921C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe

Task: {24BF55DA-237D-42B8-B90A-393751E0D7FF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -&gt; No File &lt;==== ATTENTION

Task: {25F6568A-A3EF-48F4-8BDD-33D2E526F026} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {2A5F214D-F424-4B4A-A245-AB46759DAF84} - System32\Tasks\Adobe Acrobat Update Task =&gt; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -&gt; Adobe Systems Incorporated)

Task: {2FA95764-C41D-442B-8838-25B5C4007FF0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join =&gt; C:\WINDOWS\System32\AutoWorkplace.exe

Task: {3A6C2628-DCC2-4929-9AC6-A64022137020} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {3ABB4ED9-B889-4159-BC3F-DD373DF3E5A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -&gt; No File &lt;==== ATTENTION

Task: {41E4A630-B962-4564-A616-09F0B8D22310} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {46B0CE16-2463-48DB-956B-7917C0B8560E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat =&gt; C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -&gt; Microsoft Corporation)

Task: {474EDADC-E84E-4AAC-982F-A7657C84B49F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {48BF754A-6025-4D17-BED3-9769EDCB2E2D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {4A69A3A1-C9C6-432A-A0DC-F402B66D5D5F} - \WPD\SqmUpload_S-1-5-21-2869096185-1707726864-3217315644-1001 -&gt; No File &lt;==== ATTENTION

Task: {4EA98E37-6E8B-4BA4-A19B-44D8A81BC208} - System32\Tasks\GoogleUpdateTaskMachineUA =&gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -&gt; Google Inc.)

Task: {4EB6EC0F-FD05-49F5-A306-D782CA733637} - System32\Tasks\Avast Software\Overseer =&gt; C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -&gt; AVAST Software)

Task: {4EDDBD20-AE3F-40E2-9F3C-063E2071DB0D} - System32\Tasks\AutoPico Daily Restart =&gt; C:\Program Files\KMSpico\AutoPico.exe

Task: {5BB532DD-1880-427C-84F2-84D48B3F22C4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -&gt; No File &lt;==== ATTENTION

Task: {5EC206E1-3515-43F7-AF3E-A467F189258F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask =&gt; C:\WINDOWS\ehome\mcupdate.exe

Task: {720B5558-FBAF-4F06-95E3-245941F72704} - \Microsoft\Windows\Setup\gwx\rundetector -&gt; No File &lt;==== ATTENTION

Task: {7601D7FD-27F3-422B-925E-B3F27E3E7B04} - \Microsoft\Windows\UNP\RunCampaignManager -&gt; No File &lt;==== ATTENTION

Task: {7722A0EE-A466-40E8-A749-861409461773} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -&gt; No File &lt;==== ATTENTION

Task: {81458842-1ADD-4635-8118-34712AA1F616} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {8BDCF252-5C66-4A22-BB45-EE04DF488556} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -&gt; No File &lt;==== ATTENTION

Task: {8C50D9A6-BE95-46B1-B60F-2A71D7C19552} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled =&gt; C:\WINDOWS\ehome\mcupdate.exe

Task: {9C01FA77-1C23-4EE4-BAF0-0B137B396841} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -&gt; No File &lt;==== ATTENTION

Task: {A1C34456-4ADC-48B8-9266-BE71CB38365D} - System32\Tasks\CCleanerSkipUAC =&gt; C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -&gt; Piriform Software Ltd)

Task: {A5BD808F-1D33-4F4E-896B-B88CC1A270A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -&gt; No File &lt;==== ATTENTION

Task: {A807AAC8-E2F8-4260-87E1-F88D18904C5C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording =&gt; C:\WINDOWS\ehome\ehrec.exe

Task: {A8E7CE45-109C-484E-95DF-91C4492297CB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -&gt; No File &lt;==== ATTENTION

Task: {ADCB7E5E-906A-4302-8E51-406F3B9BEA8C} - System32\Tasks\Adobe Flash Player NPAPI Notifier =&gt; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe (Adobe Systems Incorporated -&gt; Adobe Systems Incorporated)

Task: {B26E128E-65D3-48B3-A7C1-9AC244D3AE6C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {B99464D2-5748-4A55-B85E-FC6F0EFDA46B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {C3090918-B8E7-4C30-BDE4-AEBD5EE51B80} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry =&gt; C:\WINDOWS\ehome\MCUpdate.exe

Task: {CA344261-C620-41D3-88A0-9714203DF38B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 =&gt; C:\Program Files\Microsoft Office\Office16\msoia.exe (Microsoft Corporation -&gt; Microsoft Corporation)

Task: {D1E6D24E-F3B0-4D45-B1EE-9C9CC0010FA7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -&gt; No File &lt;==== ATTENTION

Task: {D6BDE672-E36A-4878-B699-D5C3DA2979B3} - System32\Tasks\Avast Emergency Update =&gt; C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -&gt; AVAST Software)

Task: {D7C8F56B-A10C-4F59-9C69-69157004F140} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe

Task: {DAADA114-9BC4-4CD3-9D25-0C3C79E0BD1F} - System32\Tasks\CCleaner Update =&gt; C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -&gt; Piriform Software Ltd)

Task: {DD6AAE2E-2075-488D-87CB-C51139D9D6C8} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures

Task: {E8AB73BA-73D7-42CF-8CA3-10751DCB1723} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart =&gt; C:\WINDOWS\ehome\ehrec.exe

Task: {E94C11F8-A61F-493F-94B6-8515CCBB4AA7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {E95505C6-872D-473D-AC2C-7692FF6D26A0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -&gt; No File &lt;==== ATTENTION

Task: {F0FB4C42-F6BC-4880-9EA8-4739BF982845} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -&gt; No File &lt;==== ATTENTION

Task: {F3CD9DB3-F59F-45C5-A32A-3B558DECAE49} - System32\Tasks\AVAST Software\Avast settings backup =&gt; C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe

Task: {F3D393C6-177D-4988-B420-3D31275CF599} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {F51F1630-996E-4691-94A3-D20561D63098} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {F854FCCC-E800-46C9-8D9D-27A54CC0FB70} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {F90F9749-C737-46B5-B59A-715AA3572C86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 =&gt; C:\Program Files\Microsoft Office\Office16\msoia.exe (Microsoft Corporation -&gt; Microsoft Corporation)

Task: {FAB69052-EB3C-44CF-8D90-3F104BDB56AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -&gt; No File &lt;==== ATTENTION

Task: {FDA7D4BE-D22C-4002-B62F-869962AAC39E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -&gt; No File &lt;==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001Core1d23b75e469aba5.job =&gt; C:\Users\Vero\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001UA1d23b75e473373c.job =&gt; C:\Users\Vero\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts &amp; WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-06-10 09:16 - 2019-02-01 10:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll

2018-06-10 09:16 - 2019-02-01 10:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll

2018-06-10 09:16 - 2019-02-01 10:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll

2018-06-10 09:16 - 2019-02-01 10:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll

2018-06-10 09:16 - 2019-02-01 10:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll

2018-06-10 09:16 - 2019-02-01 10:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll

2018-06-10 09:16 - 2019-02-01 10:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll

2018-06-10 09:16 - 2019-02-01 10:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The &quot;AlternateShell&quot; will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService =&gt; &quot;&quot;=&quot;Service&quot;

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService =&gt; &quot;&quot;=&quot;Service&quot;

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\sarga.es -&gt; hxxps://intranet.sarga.es

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2019-01-04 17:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\

HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\Control Panel\Desktop\\Wallpaper -&gt; c:\windows\web\wallpaper\theme1\img1.jpg

DNS Servers: Media is not connected to internet.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =&gt; (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer =&gt; (SmartScreenEnabled: RequireAdmin)

HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers =&gt; ProviderFileName2 -&gt; ndptsp.tsp (No File)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: =&gt; &quot;GrooveMonitor&quot;

HKLM\...\StartupApproved\Run32: =&gt; &quot;SunJavaUpdateSched&quot;

HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\StartupApproved\Run: =&gt; &quot;DAEMON Tools Lite&quot;

HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\StartupApproved\Run: =&gt; &quot;Skype&quot;

HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\StartupApproved\Run: =&gt; &quot;GoogleChromeAutoLaunch_5CCD8EC5117D1CDF2610CF16937AAC21&quot;

HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\StartupApproved\Run: =&gt; &quot;OneDrive&quot;

HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\StartupApproved\Run: =&gt; &quot;OneDriveSetup&quot;

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{9E897409-8CF6-4849-BDF5-BF31E8092A07}C:\program files (x86)\mozilla firefox\firefox.exe] =&gt; (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -&gt; Mozilla Corporation)

FirewallRules: [TCP Query User{F9DA999F-3650-4361-AF7C-28D21DDF3BE3}C:\program files (x86)\mozilla firefox\firefox.exe] =&gt; (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -&gt; Mozilla Corporation)

FirewallRules: [{3B85DA39-2282-4E0C-AAF9-D739907D9124}] =&gt; (Allow) LPort=1688

FirewallRules: [{8ECE81EA-5BD0-4144-B8E0-46DB96B7E0CC}] =&gt; (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -&gt; Mozilla Corporation)

FirewallRules: [{07F4DFBB-C8B5-43A7-A6E3-3F7D292F46BE}] =&gt; (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -&gt; Mozilla Corporation)

FirewallRules: [{7EF198B0-0716-49CA-A8B3-6E93B7E2005B}] =&gt; (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -&gt; Mozilla Corporation)

FirewallRules: [{9DD648EE-7E8E-429B-BDF1-98CFAFF137D4}] =&gt; (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -&gt; Mozilla Corporation)

FirewallRules: [UDP Query User{9D7F2142-47B7-4FDC-B66A-E7945A932611}C:\users\vero\appdata\roaming\dropbox\bin\dropbox.exe] =&gt; (Allow) C:\users\vero\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -&gt; Dropbox, Inc.)

FirewallRules: [TCP Query User{0494A049-CA48-40C9-A320-28F1999A4E59}C:\users\vero\appdata\roaming\dropbox\bin\dropbox.exe] =&gt; (Allow) C:\users\vero\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -&gt; Dropbox, Inc.)

FirewallRules: [{2A84FAC9-615D-4B2F-ACB7-6E1FBAD81828}] =&gt; (Allow) C:\Users\Vero\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -&gt; Dropbox, Inc.)

FirewallRules: [{23240BE6-FBF3-4B01-BA35-A8A3EEFED82D}] =&gt; (Allow) C:\Users\Vero\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -&gt; Dropbox, Inc.)

FirewallRules: [TCP Query User{932656B2-9A26-4082-A137-7E1DA027A58A}C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe] =&gt; (Allow) C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe (Acresso Software Inc. -&gt; Acresso Software Inc.)

FirewallRules: [UDP Query User{B2BD968C-7917-43DF-9B8E-2D629086515B}C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe] =&gt; (Allow) C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe (Acresso Software Inc. -&gt; Acresso Software Inc.)

FirewallRules: [TCP Query User{547B328E-FEE0-4C11-9833-39868B214D02}C:\program files (x86)\esri\license\arcgis9x\arcgis.exe] =&gt; (Allow) C:\program files (x86)\esri\license\arcgis9x\arcgis.exe () [File not signed]

FirewallRules: [UDP Query User{40E8CD7E-4C07-45AC-83C9-EAFCABB1264C}C:\program files (x86)\esri\license\arcgis9x\arcgis.exe] =&gt; (Allow) C:\program files (x86)\esri\license\arcgis9x\arcgis.exe () [File not signed]

FirewallRules: [TCP Query User{E239C26A-7197-4CA9-8405-EF864A72487D}C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe] =&gt; (Block) C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe (Acresso Software Inc. -&gt; Acresso Software Inc.)

FirewallRules: [UDP Query User{7110C333-CA58-4012-A323-998441B5A4CE}C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe] =&gt; (Block) C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe (Acresso Software Inc. -&gt; Acresso Software Inc.)

FirewallRules: [TCP Query User{CA034D5A-B19F-4F51-907B-7BE69CCA4CA6}C:\program files (x86)\esri\license\arcgis9x\arcgis.exe] =&gt; (Allow) C:\program files (x86)\esri\license\arcgis9x\arcgis.exe () [File not signed]

FirewallRules: [UDP Query User{AE53E55D-D05A-423F-A237-DF6B8CFA7AD8}C:\program files (x86)\esri\license\arcgis9x\arcgis.exe] =&gt; (Allow) C:\program files (x86)\esri\license\arcgis9x\arcgis.exe () [File not signed]

FirewallRules: [{FE1A18FC-EC13-43F6-8632-9A77BA69EFEE}] =&gt; (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]

FirewallRules: [{DCA958C4-DF7F-4689-8CC3-7D9A57577F21}] =&gt; (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]

FirewallRules: [{B263537B-47F1-4D13-A938-D87F092B82D3}] =&gt; (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]

FirewallRules: [{B6DCB048-3704-45FB-BE15-874DF9D77101}] =&gt; (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]

FirewallRules: [{64CB7184-CC89-4339-9108-F86601B39DFC}] =&gt; (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -&gt; Microsoft Corporation)

FirewallRules: [{B9DC2931-EA33-4547-B8A0-986687AC350C}] =&gt; (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -&gt; Microsoft Corporation)

FirewallRules: [{CBE8843A-163E-4A87-AEB0-BB43AE226678}] =&gt; (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -&gt; Microsoft Corporation)

FirewallRules: [{C6FA8601-12BC-4C01-AD6C-8F65EAB9160F}] =&gt; (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -&gt; Microsoft Corporation)

FirewallRules: [TCP Query User{1A20410D-941D-4739-B99D-1B554F8D5A43}C:\program files (x86)\videolan\vlc\vlc.exe] =&gt; (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -&gt; VideoLAN)

FirewallRules: [UDP Query User{A10AB9A1-86B9-43D5-9177-0CEE1FAB4248}C:\program files (x86)\videolan\vlc\vlc.exe] =&gt; (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -&gt; VideoLAN)

FirewallRules: [{83A646A0-695B-4259-BA55-335A65962077}] =&gt; (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -&gt; Piriform Software Ltd)

FirewallRules: [{FDF4F760-C4BE-4B66-81E6-076031FAE606}] =&gt; (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -&gt; Piriform Software Ltd)

FirewallRules: [{3D9E094F-60AC-48BB-BDF1-B7B71BA3F905}] =&gt; (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -&gt; AVAST Software)

FirewallRules: [{6938F656-A760-432E-91ED-17B8C85E6001}] =&gt; (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -&gt; AVAST Software)

FirewallRules: [{50C5A389-3D4F-4F42-BCCA-93A8322F5DF3}] =&gt; (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -&gt; Google Inc.)

==================== Restore Points =========================

16-03-2019 09:39:04 trjan

16-03-2019 12:23:17 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (03/16/2019 11:56:10 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.648_none_fb45a0e93062a6d2.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.648_none_42f2d7c044decfd8.manifest.

Error: (03/15/2019 10:36:04 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.648_none_fb45a0e93062a6d2.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.648_none_42f2d7c044decfd8.manifest.

Error: (03/14/2019 11:02:53 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.648_none_fb45a0e93062a6d2.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.648_none_42f2d7c044decfd8.manifest.

Error: (03/10/2019 06:59:51 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.

Error: (03/10/2019 06:59:48 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.

Error: (03/10/2019 06:57:05 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.

Error: (03/10/2019 06:56:55 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.

Error: (03/10/2019 11:04:54 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.

System errors:

=============

Error: (03/16/2019 12:20:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio Sentinel no pudo iniciarse debido al siguiente error:

Windows no puede comprobar la firma digital en este archivo. Un cambio reciente en el hardware o en el software podría haber instalado un archivo con una firma incorrecta o dañada, o podría también tratarse de un software malintencionado proveniente de un origen desconocido.

Error: (03/16/2019 12:15:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio Sentinel no pudo iniciarse debido al siguiente error:

Windows no puede comprobar la firma digital en este archivo. Un cambio reciente en el hardware o en el software podría haber instalado un archivo con una firma incorrecta o dañada, o podría también tratarse de un software malintencionado proveniente de un origen desconocido.

Error: (03/16/2019 12:14:18 PM) (Source: DCOM) (EventID: 10010) (User: VeroPc)

Description: El servidor Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy!App no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/16/2019 12:14:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Windows Remediation Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (03/16/2019 12:14:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: El servicio SynTPEnh Caller Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/16/2019 12:14:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/16/2019 12:14:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: El servicio SpyHunter 5 Kernel Monitor se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/16/2019 12:09:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio Sentinel no pudo iniciarse debido al siguiente error:

Windows no puede comprobar la firma digital en este archivo. Un cambio reciente en el hardware o en el software podría haber instalado un archivo con una firma incorrecta o dañada, o podría también tratarse de un software malintencionado proveniente de un origen desconocido.

Windows Defender:

===================================

Date: 2018-10-12 12:57:35.669

Description:

El examen de Antivirus de Windows Defender se detuvo antes de completarse.

Id. de examen: {A269D6D7-C3A9-458B-89F1-993EF60504B4}

Tipo de examen: Antimalware

Parámetros de examen: Examen rápido

Usuario: NT AUTHORITY\SYSTEM

Date: 2018-10-09 19:01:00.803

Description:

El examen de Antivirus de Windows Defender se detuvo antes de completarse.

Id. de examen: {82B2C617-C752-48FE-B614-496BCC625C02}

Tipo de examen: Antimalware

Parámetros de examen: Examen rápido

Usuario: VeroPc\Vero

Date: 2018-10-09 19:00:12.053

Description:

Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.

Para obtener más información consulte lo siguiente:

https://go.microsoft.com/fwlink/?linkid=37020&amp;name=HackTool:Win64/AutoKMS&amp;threatid=2147723334&amp;enterprise=0

Nombre: HackTool:Win64/AutoKMS

Id.: 2147723334

Gravedad: Alta

Categoría: Herramienta

Ruta de acceso: file:_C:\Windows\SECOH-QAD.exe

Origen de detección: Equipo local

Tipo de detección: Concreto

Fuente de detección: Protección en tiempo real

Usuario: NT AUTHORITY\SYSTEM

Nombre de proceso: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

Versión de firma: AV: 1.277.822.0, AS: 1.277.822.0, NIS: 1.277.822.0

Versión de motor: AM: 1.1.15300.6, NIS: 1.1.15300.6

Date: 2018-10-09 18:56:40.442

Description:

Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.

Para obtener más información consulte lo siguiente:

https://go.microsoft.com/fwlink/?linkid=37020&amp;name=HackTool:Win64/AutoKMS&amp;threatid=2147723334&amp;enterprise=0

Nombre: HackTool:Win64/AutoKMS

Id.: 2147723334

Gravedad: Alta

Categoría: Herramienta

Ruta de acceso: file:_C:\Windows\SECOH-QAD.exe

Origen de detección: Equipo local

Tipo de detección: Concreto

Fuente de detección: Protección en tiempo real

Usuario: NT AUTHORITY\SYSTEM

Nombre de proceso: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

Versión de firma: AV: 1.277.822.0, AS: 1.277.822.0, NIS: 1.277.822.0

Versión de motor: AM: 1.1.15300.6, NIS: 1.1.15300.6

Date: 2018-10-09 18:55:38.116

Description:

Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.

Para obtener más información consulte lo siguiente:

https://go.microsoft.com/fwlink/?linkid=37020&amp;name=HackTool:Win64/AutoKMS&amp;threatid=2147723334&amp;enterprise=0

Nombre: HackTool:Win64/AutoKMS

Id.: 2147723334

Gravedad: Alta

Categoría: Herramienta

Ruta de acceso: file:_C:\Windows\SECOH-QAD.exe

Origen de detección: Equipo local

Tipo de detección: Concreto

Fuente de detección: Protección en tiempo real

Usuario: NT AUTHORITY\SYSTEM

Nombre de proceso: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

Versión de firma: AV: 1.277.822.0, AS: 1.277.822.0, NIS: 1.277.822.0

Versión de motor: AM: 1.1.15300.6, NIS: 1.1.15300.6

Date: 2019-03-16 12:22:14.223

Description:

Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.

Nueva versión de firma:

Versión de firma anterior: 1.277.989.0

Origen de actualización: Centro de protección contra malware de Microsoft

Tipo de firma: AntiVirus

Tipo de actualización: Completa

Usuario: NT AUTHORITY\Servicio de red

Versión de motor actual:

Versión de motor anterior: 1.1.15300.6

Código de error: 0x80072ee7

Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Date: 2019-03-16 12:22:14.223

Description:

Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.

Nueva versión de firma:

Versión de firma anterior: 1.277.989.0

Origen de actualización: Centro de protección contra malware de Microsoft

Tipo de firma: AntiSpyware

Tipo de actualización: Completa

Usuario: NT AUTHORITY\Servicio de red

Versión de motor actual:

Versión de motor anterior: 1.1.15300.6

Código de error: 0x80072ee7

Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Date: 2019-03-16 12:22:14.222

Description:

Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.

Nueva versión de firma:

Versión de firma anterior: 1.277.989.0

Origen de actualización: Centro de protección contra malware de Microsoft

Tipo de firma: AntiVirus

Tipo de actualización: Completa

Usuario: NT AUTHORITY\Servicio de red

Versión de motor actual:

Versión de motor anterior: 1.1.15300.6

Código de error: 0x80072ee7

Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Date: 2019-03-16 12:22:14.205

Description:

Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.

Nueva versión de firma:

Versión de firma anterior: 1.277.989.0

Origen de actualización: Centro de protección contra malware de Microsoft

Tipo de firma: AntiVirus

Tipo de actualización: Completa

Usuario: NT AUTHORITY\Servicio de red

Versión de motor actual:

Versión de motor anterior: 1.1.15300.6

Código de error: 0x80072ee7

Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Date: 2019-03-16 12:22:14.204

Description:

Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.

Nueva versión de firma:

Versión de firma anterior: 1.277.989.0

Origen de actualización: Centro de protección contra malware de Microsoft

Tipo de firma: AntiSpyware

Tipo de actualización: Completa

Usuario: NT AUTHORITY\Servicio de red

Versión de motor actual:

Versión de motor anterior: 1.1.15300.6

Código de error: 0x80072ee7

Descripción del error: No se pudo resolver el nombre de servidor o su dirección

CodeIntegrity:

===================================

Date: 2019-03-16 12:20:56.076

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-03-16 12:15:02.774

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-03-16 12:09:51.056

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-03-16 12:08:55.604

Description:

Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-16 12:08:55.335

Description:

Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-16 12:08:54.914

Description:

Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-16 12:08:54.534

Description:

Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-16 12:07:29.706

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz

Percentage of memory in use: 40%

Total physical RAM: 5814.71 MB

Available physical RAM: 3433.34 MB

Total Virtual: 6774.71 MB

Available Virtual: 4525.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.53 GB) (Free:20.23 GB) NTFS

\\?\Volume{74d61159-cb14-11e4-be65-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.34 GB) (Free:0.26 GB) NTFS

\\?\Volume{151e1625-0000-0000-0000-00b81b000000}\ () (Fixed) (Total:0.91 GB) (Free:0.45 GB) NTFS

==================== MBR &amp; Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 151E1625)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=110.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=936 MB) - (Type=27)

==================== End of Addition.txt ============================

#7

Muchísimas gracias por la ayuda. Y lo siento, que un code tenía una errata y no lo ha cogido bien. Error de novata!:blush:


#8

Hola.

Por lo del [code]…no te preocupes…ya lo arreglaré yo.

Mientras reviso los informes, por favor, desinstala SpyHunter para que NO interfiera en los próximos procedimientos que te mandaré.

Cuando lo hayas desinstalado nos lo indicas, gracias.

Saludos.


#9

Hola, programa desinstalado!


#10

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File
ContextMenuHandlers3: [UnlockerShellExtension] -&gt; [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} =&gt; -&gt; No File
Task: {0DB72CAF-1AAB-45B6-ACAF-EB006796348A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {124CF614-C885-4CC3-A416-E0BB880675DE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {129706D3-D636-4F62-8C71-4E4DC1196E40} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -&gt; No File &lt;==== ATTENTION
Task: {1575DEF9-F655-451B-9A7D-53668B7157A9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {2215C0F6-63F8-4EC2-BDF3-68D9D57921C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {24BF55DA-237D-42B8-B90A-393751E0D7FF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -&gt; No File &lt;==== ATTENTION
Task: {25F6568A-A3EF-48F4-8BDD-33D2E526F026} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2FA95764-C41D-442B-8838-25B5C4007FF0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {3A6C2628-DCC2-4929-9AC6-A64022137020} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3ABB4ED9-B889-4159-BC3F-DD373DF3E5A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -&gt; No File &lt;==== ATTENTION
Task: {41E4A630-B962-4564-A616-09F0B8D22310} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {474EDADC-E84E-4AAC-982F-A7657C84B49F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {48BF754A-6025-4D17-BED3-9769EDCB2E2D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4A69A3A1-C9C6-432A-A0DC-F402B66D5D5F} - \WPD\SqmUpload_S-1-5-21-2869096185-1707726864-3217315644-1001 -&gt; No File &lt;==== ATTENTION
Task: {5BB532DD-1880-427C-84F2-84D48B3F22C4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -&gt; No File &lt;==== ATTENTION
Task: {5EC206E1-3515-43F7-AF3E-A467F189258F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {720B5558-FBAF-4F06-95E3-245941F72704} - \Microsoft\Windows\Setup\gwx\rundetector -&gt; No File &lt;==== ATTENTION
Task: {7601D7FD-27F3-422B-925E-B3F27E3E7B04} - \Microsoft\Windows\UNP\RunCampaignManager -&gt; No File &lt;==== ATTENTION
Task: {7722A0EE-A466-40E8-A749-861409461773} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -&gt; No File &lt;==== ATTENTION
Task: {81458842-1ADD-4635-8118-34712AA1F616} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8BDCF252-5C66-4A22-BB45-EE04DF488556} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -&gt; No File &lt;==== ATTENTION
Task: {8C50D9A6-BE95-46B1-B60F-2A71D7C19552} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {9C01FA77-1C23-4EE4-BAF0-0B137B396841} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -&gt; No File &lt;==== ATTENTION
Task: {A5BD808F-1D33-4F4E-896B-B88CC1A270A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -&gt; No File &lt;==== ATTENTION
Task: {A807AAC8-E2F8-4260-87E1-F88D18904C5C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording =&gt; C:\WINDOWS\ehome\ehrec.exe
Task: {A8E7CE45-109C-484E-95DF-91C4492297CB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -&gt; No File &lt;==== ATTENTION
Task: {B26E128E-65D3-48B3-A7C1-9AC244D3AE6C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B99464D2-5748-4A55-B85E-FC6F0EFDA46B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3090918-B8E7-4C30-BDE4-AEBD5EE51B80} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry =&gt; C:\WINDOWS\ehome\MCUpdate.exe
Task: {D1E6D24E-F3B0-4D45-B1EE-9C9CC0010FA7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -&gt; No File &lt;==== ATTENTION
Task: {D7C8F56B-A10C-4F59-9C69-69157004F140} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {E8AB73BA-73D7-42CF-8CA3-10751DCB1723} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart =&gt; C:\WINDOWS\ehome\ehrec.exe
Task: {E94C11F8-A61F-493F-94B6-8515CCBB4AA7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E95505C6-872D-473D-AC2C-7692FF6D26A0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -&gt; No File &lt;==== ATTENTION
Task: {F0FB4C42-F6BC-4880-9EA8-4739BF982845} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -&gt; No File &lt;==== ATTENTION
Task: {F3D393C6-177D-4988-B420-3D31275CF599} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F51F1630-996E-4691-94A3-D20561D63098} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F854FCCC-E800-46C9-8D9D-27A54CC0FB70} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FAB69052-EB3C-44CF-8D90-3F104BDB56AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -&gt; No File &lt;==== ATTENTION
Task: {FDA7D4BE-D22C-4002-B62F-869962AAC39E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -&gt; No File &lt;==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\Run: [59c9f93e] => C:\ProgramData\59c9f93e\59c9f93e.exe C:\ProgramData\59c9f93e\59c9f93etest.au3
BootExecute: autocheck autochk * sdnclean64.exe
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [10191664 2019-03-10] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [539440 2019-03-10] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [69432 2019-03-16] (EnigmaSoft Limited -> EnigmaSoft Limited)
2019-03-10 20:37 - 2019-03-10 20:37 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2019-03-16 12:17 - 2019-03-16 12:21 - 000069432 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2019-03-16 12:14 - 2019-03-16 12:14 - 000000000 ____D C:\ProgramData\bVnHrt
2019-03-16 12:09 - 2019-03-16 12:09 - 000000000 ____D C:\ProgramData\vFrJrqLG
2019-03-16 12:20 - 2019-03-16 12:20 - 000000000 ____D C:\ProgramData\ZwbEgv
2019-03-10 20:37 - 2019-03-10 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2019-03-10 20:37 - 2019-03-10 20:37 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2019-03-10 20:36 - 2019-03-10 20:36 - 000000000 ____D C:\Program Files\EnigmaSoft
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.


#11

Muchas gracias por la ayuda, de verdad! sois unas máquinas!!!

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by Vero (16-03-2019 17:08:27) Run:1
Running from C:\Users\Vero\Desktop
Loaded Profiles: Vero (Available Profiles: Vero)
Boot Mode: Normal
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File
ContextMenuHandlers3: [UnlockerShellExtension] -&gt; [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} =&gt; -&gt; No File
Task: {0DB72CAF-1AAB-45B6-ACAF-EB006796348A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {124CF614-C885-4CC3-A416-E0BB880675DE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {129706D3-D636-4F62-8C71-4E4DC1196E40} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -&gt; No File &lt;==== ATTENTION
Task: {1575DEF9-F655-451B-9A7D-53668B7157A9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {2215C0F6-63F8-4EC2-BDF3-68D9D57921C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {24BF55DA-237D-42B8-B90A-393751E0D7FF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -&gt; No File &lt;==== ATTENTION
Task: {25F6568A-A3EF-48F4-8BDD-33D2E526F026} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2FA95764-C41D-442B-8838-25B5C4007FF0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {3A6C2628-DCC2-4929-9AC6-A64022137020} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3ABB4ED9-B889-4159-BC3F-DD373DF3E5A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -&gt; No File &lt;==== ATTENTION
Task: {41E4A630-B962-4564-A616-09F0B8D22310} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {474EDADC-E84E-4AAC-982F-A7657C84B49F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {48BF754A-6025-4D17-BED3-9769EDCB2E2D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4A69A3A1-C9C6-432A-A0DC-F402B66D5D5F} - \WPD\SqmUpload_S-1-5-21-2869096185-1707726864-3217315644-1001 -&gt; No File &lt;==== ATTENTION
Task: {5BB532DD-1880-427C-84F2-84D48B3F22C4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -&gt; No File &lt;==== ATTENTION
Task: {5EC206E1-3515-43F7-AF3E-A467F189258F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {720B5558-FBAF-4F06-95E3-245941F72704} - \Microsoft\Windows\Setup\gwx\rundetector -&gt; No File &lt;==== ATTENTION
Task: {7601D7FD-27F3-422B-925E-B3F27E3E7B04} - \Microsoft\Windows\UNP\RunCampaignManager -&gt; No File &lt;==== ATTENTION
Task: {7722A0EE-A466-40E8-A749-861409461773} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -&gt; No File &lt;==== ATTENTION
Task: {81458842-1ADD-4635-8118-34712AA1F616} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8BDCF252-5C66-4A22-BB45-EE04DF488556} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -&gt; No File &lt;==== ATTENTION
Task: {8C50D9A6-BE95-46B1-B60F-2A71D7C19552} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {9C01FA77-1C23-4EE4-BAF0-0B137B396841} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -&gt; No File &lt;==== ATTENTION
Task: {A5BD808F-1D33-4F4E-896B-B88CC1A270A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -&gt; No File &lt;==== ATTENTION
Task: {A807AAC8-E2F8-4260-87E1-F88D18904C5C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording =&gt; C:\WINDOWS\ehome\ehrec.exe
Task: {A8E7CE45-109C-484E-95DF-91C4492297CB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -&gt; No File &lt;==== ATTENTION
Task: {B26E128E-65D3-48B3-A7C1-9AC244D3AE6C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B99464D2-5748-4A55-B85E-FC6F0EFDA46B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3090918-B8E7-4C30-BDE4-AEBD5EE51B80} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry =&gt; C:\WINDOWS\ehome\MCUpdate.exe
Task: {D1E6D24E-F3B0-4D45-B1EE-9C9CC0010FA7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -&gt; No File &lt;==== ATTENTION
Task: {D7C8F56B-A10C-4F59-9C69-69157004F140} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {E8AB73BA-73D7-42CF-8CA3-10751DCB1723} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart =&gt; C:\WINDOWS\ehome\ehrec.exe
Task: {E94C11F8-A61F-493F-94B6-8515CCBB4AA7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E95505C6-872D-473D-AC2C-7692FF6D26A0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -&gt; No File &lt;==== ATTENTION
Task: {F0FB4C42-F6BC-4880-9EA8-4739BF982845} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -&gt; No File &lt;==== ATTENTION
Task: {F3D393C6-177D-4988-B420-3D31275CF599} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F51F1630-996E-4691-94A3-D20561D63098} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F854FCCC-E800-46C9-8D9D-27A54CC0FB70} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FAB69052-EB3C-44CF-8D90-3F104BDB56AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -&gt; No File &lt;==== ATTENTION
Task: {FDA7D4BE-D22C-4002-B62F-869962AAC39E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -&gt; No File &lt;==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\Run: [59c9f93e] => C:\ProgramData\59c9f93e\59c9f93e.exe C:\ProgramData\59c9f93e\59c9f93etest.au3
BootExecute: autocheck autochk * sdnclean64.exe
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [10191664 2019-03-10] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [539440 2019-03-10] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [69432 2019-03-16] (EnigmaSoft Limited -> EnigmaSoft Limited)
2019-03-10 20:37 - 2019-03-10 20:37 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2019-03-16 12:17 - 2019-03-16 12:21 - 000069432 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2019-03-16 12:14 - 2019-03-16 12:14 - 000000000 ____D C:\ProgramData\bVnHrt
2019-03-16 12:09 - 2019-03-16 12:09 - 000000000 ____D C:\ProgramData\vFrJrqLG
2019-03-16 12:20 - 2019-03-16 12:20 - 000000000 ____D C:\ProgramData\ZwbEgv
2019-03-10 20:37 - 2019-03-10 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2019-03-10 20:37 - 2019-03-10 20:37 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2019-03-10 20:36 - 2019-03-10 20:36 - 000000000 ____D C:\Program Files\EnigmaSoft
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Classes\CLSID\ShellIconOverlayIdentifiers-x32: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Classes\CLSID\ShellIconOverlayIdentifiers-x32: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Classes\CLSID\ShellIconOverlayIdentifiers-x32: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Classes\CLSID\ShellIconOverlayIdentifiers-x32: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Classes\CLSID\ShellIconOverlayIdentifiers-x32: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Classes\CLSID\ShellIconOverlayIdentifiers-x32: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Classes\CLSID\ShellIconOverlayIdentifiers-x32: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\ContextMenuHandlers3: [UnlockerShellExtension] -&gt; [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ContextMenuHandlers3: [UnlockerShellExtension] -&gt; [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} =&gt; -&gt; No File => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DB72CAF-1AAB-45B6-ACAF-EB006796348A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DB72CAF-1AAB-45B6-ACAF-EB006796348A}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{124CF614-C885-4CC3-A416-E0BB880675DE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{124CF614-C885-4CC3-A416-E0BB880675DE}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{129706D3-D636-4F62-8C71-4E4DC1196E40}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{129706D3-D636-4F62-8C71-4E4DC1196E40}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1575DEF9-F655-451B-9A7D-53668B7157A9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1575DEF9-F655-451B-9A7D-53668B7157A9}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2215C0F6-63F8-4EC2-BDF3-68D9D57921C9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2215C0F6-63F8-4EC2-BDF3-68D9D57921C9}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24BF55DA-237D-42B8-B90A-393751E0D7FF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24BF55DA-237D-42B8-B90A-393751E0D7FF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25F6568A-A3EF-48F4-8BDD-33D2E526F026}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25F6568A-A3EF-48F4-8BDD-33D2E526F026}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FA95764-C41D-442B-8838-25B5C4007FF0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FA95764-C41D-442B-8838-25B5C4007FF0}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A6C2628-DCC2-4929-9AC6-A64022137020}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A6C2628-DCC2-4929-9AC6-A64022137020}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3ABB4ED9-B889-4159-BC3F-DD373DF3E5A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3ABB4ED9-B889-4159-BC3F-DD373DF3E5A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41E4A630-B962-4564-A616-09F0B8D22310}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41E4A630-B962-4564-A616-09F0B8D22310}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{474EDADC-E84E-4AAC-982F-A7657C84B49F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{474EDADC-E84E-4AAC-982F-A7657C84B49F}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48BF754A-6025-4D17-BED3-9769EDCB2E2D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48BF754A-6025-4D17-BED3-9769EDCB2E2D}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A69A3A1-C9C6-432A-A0DC-F402B66D5D5F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A69A3A1-C9C6-432A-A0DC-F402B66D5D5F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BB532DD-1880-427C-84F2-84D48B3F22C4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BB532DD-1880-427C-84F2-84D48B3F22C4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EC206E1-3515-43F7-AF3E-A467F189258F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EC206E1-3515-43F7-AF3E-A467F189258F}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{720B5558-FBAF-4F06-95E3-245941F72704}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{720B5558-FBAF-4F06-95E3-245941F72704}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7601D7FD-27F3-422B-925E-B3F27E3E7B04}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7601D7FD-27F3-422B-925E-B3F27E3E7B04}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7722A0EE-A466-40E8-A749-861409461773}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7722A0EE-A466-40E8-A749-861409461773}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81458842-1ADD-4635-8118-34712AA1F616}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81458842-1ADD-4635-8118-34712AA1F616}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BDCF252-5C66-4A22-BB45-EE04DF488556}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BDCF252-5C66-4A22-BB45-EE04DF488556}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C50D9A6-BE95-46B1-B60F-2A71D7C19552}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C50D9A6-BE95-46B1-B60F-2A71D7C19552}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C01FA77-1C23-4EE4-BAF0-0B137B396841}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C01FA77-1C23-4EE4-BAF0-0B137B396841}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5BD808F-1D33-4F4E-896B-B88CC1A270A8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5BD808F-1D33-4F4E-896B-B88CC1A270A8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A807AAC8-E2F8-4260-87E1-F88D18904C5C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A807AAC8-E2F8-4260-87E1-F88D18904C5C}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording =&gt; C:\WINDOWS\ehome\ehrec.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording =&gt; C:\WINDOWS\ehome\ehrec.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8E7CE45-109C-484E-95DF-91C4492297CB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8E7CE45-109C-484E-95DF-91C4492297CB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B26E128E-65D3-48B3-A7C1-9AC244D3AE6C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B26E128E-65D3-48B3-A7C1-9AC244D3AE6C}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B99464D2-5748-4A55-B85E-FC6F0EFDA46B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99464D2-5748-4A55-B85E-FC6F0EFDA46B}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3090918-B8E7-4C30-BDE4-AEBD5EE51B80}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3090918-B8E7-4C30-BDE4-AEBD5EE51B80}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry =&gt; C:\WINDOWS\ehome\MCUpdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry =&gt; C:\WINDOWS\ehome\MCUpdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1E6D24E-F3B0-4D45-B1EE-9C9CC0010FA7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1E6D24E-F3B0-4D45-B1EE-9C9CC0010FA7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7C8F56B-A10C-4F59-9C69-69157004F140}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7C8F56B-A10C-4F59-9C69-69157004F140}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E8AB73BA-73D7-42CF-8CA3-10751DCB1723}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8AB73BA-73D7-42CF-8CA3-10751DCB1723}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart =&gt; C:\WINDOWS\ehome\ehrec.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart =&gt; C:\WINDOWS\ehome\ehrec.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E94C11F8-A61F-493F-94B6-8515CCBB4AA7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E94C11F8-A61F-493F-94B6-8515CCBB4AA7}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E95505C6-872D-473D-AC2C-7692FF6D26A0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E95505C6-872D-473D-AC2C-7692FF6D26A0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0FB4C42-F6BC-4880-9EA8-4739BF982845}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0FB4C42-F6BC-4880-9EA8-4739BF982845}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3D393C6-177D-4988-B420-3D31275CF599}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3D393C6-177D-4988-B420-3D31275CF599}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F51F1630-996E-4691-94A3-D20561D63098}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F51F1630-996E-4691-94A3-D20561D63098}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F854FCCC-E800-46C9-8D9D-27A54CC0FB70}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F854FCCC-E800-46C9-8D9D-27A54CC0FB70}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAB69052-EB3C-44CF-8D90-3F104BDB56AD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAB69052-EB3C-44CF-8D90-3F104BDB56AD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDA7D4BE-D22C-4002-B62F-869962AAC39E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDA7D4BE-D22C-4002-B62F-869962AAC39E}" => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\Software\Microsoft\Windows\CurrentVersion\Run\\59c9f93e" => removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
EsgShKernel => service not found.
ShMonitor => service not found.
EnigmaFileMonDriver => service not found.
"C:\Users\Public\Desktop\SpyHunter5.lnk" => not found
"C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys" => not found
C:\ProgramData\bVnHrt => moved successfully
C:\ProgramData\vFrJrqLG => moved successfully
C:\ProgramData\ZwbEgv => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft" => not found
"C:\ProgramData\EnigmaSoft Limited" => not found
"C:\Program Files\EnigmaSoft" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 3 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 4 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 4:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::7ce2:cd6e:c81d:b60b%20
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.13
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{446E9633-696F-4BD2-9289-D56EE559FD01} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18811154 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/drivers => 240539 B
Edge => 236544 B
Chrome => 105547824 B
Firefox => 30920852 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 7676274 B
systemprofile32 => 0 B
LocalService => 9222 B
LocalService => 0 B
NetworkService => 19486 B
NetworkService => 0 B
Vero => 53324520 B

RecycleBin => 0 B
EmptyTemp: => 216.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:11:37 ====

#12

Hola.

Imagino que tu problema ya NO aparece.??

APAGA totalmente el equipo y lo enciendes de nuevo, repitelo TRES veces seguidas y nos comentas como sigue tu problema para que te podamos dar los ultimo pasos que debes hacer.

Saludos.


#13

Hola, aparentemente no… la cpu no se pone a mil y parece que todo funciona con normalidad. Un millón de gracias por tu ayuda Javier!!!


#14

Perfecto :+1: excelente, nos alegra ver que ya está el problema inicial completamente arreglado, ahora solo queda eliminar las herramientas usadas.

Para hacerlo descarga :arrow_forward: DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.


Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos. :+1:

Tema Solucionado.

Saludos, Javier.


cerrado #15