Trojan.Autoit.CKU systeminfo.exe

Hola a todos! Soy nueva por aquí, espero explicarme correctamente. Desde hace unos días el ordenador funcionaba con la CPU casi al 100% hasta que abría el administrador de tareas, que bajaba de golpe. Probé con varios antivirus (malwarebytes entre ellos) y no detectaban nada, hasta que SpyHunter dio con él. Cada vez que inicia el PC detecta el Trojan.Autoit.CKU en C/users/vero/appdata/local/temp/systeminfo.exe {83810cf7b00943bdfa775107d70ae742}, lo pone en cuarentena pero sigue apareciendo con cada reinicio del sistema. ¿Cómo puedo eliminarlo por completo? Muchísimas gracias de antemano!!!

Buenas @fageda bienvenido al Foro.

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos Javier.

Hola Javier. Muchas gracias por tu rápida respuesta!

Copio los resultados:

  • Malwarebytes:

Malwarebytes

www.malwarebytes.com

-Detalles del registro-

Fecha del análisis: 16/3/19

Hora del análisis: 09:46

Archivo de registro: 1bcf854e-47e1-11e9-8aff-1c7508ac0dfe.json

-Información del software-

Versión: 3.7.1.2839

Versión de los componentes: 1.0.538

Versión del paquete de actualización: 1.0.9698

Licencia: Prueba

-Información del sistema-

SO: Windows 10 (Build 17134.648)

CPU: x64

Sistema de archivos: NTFS

Usuario: VeroPc\Vero

-Resumen del análisis-

Tipo de análisis: Análisis de amenazas

Análisis iniciado por:: Manual

Resultado: Completado

Objetos analizados: 389025

Amenazas detectadas: 0

Amenazas en cuarentena: 0

Tiempo transcurrido: 2 min, 5 seg

-Opciones de análisis-

Memoria: Activado

Inicio: Activado

Sistema de archivos: Activado

Archivo: Activado

Rootkits: Desactivado

Heurística: Activado

PUP: Detectar

PUM: Detectar

-Detalles del análisis-

Proceso: 0

(No hay elementos maliciosos detectados)

Módulo: 0

(No hay elementos maliciosos detectados)

Clave del registro: 0

(No hay elementos maliciosos detectados)

Valor del registro: 0

(No hay elementos maliciosos detectados)

Datos del registro: 0

(No hay elementos maliciosos detectados)

Secuencia de datos: 0

(No hay elementos maliciosos detectados)

Carpeta: 0

(No hay elementos maliciosos detectados)

Archivo: 0

(No hay elementos maliciosos detectados)

Sector físico: 0

(No hay elementos maliciosos detectados)

WMI: 0

(No hay elementos maliciosos detectados)

(end)
  • AdwCleaner:

# -------------------------------

# Malwarebytes AdwCleaner 7.2.7.0

# -------------------------------

# Build: 01-30-2019

# Database: 2019-01-25.2 (Local)

# Support: https://www.malwarebytes.com/support

#

# -------------------------------

# Mode: Scan

# -------------------------------

# Start: 03-16-2019

# Duration: 00:00:23

# OS: Windows 10 Pro

# Scanned: 31769

# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

AdwCleaner[S00].txt - [2243 octets] - [10/06/2018 10:41:48]

AdwCleaner[C00].txt - [2011 octets] - [10/06/2018 10:42:07]

AdwCleaner[S01].txt - [1424 octets] - [10/06/2018 10:55:38]

AdwCleaner[C01].txt - [1572 octets] - [10/06/2018 11:01:27]

AdwCleaner[S02].txt - [1547 octets] - [16/03/2019 12:13:32]

AdwCleaner[C02].txt - [1713 octets] - [16/03/2019 12:14:17]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########
  • Junkware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.4 (07.09.2017)

Operating System: Windows 10 Enterprise x64

Ran by Vero (Administrator) on 16/03/2019 at 12:23:16.05

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\WINDOWS\wininit.ini (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 16/03/2019 at 12:26:40.77

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.03.2019 01
Ran by Vero (administrator) on VEROPC (16-03-2019 12:27:37)
Running from C:\Users\Vero\Desktop
Loaded Profiles: Vero (Available Profiles: Vero)
Platform: Windows 10 Pro Version 1803 17134.648 (X64) Language: Español (España, internacional)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\WINWORD.EXE
(Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator\FoxitProxyServer_Socket_RD.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19646312 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\Run: [59c9f93e] => C:\ProgramData\59c9f93e\59c9f93e.exe C:\ProgramData\59c9f93e\59c9f93etest.au3
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-05] (Google LLC -> Google Inc.)
Startup: C:\Users\Vero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2019-03-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Vero\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f06f3a44-81cc-4ef7-a2f6-ad4a9267ec3c}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2019-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2019-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-03-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-08] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: c3nf4kus.default
FF ProfilePath: C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default [2019-03-16]
FF Homepage: Mozilla\Firefox\Profiles\c3nf4kus.default -> hxxp://google.es/
FF Session Restore: Mozilla\Firefox\Profiles\c3nf4kus.default -> is enabled.
FF Extension: (MEGA) - C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default\Extensions\[email protected] [2019-03-16] [UpdateUrl:hxxps://eu.static.mega.co.nz/3/firefox-web-extension-updates.json]
FF Extension: (signTextJS plus) - C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default\Extensions\[email protected] [2018-07-14]
FF Extension: (Avast Passwords) - C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default\Extensions\[email protected] [2019-01-31] [UpdateUrl:hxxps://pamcdn.avast.com/pamcdn/extensions/firefox/update.json]
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default\Extensions\[email protected] [2019-02-08]
FF Extension: (Avast Online Security) - C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default\Extensions\[email protected] [2019-01-31]
FF Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-03-16]
FF Extension: (Auto Unload Tab) - C:\Users\Vero\AppData\Roaming\Mozilla\Firefox\Profiles\c3nf4kus.default\Extensions\{d3c46ca0-999d-11da-a72b-0800200c9a66}.xpi [2016-12-25] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-23] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-23] (Adobe Systems Incorporated -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-10-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-22] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-22] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://portalempleado.aragon.es/portal/page?_pageid=193,1&_dad=portal&_schema=PORTAL","hxxps://www.google.com/calendar/render?tab=mc","hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxps://mail.google.com/mail/?hl%3Des&ss=1&scc=1&ltmpl=default&ltmplcache=2&hl=es"
CHR NewTab: Default ->  Active:"chrome-extension://bhloflhklmhfpedakmangadcdofhnnoh/index.html"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default [2019-03-16]
CHR Extension: (Presentaciones) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-08]
CHR Extension: (Documentos) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-08]
CHR Extension: (Google Drive) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-04]
CHR Extension: (Earth View from Google Earth) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhloflhklmhfpedakmangadcdofhnnoh [2019-03-05]
CHR Extension: (YouTube) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-04]
CHR Extension: (AceProject) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnilfhgoncpjoccagknfhhepbocjpmkm [2015-07-08]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-03-14]
CHR Extension: (Búsqueda de Google) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-04]
CHR Extension: (Dropbox para Gmail) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2019-02-07]
CHR Extension: (Gmail sin conexión) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-03-18]
CHR Extension: (Chris Delbuck) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\elgfababjopgjalkgbfndlempbfdiecf [2015-03-18]
CHR Extension: (¿Qué cocino hoy?) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\enadeelnincmhhilgbiphjbjnnagnhmh [2015-03-18]
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-07]
CHR Extension: (Hojas de cálculo) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-08]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-14]
CHR Extension: (AdBlock) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-27]
CHR Extension: (Avast Online Security) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-02-18]
CHR Extension: (PDF Mergy - Merge PDF files) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2017-11-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-22]
CHR Extension: (Project Naptha) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2018-09-22]
CHR Extension: (Email tracking para Gmail - Mailtrack) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2019-03-14]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Vero\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-22]
CHR HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ArcGIS License Manager; C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe [1431440 2008-08-02] (Acresso Software Inc. -> Acresso Software Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6758976 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357304 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd -> Disc Soft Ltd)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [10191664 2019-03-10] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737560 2019-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [539440 2019-03-10] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2017-01-17] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-10-09] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-10-09] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [225680 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196072 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320696 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57960 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [249672 2019-02-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167304 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034432 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474456 2019-02-18] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216784 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [379952 2019-03-11] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2015-03-15] (Disc Soft Ltd -> Disc Soft Ltd)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [69432 2019-03-16] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [12311776 2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-16] (Malwarebytes Corporation -> Malwarebytes)
S2 Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL64.SYS [141888 2006-04-20] (SafeNet, Inc. -> SafeNet, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-10-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [352424 2018-10-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60584 2018-10-09] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-16 12:26 - 2019-03-16 12:26 - 000000606 _____ C:\Users\Vero\Desktop\JRT.txt
2019-03-16 12:20 - 2019-03-16 12:20 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-16 12:20 - 2019-03-16 12:20 - 000000000 ____D C:\ProgramData\ZwbEgv
2019-03-16 12:17 - 2019-03-16 12:21 - 000069432 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2019-03-16 12:14 - 2019-03-16 12:14 - 000000000 ____D C:\ProgramData\bVnHrt
2019-03-16 12:09 - 2019-03-16 12:09 - 000000000 ____D C:\ProgramData\vFrJrqLG
2019-03-16 12:03 - 2019-03-16 12:03 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-16 12:03 - 2019-03-16 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-16 12:03 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-16 12:03 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-16 12:01 - 2019-03-16 12:01 - 000008166 _____ C:\Users\Vero\Desktop\cc_20190316_120111.reg
2019-03-16 11:58 - 2019-03-16 11:58 - 002433536 _____ (Farbar) C:\Users\Vero\Desktop\FRST64 (1).exe
2019-03-16 11:57 - 2019-03-16 11:57 - 007316688 _____ (Malwarebytes) C:\Users\Vero\Desktop\adwcleaner_7.2.7.0.exe
2019-03-16 11:57 - 2019-03-16 11:57 - 001790024 _____ (Malwarebytes) C:\Users\Vero\Desktop\JRT.exe
2019-03-16 11:56 - 2019-03-16 11:57 - 062171224 _____ (Malwarebytes ) C:\Users\Vero\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9698.exe
2019-03-16 11:56 - 2019-03-16 11:56 - 021205512 _____ (Piriform Software Ltd) C:\Users\Vero\Desktop\ccsetup555.exe
2019-03-15 22:37 - 2019-03-15 22:37 - 000002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2019-03-15 22:37 - 2019-03-15 22:37 - 000002283 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2019-03-12 19:47 - 2019-03-06 16:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-12 19:47 - 2019-03-06 16:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-12 19:47 - 2019-03-06 16:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-12 19:47 - 2019-03-06 16:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-12 19:47 - 2019-03-06 16:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-12 19:47 - 2019-03-06 16:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-12 19:47 - 2019-03-06 16:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-12 19:47 - 2019-03-06 16:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-12 19:47 - 2019-03-06 16:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-12 19:47 - 2019-03-06 16:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-12 19:47 - 2019-03-06 16:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-12 19:47 - 2019-03-06 16:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-12 19:47 - 2019-03-06 16:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-12 19:47 - 2019-03-06 16:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-12 19:47 - 2019-03-06 16:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-12 19:47 - 2019-03-06 16:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-12 19:47 - 2019-03-06 13:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-12 19:47 - 2019-03-06 13:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-12 19:47 - 2019-03-06 13:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-12 19:47 - 2019-03-06 13:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-12 19:47 - 2019-03-06 13:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-12 19:47 - 2019-03-06 13:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-12 19:47 - 2019-03-06 13:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-12 19:47 - 2019-03-06 13:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-12 19:47 - 2019-03-06 13:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-12 19:47 - 2019-03-06 12:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-12 19:47 - 2019-03-06 10:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-12 19:47 - 2019-03-06 10:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-12 19:47 - 2019-03-06 10:16 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-12 19:47 - 2019-03-06 10:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-12 19:47 - 2019-03-06 10:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-12 19:47 - 2019-03-06 10:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-12 19:47 - 2019-03-06 10:16 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-12 19:47 - 2019-03-06 10:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-12 19:47 - 2019-03-06 10:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-12 19:47 - 2019-03-06 10:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-12 19:47 - 2019-03-06 10:07 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-12 19:47 - 2019-03-06 10:07 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-12 19:47 - 2019-03-06 10:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-12 19:47 - 2019-03-06 10:06 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-12 19:47 - 2019-03-06 10:06 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-03-12 19:47 - 2019-03-06 10:06 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-03-12 19:47 - 2019-03-06 10:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-12 19:47 - 2019-03-06 10:05 - 000436240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-12 19:47 - 2019-03-06 10:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-12 19:47 - 2019-03-06 10:04 - 002765856 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-12 19:47 - 2019-03-06 10:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-12 19:47 - 2019-03-06 10:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-12 19:47 - 2019-03-06 10:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-12 19:47 - 2019-03-06 10:03 - 002719544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-12 19:47 - 2019-03-06 10:03 - 002465784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-12 19:47 - 2019-03-06 10:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-12 19:47 - 2019-03-06 10:03 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-03-12 19:47 - 2019-03-06 10:03 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-12 19:47 - 2019-03-06 10:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-12 19:47 - 2019-03-06 10:02 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-12 19:47 - 2019-03-06 10:02 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-12 19:47 - 2019-03-06 10:02 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-12 19:47 - 2019-03-06 10:02 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-12 19:47 - 2019-03-06 10:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-12 19:47 - 2019-03-06 09:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-12 19:47 - 2019-03-06 09:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-12 19:47 - 2019-03-06 09:36 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-12 19:47 - 2019-03-06 09:34 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-12 19:47 - 2019-03-06 09:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-12 19:47 - 2019-03-06 09:32 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-12 19:47 - 2019-03-06 09:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-12 19:47 - 2019-03-06 09:32 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2019-03-12 19:47 - 2019-03-06 09:32 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2019-03-12 19:47 - 2019-03-06 09:31 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-12 19:47 - 2019-03-06 09:31 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-03-12 19:47 - 2019-03-06 09:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-12 19:47 - 2019-03-06 09:31 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-03-12 19:47 - 2019-03-06 09:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-12 19:47 - 2019-03-06 09:29 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-12 19:47 - 2019-03-06 09:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-12 19:47 - 2019-03-06 09:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-12 19:47 - 2019-03-06 09:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-12 19:47 - 2019-03-06 09:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-12 19:47 - 2019-03-06 09:27 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-12 19:47 - 2019-03-06 09:27 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-12 19:47 - 2019-03-06 09:27 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-12 19:47 - 2019-03-06 09:27 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-12 19:47 - 2019-03-06 09:26 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-12 19:47 - 2019-03-06 09:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-12 19:47 - 2019-03-06 09:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-12 19:47 - 2019-03-06 09:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-12 19:47 - 2019-03-06 08:08 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-03-12 19:47 - 2019-03-06 07:17 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-12 19:47 - 2019-03-06 07:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-12 19:47 - 2019-03-06 07:15 - 002253488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-12 19:47 - 2019-03-06 07:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-12 19:47 - 2019-03-06 07:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-12 19:47 - 2019-03-06 07:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-12 19:47 - 2019-03-06 07:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-12 19:47 - 2019-03-06 07:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-12 19:47 - 2019-03-06 07:14 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-12 19:47 - 2019-03-06 07:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-12 19:47 - 2019-03-06 07:05 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-12 19:47 - 2019-03-06 06:56 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-12 19:47 - 2019-03-06 06:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-12 19:47 - 2019-03-06 06:53 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-12 19:47 - 2019-03-06 06:52 - 005790720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-12 19:47 - 2019-03-06 06:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-12 19:47 - 2019-03-06 06:52 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-12 19:47 - 2019-03-06 06:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-12 19:47 - 2019-03-06 06:51 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-12 19:47 - 2019-03-06 06:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-12 19:47 - 2019-03-06 06:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-12 19:47 - 2019-03-06 06:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-12 19:47 - 2019-03-06 06:50 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-12 19:47 - 2019-03-06 06:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-12 19:47 - 2019-03-06 06:49 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-12 19:47 - 2019-03-06 06:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-03-12 19:47 - 2019-03-06 06:48 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-12 19:47 - 2019-03-06 06:48 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-12 19:47 - 2019-02-21 04:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-12 19:47 - 2019-02-16 14:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-12 19:47 - 2019-02-16 14:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-12 19:47 - 2019-02-16 14:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-12 19:47 - 2019-02-16 14:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-12 19:47 - 2019-02-16 14:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-12 19:47 - 2019-02-16 14:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-12 19:47 - 2019-02-16 14:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-12 19:47 - 2019-02-16 14:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-12 19:47 - 2019-02-16 14:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 002266936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 001786672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 001627448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 001424696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000954168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-12 19:47 - 2019-02-16 13:57 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000399672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000257848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000231224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2019-03-12 19:47 - 2019-02-16 13:57 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2019-03-12 19:47 - 2019-02-16 13:57 - 000183608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mavinject.exe
2019-03-12 19:47 - 2019-02-16 13:57 - 000180528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2019-03-12 19:47 - 2019-02-16 13:57 - 000172856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2019-03-12 19:47 - 2019-02-16 13:57 - 000034104 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2019-03-12 19:47 - 2019-02-16 13:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-12 19:47 - 2019-02-16 13:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-12 19:47 - 2019-02-16 13:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-12 19:47 - 2019-02-16 13:36 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-03-12 19:47 - 2019-02-16 13:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-12 19:47 - 2019-02-16 13:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-12 19:47 - 2019-02-16 13:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-12 19:47 - 2019-02-16 13:33 - 002194432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2019-03-12 19:47 - 2019-02-16 13:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-12 19:47 - 2019-02-16 13:32 - 003646976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-03-12 19:47 - 2019-02-16 13:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-12 19:47 - 2019-02-16 13:32 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2019-03-12 19:47 - 2019-02-16 13:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-12 19:47 - 2019-02-16 13:31 - 001186816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2019-03-12 19:47 - 2019-02-16 13:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-12 19:47 - 2019-02-16 13:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-12 19:47 - 2019-02-16 13:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-12 19:47 - 2019-02-16 13:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-12 19:47 - 2019-02-16 13:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-12 19:47 - 2019-02-16 13:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-12 19:47 - 2019-02-16 13:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-12 19:47 - 2019-02-16 13:25 - 001539896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-03-12 19:47 - 2019-02-16 13:25 - 000148784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mavinject.exe
2019-03-12 19:47 - 2019-02-16 13:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-12 19:47 - 2019-02-16 13:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-12 19:47 - 2019-02-16 13:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-12 19:47 - 2019-02-16 13:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-12 19:47 - 2019-02-16 13:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-12 19:47 - 2019-02-16 13:06 - 002890752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-03-12 19:47 - 2019-02-16 13:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-12 19:47 - 2019-02-16 13:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-12 19:47 - 2019-02-16 13:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-12 19:47 - 2019-02-16 13:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-12 19:47 - 2019-02-16 13:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-12 19:47 - 2019-02-16 13:02 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAppMonitor.exe
2019-03-12 19:47 - 2019-02-16 12:55 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Common.dll
2019-03-12 19:47 - 2019-02-16 11:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-12 19:47 - 2019-02-16 11:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-12 19:47 - 2019-02-16 09:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-12 19:47 - 2019-02-16 09:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-12 19:47 - 2019-02-16 09:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-12 19:47 - 2019-02-16 09:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-12 19:47 - 2019-02-16 09:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-12 19:47 - 2019-02-16 09:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-12 19:47 - 2019-02-16 09:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-12 19:47 - 2019-02-16 09:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-12 19:47 - 2019-02-16 09:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-12 19:47 - 2019-02-16 09:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-12 19:47 - 2019-02-16 09:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-12 19:47 - 2019-02-16 09:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-12 19:47 - 2019-02-16 09:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-12 19:47 - 2019-02-16 09:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-12 19:47 - 2019-02-16 09:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-12 19:47 - 2019-02-16 09:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-12 19:47 - 2019-02-16 09:01 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 000735464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-12 19:47 - 2019-02-16 09:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 000480840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-12 19:47 - 2019-02-16 09:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-12 19:47 - 2019-02-16 08:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-12 19:47 - 2019-02-16 08:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-12 19:47 - 2019-02-16 08:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-12 19:47 - 2019-02-16 08:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-12 19:47 - 2019-02-16 08:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-12 19:47 - 2019-02-16 08:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-12 19:47 - 2019-02-16 08:50 - 001171336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-12 19:47 - 2019-02-16 08:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-12 19:47 - 2019-02-16 08:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-12 19:47 - 2019-02-16 08:50 - 000560384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-03-12 19:47 - 2019-02-16 08:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-12 19:47 - 2019-02-16 08:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-12 19:47 - 2019-02-16 08:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-12 19:47 - 2019-02-16 08:36 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-03-12 19:47 - 2019-02-16 08:35 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-12 19:47 - 2019-02-16 08:35 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-12 19:47 - 2019-02-16 08:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-12 19:47 - 2019-02-16 08:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-03-12 19:47 - 2019-02-16 08:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-03-12 19:47 - 2019-02-16 08:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-12 19:47 - 2019-02-16 08:33 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-03-12 19:47 - 2019-02-16 08:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-12 19:47 - 2019-02-16 08:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-12 19:47 - 2019-02-16 08:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-12 19:47 - 2019-02-16 08:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-03-12 19:47 - 2019-02-16 08:32 - 002969088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-12 19:47 - 2019-02-16 08:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-12 19:47 - 2019-02-16 08:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-12 19:47 - 2019-02-16 08:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-12 19:47 - 2019-02-16 08:31 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-12 19:47 - 2019-02-16 08:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-12 19:47 - 2019-02-16 08:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-12 19:47 - 2019-02-16 08:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-12 19:47 - 2019-02-16 08:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-12 19:47 - 2019-02-16 08:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-12 19:47 - 2019-02-16 08:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-12 19:47 - 2019-02-16 08:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-12 19:47 - 2019-02-16 08:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-12 19:47 - 2019-02-16 08:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-12 19:47 - 2019-02-16 08:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-12 19:47 - 2019-02-16 08:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-12 19:47 - 2019-02-16 08:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-12 19:47 - 2019-02-16 08:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-12 19:47 - 2019-02-16 08:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-12 19:47 - 2019-02-16 08:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-12 19:47 - 2019-02-16 08:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-12 19:47 - 2019-02-16 08:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-12 19:47 - 2019-02-16 08:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-12 19:47 - 2019-02-16 08:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-12 19:47 - 2019-02-16 08:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-12 19:47 - 2019-02-16 08:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-12 19:47 - 2019-02-16 08:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-12 19:47 - 2019-02-16 08:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-12 19:47 - 2019-02-16 08:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-12 19:47 - 2019-02-16 08:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-12 19:47 - 2019-02-16 08:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-03-11 19:17 - 2019-03-11 19:27 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-03-11 19:17 - 2019-03-11 19:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2019-03-10 21:08 - 2019-03-10 21:08 - 000000000 ____D C:\ProgramData\zSUpptDj
2019-03-10 20:37 - 2019-03-10 20:37 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2019-03-10 20:37 - 2019-03-10 20:37 - 000000000 ____D C:\sh5ldr
2019-03-10 20:37 - 2019-03-10 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2019-03-10 20:37 - 2019-03-10 20:37 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2019-03-10 20:36 - 2019-03-10 20:36 - 000000000 ____D C:\Program Files\EnigmaSoft
2019-03-10 18:50 - 2019-03-10 18:53 - 000055376 _____ C:\Users\Vero\Desktop\Addition.txt
2019-03-10 18:47 - 2019-03-16 12:29 - 000022497 _____ C:\Users\Vero\Desktop\FRST.txt
2019-03-10 18:47 - 2019-03-16 12:27 - 000000000 ____D C:\FRST
2019-03-10 18:45 - 2019-03-10 18:45 - 002434560 _____ (Farbar) C:\Users\Vero\Desktop\FRST64.exe
2019-03-10 11:37 - 2019-03-10 18:58 - 000000000 ____D C:\Users\Vero\Doctor Web
2019-03-10 11:37 - 2019-03-10 11:37 - 000000000 ____D C:\ProgramData\Doctor Web
2019-03-10 11:04 - 2019-03-10 11:36 - 185028216 _____ C:\Users\Vero\Downloads\cureit.exe
2019-03-10 09:46 - 2019-03-10 09:46 - 002870984 _____ (ESET) C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe
2019-03-10 09:46 - 2019-03-10 09:46 - 000000000 ____D C:\Program Files (x86)\ESET
2019-03-07 20:04 - 2019-03-07 20:04 - 000000000 ____D C:\Users\Vero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-02-18 21:05 - 2019-02-06 08:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-18 21:05 - 2019-02-06 08:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-18 21:05 - 2019-02-06 04:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-18 21:05 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-18 21:05 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-18 21:05 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-18 21:05 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-18 21:05 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-18 21:05 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-18 21:05 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-18 21:04 - 2019-02-06 08:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-18 21:04 - 2019-02-06 04:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-18 21:04 - 2019-02-06 04:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-18 21:04 - 2019-02-06 04:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-18 21:04 - 2019-02-06 04:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-18 21:04 - 2019-02-06 04:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-18 21:04 - 2019-02-06 03:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-18 21:04 - 2019-02-06 03:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-18 21:04 - 2019-02-06 03:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-18 21:04 - 2019-02-06 03:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-18 21:04 - 2019-02-06 03:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-18 21:04 - 2019-02-06 03:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-18 21:04 - 2019-02-06 03:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-18 21:04 - 2019-02-06 03:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-18 21:04 - 2019-02-06 03:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-18 21:04 - 2019-01-12 03:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-18 21:04 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-18 21:04 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-18 21:04 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-18 21:04 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-18 21:04 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-18 21:04 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-18 21:04 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-18 21:04 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-18 21:04 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-18 21:04 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-18 21:04 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-18 21:04 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-18 21:04 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-18 21:04 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-18 21:04 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-18 21:04 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-18 21:04 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-18 21:04 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-18 21:04 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-18 21:04 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-18 21:04 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-18 21:04 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-18 21:04 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-18 21:04 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-18 21:04 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-18 21:04 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-18 21:04 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-18 21:04 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-18 21:04 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-18 21:04 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-18 21:04 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-18 21:04 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-18 21:04 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-18 21:04 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-18 21:04 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-18 21:04 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-18 21:04 - 2019-01-08 04:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-18 21:04 - 2019-01-08 04:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-18 20:37 - 2019-02-18 20:37 - 000249672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-16 12:29 - 2018-05-27 10:56 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-03-16 12:29 - 2018-05-27 10:56 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-03-16 12:27 - 2018-05-27 10:57 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-16 12:27 - 2018-04-12 17:19 - 000787744 _____ C:\WINDOWS\system32\perfh00A.dat
2019-03-16 12:27 - 2018-04-12 17:19 - 000155340 _____ C:\WINDOWS\system32\perfc00A.dat
2019-03-16 12:27 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-16 12:21 - 2017-12-21 11:37 - 000000000 ____D C:\Users\Vero\AppData\Local\AVAST Software
2019-03-16 12:21 - 2015-03-18 17:44 - 000000000 ___RD C:\Users\Vero\Dropbox
2019-03-16 12:20 - 2018-05-27 10:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-16 12:20 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-03-16 12:20 - 2016-11-22 07:12 - 000000000 ____D C:\Users\Vero\AppData\LocalLow\Mozilla
2019-03-16 12:17 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-16 12:03 - 2018-06-10 09:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-16 12:03 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-16 11:49 - 2018-05-27 10:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-16 09:32 - 2016-11-10 18:14 - 000001012 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001UA1d23b75e473373c.job
2019-03-16 09:32 - 2016-11-10 18:14 - 000000960 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001Core1d23b75e469aba5.job
2019-03-16 09:24 - 2018-05-29 21:24 - 000000000 ____D C:\Users\Vero\AppData\Roaming\a975240ebdddbed4a27eaf27b1a1f621
2019-03-15 22:37 - 2018-02-14 19:56 - 000000000 ____D C:\Program Files\Google
2019-03-15 22:37 - 2015-03-15 14:40 - 000000000 ____D C:\Program Files (x86)\Google
2019-03-15 00:05 - 2018-09-22 09:03 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-03-15 00:05 - 2018-06-03 09:33 - 000003782 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-03-15 00:05 - 2018-05-27 10:56 - 000003722 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001UA1d23b75e473373c
2019-03-15 00:05 - 2018-05-27 10:56 - 000003548 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-15 00:05 - 2018-05-27 10:56 - 000003454 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001Core1d23b75e469aba5
2019-03-15 00:05 - 2018-05-27 10:56 - 000003324 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-15 00:05 - 2018-05-27 10:56 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-03-15 00:05 - 2018-05-27 10:56 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-03-14 21:17 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-14 20:57 - 2015-03-18 18:27 - 000000000 ____D C:\Users\Vero\AppData\Roaming\qBittorrent
2019-03-14 19:04 - 2012-07-26 06:26 - 000000167 _____ C:\WINDOWS\win.ini
2019-03-14 18:58 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-14 17:44 - 2018-01-24 17:18 - 000000000 ____D C:\Users\Vero\AppData\Local\Packages
2019-03-13 15:56 - 2018-05-27 10:46 - 000479032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-13 15:55 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-13 15:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-03-13 15:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-13 15:54 - 2018-04-12 17:24 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-03-13 15:54 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-03-13 15:54 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-13 15:54 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-13 15:54 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-03-13 15:54 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-13 15:52 - 2015-03-15 15:47 - 000000000 ____D C:\Program Files\WinRAR
2019-03-12 19:51 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-12 19:46 - 2015-03-15 16:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-12 19:42 - 2015-03-15 16:46 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-03-12 18:54 - 2015-03-15 15:47 - 000000000 ____D C:\Users\Vero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-12 18:54 - 2015-03-15 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-11 19:05 - 2018-05-27 10:48 - 000000000 ____D C:\Users\Vero
2019-03-11 19:05 - 2016-11-21 21:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-03-11 19:05 - 2015-04-07 19:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-11 19:03 - 2018-05-27 09:29 - 000379952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-03-09 11:32 - 2017-12-21 17:35 - 000000000 ____D C:\ProgramData\Foxit Software
2019-03-08 17:10 - 2015-04-11 08:40 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-03-08 17:10 - 2015-04-11 08:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-03-08 17:09 - 2018-03-20 08:23 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-03-08 17:09 - 2015-04-11 08:39 - 000000000 ____D C:\Program Files (x86)\Java
2019-03-07 20:47 - 2015-04-07 19:13 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-03-07 20:05 - 2015-03-18 17:37 - 000000000 ____D C:\Users\Vero\AppData\Roaming\Dropbox
2019-03-05 20:01 - 2017-03-13 10:49 - 000014577 _____ C:\Users\Vero\Desktop\GASTOS_SAN_FCO.xlsx
2019-03-05 19:40 - 2017-08-30 11:12 - 000000000 ____D C:\Program Files\rempl
2019-03-05 19:36 - 2015-03-15 14:51 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-03 17:54 - 2018-09-14 18:46 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-03 17:54 - 2018-09-14 18:46 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-27 18:41 - 2015-03-22 14:46 - 000000000 ___RD C:\Users\Vero\Google Drive
2019-02-22 18:05 - 2018-09-22 09:02 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-20 19:41 - 2016-09-25 08:24 - 000000000 ____D C:\Program Files\CCleaner
2019-02-18 21:54 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-18 21:54 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-18 20:38 - 2018-05-27 09:29 - 000474456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

==================== Files in the root of some directories =======

2015-03-19 17:47 - 2015-05-08 17:30 - 000007594 _____ () C:\Users\Vero\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-27 10:46

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.03.2019 01

Ran by Vero (16-03-2019 12:29:53)

Running from C:\Users\Vero\Desktop

Windows 10 Pro Version 1803 17134.648 (X64) (2018-05-27 09:56:44)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrador (S-1-5-21-2869096185-1707726864-3217315644-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2869096185-1707726864-3217315644-503 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2869096185-1707726864-3217315644-1003 - Limited - Enabled)

Invitado (S-1-5-21-2869096185-1707726864-3217315644-501 - Limited - Disabled)

Vero (S-1-5-21-2869096185-1707726864-3217315644-1001 - Administrator - Enabled) =&gt; C:\Users\Vero

WDAGUtilityAccount (S-1-5-21-2869096185-1707726864-3217315644-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with &quot;Hidden&quot; flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated)

Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)

Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.12.0 - Ant Software)

ArcGIS Desktop (HKLM-x32\...\{5033400B-0977-45AB-94CE-CC135A8E1BBB}) (Version: 9.3.4000 - Environmental Systems Research Institute, Inc.) Hidden

ArcGIS Desktop (HKLM-x32\...\ArcGIS Desktop) (Version: 9.3.4000 - Environmental Systems Research Institute, Inc.)

ArcGIS License Manager (HKLM-x32\...\ArcGIS License Manager) (Version: - )

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)

Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)

Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version: - )

CCleaner (HKLM\...\CCleaner) (Version: 5.53 - Piriform)

DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)

Dropbox (HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\Dropbox) (Version: 68.4.102 - Dropbox, Inc.)

Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.4.1.16828 - Foxit Software Inc.)

Freemake Video Converter versión 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)

Google Earth Pro (HKLM-x32\...\{9D524A1E-F2FC-444D-B12A-7592CEB56EB5}) (Version: 7.3.2.5776 - Google)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden

Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)

Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)

Java 8 Update 172 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)

Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)

Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Mozilla Firefox 65.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 65.0.2 (x64 es-ES)) (Version: 65.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 65.0.2.6995 - Mozilla)

NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - )

PDF Split And Merge Basic (HKLM-x32\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)

PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge)

Python 2.5 numpy-1.0.3 (HKLM-x32\...\numpy-py2.5) (Version: - )

Python 2.5 numpy-1.0.3 (HKLM-x32\...\Python 2.5 numpy-1.0.3) (Version: - )

Python 2.5.1 (HKLM-x32\...\Python 2.5.1) (Version: - )

qBittorrent 4.0.2 (HKLM-x32\...\qBittorrent) (Version: 4.0.2 - The qBittorrent project)

Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Sentinel System Driver(64-bit) 7.2.2 (HKLM\...\{97407E09-4EA8-49F0-A513-2C1776A6DEC0}) (Version: 7.2.2 - SafeNet, Inc.)

SoftPerfect WiFi Guard version 1.0.6 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.6 - SoftPerfect)

SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.4.2.101 - EnigmaSoft Limited)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)

Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)

Update for Skype for Business 2016 (KB4462190) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{6428D011-1A83-483A-A60C-354311CFE2A2}) (Version: - Microsoft)

Update for Skype for Business 2016 (KB4462190) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{6428D011-1A83-483A-A60C-354311CFE2A2}) (Version: - Microsoft)

Update for Skype for Business 2016 (KB4462190) 64-Bit Edition (HKLM\...\{90160000-012B-0C0A-1000-0000000FF1CE}_Office16.PROPLUS_{6428D011-1A83-483A-A60C-354311CFE2A2}) (Version: - Microsoft)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)

VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.2 - VideoLAN)

WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -&gt; [OneDrive] =&gt; {a52bba46-e9e1-435f-b3d9-28daa648c0f6}

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -&gt; [Dropbox] =&gt; C:\Users\Vero\Dropbox [2015-03-18 17:44]

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -&gt; [dropbox-NamespaceExtensionRole.Business] =&gt;

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -&gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} =&gt; C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -&gt; Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -&gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} =&gt; C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -&gt; Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -&gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} =&gt; C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -&gt; Google)

ShellIconOverlayIdentifiers: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File

ShellIconOverlayIdentifiers: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File

ShellIconOverlayIdentifiers: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File

ShellIconOverlayIdentifiers: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File

ShellIconOverlayIdentifiers: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File

ShellIconOverlayIdentifiers: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File

ShellIconOverlayIdentifiers: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File

ShellIconOverlayIdentifiers: [&quot;DropboxExt1&quot;] -&gt; {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [&quot;DropboxExt2&quot;] -&gt; {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [&quot;DropboxExt3&quot;] -&gt; {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [&quot;DropboxExt4&quot;] -&gt; {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [&quot;DropboxExt5&quot;] -&gt; {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [&quot;DropboxExt6&quot;] -&gt; {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [&quot;DropboxExt7&quot;] -&gt; {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [&quot;DropboxExt8&quot;] -&gt; {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00asw] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -&gt; AVAST Software)

ShellIconOverlayIdentifiers: [00avast] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -&gt; AVAST Software)

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File

ContextMenuHandlers1: [avast] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -&gt; AVAST Software)

ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -&gt; {A94757A0-0226-426F-B4F1-4DF381C630D3} =&gt; C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -&gt; Foxit Software Inc.)

ContextMenuHandlers1: [GDContextMenu] -&gt; {BB02B294-8425-42E5-983F-41A1FA970CD6} =&gt; C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -&gt; Google)

ContextMenuHandlers1: [WinRAR] -&gt; {B41DB860-64E4-11D2-9906-E49FADC173CA} =&gt; C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -&gt; Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -&gt; {B41DB860-8EE4-11D2-9906-E49FADC173CA} =&gt; C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -&gt; Alexander Roshal)

ContextMenuHandlers3: [00asw] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -&gt; AVAST Software)

ContextMenuHandlers3: [MBAMShlExt] -&gt; {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =&gt; C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -&gt; Malwarebytes)

ContextMenuHandlers3: [UnlockerShellExtension] -&gt; [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} =&gt; -&gt; No File

ContextMenuHandlers4: [GDContextMenu] -&gt; {BB02B294-8425-42E5-983F-41A1FA970CD6} =&gt; C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -&gt; Google)

ContextMenuHandlers5: [igfxcui] -&gt; {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =&gt; C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -&gt; Intel Corporation)

ContextMenuHandlers6: [avast] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -&gt; AVAST Software)

ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -&gt; {A94757A0-0226-426F-B4F1-4DF381C630D3} =&gt; C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -&gt; Foxit Software Inc.)

ContextMenuHandlers6: [MBAMShlExt] -&gt; {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =&gt; C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -&gt; Malwarebytes)

ContextMenuHandlers6: [UnlockerShellExtension] -&gt; {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} =&gt; C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -&gt; )

ContextMenuHandlers6: [WinRAR] -&gt; {B41DB860-64E4-11D2-9906-E49FADC173CA} =&gt; C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -&gt; Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -&gt; {B41DB860-8EE4-11D2-9906-E49FADC173CA} =&gt; C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -&gt; Alexander Roshal)

ContextMenuHandlers1_S-1-5-21-2869096185-1707726864-3217315644-1001: [DropboxExt] -&gt; {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ContextMenuHandlers4_S-1-5-21-2869096185-1707726864-3217315644-1001: [DropboxExt] -&gt; {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

ContextMenuHandlers5_S-1-5-21-2869096185-1707726864-3217315644-1001: [DropboxExt] -&gt; {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =&gt; C:\Users\Vero\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -&gt; Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B32475F-2E04-45E9-8C11-E08F002C7C32} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001UA1d23b75e473373c =&gt; C:\Users\Vero\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -&gt; Dropbox, Inc.)

Task: {0DB72CAF-1AAB-45B6-ACAF-EB006796348A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {124CF614-C885-4CC3-A416-E0BB880675DE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate =&gt; C:\WINDOWS\ehome\mcupdate.exe

Task: {129706D3-D636-4F62-8C71-4E4DC1196E40} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -&gt; No File &lt;==== ATTENTION

Task: {14DF7460-A149-4B1C-8B53-C762406316D0} - System32\Tasks\GoogleUpdateTaskMachineCore =&gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -&gt; Google Inc.)

Task: {1575DEF9-F655-451B-9A7D-53668B7157A9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe

Task: {1E6ADC3A-E8B5-4012-9CE6-99F129000F5D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001Core1d23b75e469aba5 =&gt; C:\Users\Vero\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -&gt; Dropbox, Inc.)

Task: {2215C0F6-63F8-4EC2-BDF3-68D9D57921C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe

Task: {24BF55DA-237D-42B8-B90A-393751E0D7FF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -&gt; No File &lt;==== ATTENTION

Task: {25F6568A-A3EF-48F4-8BDD-33D2E526F026} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {2A5F214D-F424-4B4A-A245-AB46759DAF84} - System32\Tasks\Adobe Acrobat Update Task =&gt; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -&gt; Adobe Systems Incorporated)

Task: {2FA95764-C41D-442B-8838-25B5C4007FF0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join =&gt; C:\WINDOWS\System32\AutoWorkplace.exe

Task: {3A6C2628-DCC2-4929-9AC6-A64022137020} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {3ABB4ED9-B889-4159-BC3F-DD373DF3E5A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -&gt; No File &lt;==== ATTENTION

Task: {41E4A630-B962-4564-A616-09F0B8D22310} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {46B0CE16-2463-48DB-956B-7917C0B8560E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat =&gt; C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -&gt; Microsoft Corporation)

Task: {474EDADC-E84E-4AAC-982F-A7657C84B49F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {48BF754A-6025-4D17-BED3-9769EDCB2E2D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {4A69A3A1-C9C6-432A-A0DC-F402B66D5D5F} - \WPD\SqmUpload_S-1-5-21-2869096185-1707726864-3217315644-1001 -&gt; No File &lt;==== ATTENTION

Task: {4EA98E37-6E8B-4BA4-A19B-44D8A81BC208} - System32\Tasks\GoogleUpdateTaskMachineUA =&gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -&gt; Google Inc.)

Task: {4EB6EC0F-FD05-49F5-A306-D782CA733637} - System32\Tasks\Avast Software\Overseer =&gt; C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -&gt; AVAST Software)

Task: {4EDDBD20-AE3F-40E2-9F3C-063E2071DB0D} - System32\Tasks\AutoPico Daily Restart =&gt; C:\Program Files\KMSpico\AutoPico.exe

Task: {5BB532DD-1880-427C-84F2-84D48B3F22C4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -&gt; No File &lt;==== ATTENTION

Task: {5EC206E1-3515-43F7-AF3E-A467F189258F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask =&gt; C:\WINDOWS\ehome\mcupdate.exe

Task: {720B5558-FBAF-4F06-95E3-245941F72704} - \Microsoft\Windows\Setup\gwx\rundetector -&gt; No File &lt;==== ATTENTION

Task: {7601D7FD-27F3-422B-925E-B3F27E3E7B04} - \Microsoft\Windows\UNP\RunCampaignManager -&gt; No File &lt;==== ATTENTION

Task: {7722A0EE-A466-40E8-A749-861409461773} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -&gt; No File &lt;==== ATTENTION

Task: {81458842-1ADD-4635-8118-34712AA1F616} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {8BDCF252-5C66-4A22-BB45-EE04DF488556} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -&gt; No File &lt;==== ATTENTION

Task: {8C50D9A6-BE95-46B1-B60F-2A71D7C19552} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled =&gt; C:\WINDOWS\ehome\mcupdate.exe

Task: {9C01FA77-1C23-4EE4-BAF0-0B137B396841} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -&gt; No File &lt;==== ATTENTION

Task: {A1C34456-4ADC-48B8-9266-BE71CB38365D} - System32\Tasks\CCleanerSkipUAC =&gt; C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -&gt; Piriform Software Ltd)

Task: {A5BD808F-1D33-4F4E-896B-B88CC1A270A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -&gt; No File &lt;==== ATTENTION

Task: {A807AAC8-E2F8-4260-87E1-F88D18904C5C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording =&gt; C:\WINDOWS\ehome\ehrec.exe

Task: {A8E7CE45-109C-484E-95DF-91C4492297CB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -&gt; No File &lt;==== ATTENTION

Task: {ADCB7E5E-906A-4302-8E51-406F3B9BEA8C} - System32\Tasks\Adobe Flash Player NPAPI Notifier =&gt; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe (Adobe Systems Incorporated -&gt; Adobe Systems Incorporated)

Task: {B26E128E-65D3-48B3-A7C1-9AC244D3AE6C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {B99464D2-5748-4A55-B85E-FC6F0EFDA46B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {C3090918-B8E7-4C30-BDE4-AEBD5EE51B80} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry =&gt; C:\WINDOWS\ehome\MCUpdate.exe

Task: {CA344261-C620-41D3-88A0-9714203DF38B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 =&gt; C:\Program Files\Microsoft Office\Office16\msoia.exe (Microsoft Corporation -&gt; Microsoft Corporation)

Task: {D1E6D24E-F3B0-4D45-B1EE-9C9CC0010FA7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -&gt; No File &lt;==== ATTENTION

Task: {D6BDE672-E36A-4878-B699-D5C3DA2979B3} - System32\Tasks\Avast Emergency Update =&gt; C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -&gt; AVAST Software)

Task: {D7C8F56B-A10C-4F59-9C69-69157004F140} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe

Task: {DAADA114-9BC4-4CD3-9D25-0C3C79E0BD1F} - System32\Tasks\CCleaner Update =&gt; C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -&gt; Piriform Software Ltd)

Task: {DD6AAE2E-2075-488D-87CB-C51139D9D6C8} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures

Task: {E8AB73BA-73D7-42CF-8CA3-10751DCB1723} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart =&gt; C:\WINDOWS\ehome\ehrec.exe

Task: {E94C11F8-A61F-493F-94B6-8515CCBB4AA7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {E95505C6-872D-473D-AC2C-7692FF6D26A0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -&gt; No File &lt;==== ATTENTION

Task: {F0FB4C42-F6BC-4880-9EA8-4739BF982845} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -&gt; No File &lt;==== ATTENTION

Task: {F3CD9DB3-F59F-45C5-A32A-3B558DECAE49} - System32\Tasks\AVAST Software\Avast settings backup =&gt; C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe

Task: {F3D393C6-177D-4988-B420-3D31275CF599} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {F51F1630-996E-4691-94A3-D20561D63098} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {F854FCCC-E800-46C9-8D9D-27A54CC0FB70} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe

Task: {F90F9749-C737-46B5-B59A-715AA3572C86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 =&gt; C:\Program Files\Microsoft Office\Office16\msoia.exe (Microsoft Corporation -&gt; Microsoft Corporation)

Task: {FAB69052-EB3C-44CF-8D90-3F104BDB56AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -&gt; No File &lt;==== ATTENTION

Task: {FDA7D4BE-D22C-4002-B62F-869962AAC39E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -&gt; No File &lt;==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001Core1d23b75e469aba5.job =&gt; C:\Users\Vero\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2869096185-1707726864-3217315644-1001UA1d23b75e473373c.job =&gt; C:\Users\Vero\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts &amp; WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-06-10 09:16 - 2019-02-01 10:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll

2018-06-10 09:16 - 2019-02-01 10:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll

2018-06-10 09:16 - 2019-02-01 10:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll

2018-06-10 09:16 - 2019-02-01 10:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll

2018-06-10 09:16 - 2019-02-01 10:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll

2018-06-10 09:16 - 2019-02-01 10:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll

2018-06-10 09:16 - 2019-02-01 10:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll

2018-06-10 09:16 - 2019-02-01 10:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll

2019-03-16 12:03 - 2019-02-01 10:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The &quot;AlternateShell&quot; will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService =&gt; &quot;&quot;=&quot;Service&quot;

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService =&gt; &quot;&quot;=&quot;Service&quot;

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\sarga.es -&gt; hxxps://intranet.sarga.es

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2019-01-04 17:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\

HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\Control Panel\Desktop\\Wallpaper -&gt; c:\windows\web\wallpaper\theme1\img1.jpg

DNS Servers: Media is not connected to internet.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =&gt; (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer =&gt; (SmartScreenEnabled: RequireAdmin)

HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers =&gt; ProviderFileName2 -&gt; ndptsp.tsp (No File)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: =&gt; &quot;GrooveMonitor&quot;

HKLM\...\StartupApproved\Run32: =&gt; &quot;SunJavaUpdateSched&quot;

HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\StartupApproved\Run: =&gt; &quot;DAEMON Tools Lite&quot;

HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\StartupApproved\Run: =&gt; &quot;Skype&quot;

HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\StartupApproved\Run: =&gt; &quot;GoogleChromeAutoLaunch_5CCD8EC5117D1CDF2610CF16937AAC21&quot;

HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\StartupApproved\Run: =&gt; &quot;OneDrive&quot;

HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\StartupApproved\Run: =&gt; &quot;OneDriveSetup&quot;

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{9E897409-8CF6-4849-BDF5-BF31E8092A07}C:\program files (x86)\mozilla firefox\firefox.exe] =&gt; (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -&gt; Mozilla Corporation)

FirewallRules: [TCP Query User{F9DA999F-3650-4361-AF7C-28D21DDF3BE3}C:\program files (x86)\mozilla firefox\firefox.exe] =&gt; (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -&gt; Mozilla Corporation)

FirewallRules: [{3B85DA39-2282-4E0C-AAF9-D739907D9124}] =&gt; (Allow) LPort=1688

FirewallRules: [{8ECE81EA-5BD0-4144-B8E0-46DB96B7E0CC}] =&gt; (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -&gt; Mozilla Corporation)

FirewallRules: [{07F4DFBB-C8B5-43A7-A6E3-3F7D292F46BE}] =&gt; (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -&gt; Mozilla Corporation)

FirewallRules: [{7EF198B0-0716-49CA-A8B3-6E93B7E2005B}] =&gt; (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -&gt; Mozilla Corporation)

FirewallRules: [{9DD648EE-7E8E-429B-BDF1-98CFAFF137D4}] =&gt; (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -&gt; Mozilla Corporation)

FirewallRules: [UDP Query User{9D7F2142-47B7-4FDC-B66A-E7945A932611}C:\users\vero\appdata\roaming\dropbox\bin\dropbox.exe] =&gt; (Allow) C:\users\vero\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -&gt; Dropbox, Inc.)

FirewallRules: [TCP Query User{0494A049-CA48-40C9-A320-28F1999A4E59}C:\users\vero\appdata\roaming\dropbox\bin\dropbox.exe] =&gt; (Allow) C:\users\vero\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -&gt; Dropbox, Inc.)

FirewallRules: [{2A84FAC9-615D-4B2F-ACB7-6E1FBAD81828}] =&gt; (Allow) C:\Users\Vero\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -&gt; Dropbox, Inc.)

FirewallRules: [{23240BE6-FBF3-4B01-BA35-A8A3EEFED82D}] =&gt; (Allow) C:\Users\Vero\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -&gt; Dropbox, Inc.)

FirewallRules: [TCP Query User{932656B2-9A26-4082-A137-7E1DA027A58A}C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe] =&gt; (Allow) C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe (Acresso Software Inc. -&gt; Acresso Software Inc.)

FirewallRules: [UDP Query User{B2BD968C-7917-43DF-9B8E-2D629086515B}C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe] =&gt; (Allow) C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe (Acresso Software Inc. -&gt; Acresso Software Inc.)

FirewallRules: [TCP Query User{547B328E-FEE0-4C11-9833-39868B214D02}C:\program files (x86)\esri\license\arcgis9x\arcgis.exe] =&gt; (Allow) C:\program files (x86)\esri\license\arcgis9x\arcgis.exe () [File not signed]

FirewallRules: [UDP Query User{40E8CD7E-4C07-45AC-83C9-EAFCABB1264C}C:\program files (x86)\esri\license\arcgis9x\arcgis.exe] =&gt; (Allow) C:\program files (x86)\esri\license\arcgis9x\arcgis.exe () [File not signed]

FirewallRules: [TCP Query User{E239C26A-7197-4CA9-8405-EF864A72487D}C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe] =&gt; (Block) C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe (Acresso Software Inc. -&gt; Acresso Software Inc.)

FirewallRules: [UDP Query User{7110C333-CA58-4012-A323-998441B5A4CE}C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe] =&gt; (Block) C:\program files (x86)\esri\license\arcgis9x\lmgrd.exe (Acresso Software Inc. -&gt; Acresso Software Inc.)

FirewallRules: [TCP Query User{CA034D5A-B19F-4F51-907B-7BE69CCA4CA6}C:\program files (x86)\esri\license\arcgis9x\arcgis.exe] =&gt; (Allow) C:\program files (x86)\esri\license\arcgis9x\arcgis.exe () [File not signed]

FirewallRules: [UDP Query User{AE53E55D-D05A-423F-A237-DF6B8CFA7AD8}C:\program files (x86)\esri\license\arcgis9x\arcgis.exe] =&gt; (Allow) C:\program files (x86)\esri\license\arcgis9x\arcgis.exe () [File not signed]

FirewallRules: [{FE1A18FC-EC13-43F6-8632-9A77BA69EFEE}] =&gt; (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]

FirewallRules: [{DCA958C4-DF7F-4689-8CC3-7D9A57577F21}] =&gt; (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]

FirewallRules: [{B263537B-47F1-4D13-A938-D87F092B82D3}] =&gt; (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]

FirewallRules: [{B6DCB048-3704-45FB-BE15-874DF9D77101}] =&gt; (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]

FirewallRules: [{64CB7184-CC89-4339-9108-F86601B39DFC}] =&gt; (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -&gt; Microsoft Corporation)

FirewallRules: [{B9DC2931-EA33-4547-B8A0-986687AC350C}] =&gt; (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -&gt; Microsoft Corporation)

FirewallRules: [{CBE8843A-163E-4A87-AEB0-BB43AE226678}] =&gt; (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -&gt; Microsoft Corporation)

FirewallRules: [{C6FA8601-12BC-4C01-AD6C-8F65EAB9160F}] =&gt; (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -&gt; Microsoft Corporation)

FirewallRules: [TCP Query User{1A20410D-941D-4739-B99D-1B554F8D5A43}C:\program files (x86)\videolan\vlc\vlc.exe] =&gt; (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -&gt; VideoLAN)

FirewallRules: [UDP Query User{A10AB9A1-86B9-43D5-9177-0CEE1FAB4248}C:\program files (x86)\videolan\vlc\vlc.exe] =&gt; (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -&gt; VideoLAN)

FirewallRules: [{83A646A0-695B-4259-BA55-335A65962077}] =&gt; (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -&gt; Piriform Software Ltd)

FirewallRules: [{FDF4F760-C4BE-4B66-81E6-076031FAE606}] =&gt; (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -&gt; Piriform Software Ltd)

FirewallRules: [{3D9E094F-60AC-48BB-BDF1-B7B71BA3F905}] =&gt; (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -&gt; AVAST Software)

FirewallRules: [{6938F656-A760-432E-91ED-17B8C85E6001}] =&gt; (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -&gt; AVAST Software)

FirewallRules: [{50C5A389-3D4F-4F42-BCCA-93A8322F5DF3}] =&gt; (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -&gt; Google Inc.)

==================== Restore Points =========================

16-03-2019 09:39:04 trjan

16-03-2019 12:23:17 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (03/16/2019 11:56:10 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.648_none_fb45a0e93062a6d2.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.648_none_42f2d7c044decfd8.manifest.

Error: (03/15/2019 10:36:04 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.648_none_fb45a0e93062a6d2.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.648_none_42f2d7c044decfd8.manifest.

Error: (03/14/2019 11:02:53 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.648_none_fb45a0e93062a6d2.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.648_none_42f2d7c044decfd8.manifest.

Error: (03/10/2019 06:59:51 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.

Error: (03/10/2019 06:59:48 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.

Error: (03/10/2019 06:57:05 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.

Error: (03/10/2019 06:56:55 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.

Error: (03/10/2019 11:04:54 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para &quot;C:\Users\Vero\Downloads\esetsmartinstaller_esn.exe&quot;. Error en el archivo de manifiesto o directiva &quot;&quot; en la línea .

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.

System errors:

=============

Error: (03/16/2019 12:20:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio Sentinel no pudo iniciarse debido al siguiente error:

Windows no puede comprobar la firma digital en este archivo. Un cambio reciente en el hardware o en el software podría haber instalado un archivo con una firma incorrecta o dañada, o podría también tratarse de un software malintencionado proveniente de un origen desconocido.

Error: (03/16/2019 12:15:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio Sentinel no pudo iniciarse debido al siguiente error:

Windows no puede comprobar la firma digital en este archivo. Un cambio reciente en el hardware o en el software podría haber instalado un archivo con una firma incorrecta o dañada, o podría también tratarse de un software malintencionado proveniente de un origen desconocido.

Error: (03/16/2019 12:14:18 PM) (Source: DCOM) (EventID: 10010) (User: VeroPc)

Description: El servidor Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy!App no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/16/2019 12:14:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Windows Remediation Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (03/16/2019 12:14:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: El servicio SynTPEnh Caller Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/16/2019 12:14:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/16/2019 12:14:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: El servicio SpyHunter 5 Kernel Monitor se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/16/2019 12:09:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio Sentinel no pudo iniciarse debido al siguiente error:

Windows no puede comprobar la firma digital en este archivo. Un cambio reciente en el hardware o en el software podría haber instalado un archivo con una firma incorrecta o dañada, o podría también tratarse de un software malintencionado proveniente de un origen desconocido.

Windows Defender:

===================================

Date: 2018-10-12 12:57:35.669

Description:

El examen de Antivirus de Windows Defender se detuvo antes de completarse.

Id. de examen: {A269D6D7-C3A9-458B-89F1-993EF60504B4}

Tipo de examen: Antimalware

Parámetros de examen: Examen rápido

Usuario: NT AUTHORITY\SYSTEM

Date: 2018-10-09 19:01:00.803

Description:

El examen de Antivirus de Windows Defender se detuvo antes de completarse.

Id. de examen: {82B2C617-C752-48FE-B614-496BCC625C02}

Tipo de examen: Antimalware

Parámetros de examen: Examen rápido

Usuario: VeroPc\Vero

Date: 2018-10-09 19:00:12.053

Description:

Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.

Para obtener más información consulte lo siguiente:

https://go.microsoft.com/fwlink/?linkid=37020&amp;name=HackTool:Win64/AutoKMS&amp;threatid=2147723334&amp;enterprise=0

Nombre: HackTool:Win64/AutoKMS

Id.: 2147723334

Gravedad: Alta

Categoría: Herramienta

Ruta de acceso: file:_C:\Windows\SECOH-QAD.exe

Origen de detección: Equipo local

Tipo de detección: Concreto

Fuente de detección: Protección en tiempo real

Usuario: NT AUTHORITY\SYSTEM

Nombre de proceso: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

Versión de firma: AV: 1.277.822.0, AS: 1.277.822.0, NIS: 1.277.822.0

Versión de motor: AM: 1.1.15300.6, NIS: 1.1.15300.6

Date: 2018-10-09 18:56:40.442

Description:

Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.

Para obtener más información consulte lo siguiente:

https://go.microsoft.com/fwlink/?linkid=37020&amp;name=HackTool:Win64/AutoKMS&amp;threatid=2147723334&amp;enterprise=0

Nombre: HackTool:Win64/AutoKMS

Id.: 2147723334

Gravedad: Alta

Categoría: Herramienta

Ruta de acceso: file:_C:\Windows\SECOH-QAD.exe

Origen de detección: Equipo local

Tipo de detección: Concreto

Fuente de detección: Protección en tiempo real

Usuario: NT AUTHORITY\SYSTEM

Nombre de proceso: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

Versión de firma: AV: 1.277.822.0, AS: 1.277.822.0, NIS: 1.277.822.0

Versión de motor: AM: 1.1.15300.6, NIS: 1.1.15300.6

Date: 2018-10-09 18:55:38.116

Description:

Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.

Para obtener más información consulte lo siguiente:

https://go.microsoft.com/fwlink/?linkid=37020&amp;name=HackTool:Win64/AutoKMS&amp;threatid=2147723334&amp;enterprise=0

Nombre: HackTool:Win64/AutoKMS

Id.: 2147723334

Gravedad: Alta

Categoría: Herramienta

Ruta de acceso: file:_C:\Windows\SECOH-QAD.exe

Origen de detección: Equipo local

Tipo de detección: Concreto

Fuente de detección: Protección en tiempo real

Usuario: NT AUTHORITY\SYSTEM

Nombre de proceso: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

Versión de firma: AV: 1.277.822.0, AS: 1.277.822.0, NIS: 1.277.822.0

Versión de motor: AM: 1.1.15300.6, NIS: 1.1.15300.6

Date: 2019-03-16 12:22:14.223

Description:

Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.

Nueva versión de firma:

Versión de firma anterior: 1.277.989.0

Origen de actualización: Centro de protección contra malware de Microsoft

Tipo de firma: AntiVirus

Tipo de actualización: Completa

Usuario: NT AUTHORITY\Servicio de red

Versión de motor actual:

Versión de motor anterior: 1.1.15300.6

Código de error: 0x80072ee7

Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Date: 2019-03-16 12:22:14.223

Description:

Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.

Nueva versión de firma:

Versión de firma anterior: 1.277.989.0

Origen de actualización: Centro de protección contra malware de Microsoft

Tipo de firma: AntiSpyware

Tipo de actualización: Completa

Usuario: NT AUTHORITY\Servicio de red

Versión de motor actual:

Versión de motor anterior: 1.1.15300.6

Código de error: 0x80072ee7

Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Date: 2019-03-16 12:22:14.222

Description:

Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.

Nueva versión de firma:

Versión de firma anterior: 1.277.989.0

Origen de actualización: Centro de protección contra malware de Microsoft

Tipo de firma: AntiVirus

Tipo de actualización: Completa

Usuario: NT AUTHORITY\Servicio de red

Versión de motor actual:

Versión de motor anterior: 1.1.15300.6

Código de error: 0x80072ee7

Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Date: 2019-03-16 12:22:14.205

Description:

Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.

Nueva versión de firma:

Versión de firma anterior: 1.277.989.0

Origen de actualización: Centro de protección contra malware de Microsoft

Tipo de firma: AntiVirus

Tipo de actualización: Completa

Usuario: NT AUTHORITY\Servicio de red

Versión de motor actual:

Versión de motor anterior: 1.1.15300.6

Código de error: 0x80072ee7

Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Date: 2019-03-16 12:22:14.204

Description:

Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.

Nueva versión de firma:

Versión de firma anterior: 1.277.989.0

Origen de actualización: Centro de protección contra malware de Microsoft

Tipo de firma: AntiSpyware

Tipo de actualización: Completa

Usuario: NT AUTHORITY\Servicio de red

Versión de motor actual:

Versión de motor anterior: 1.1.15300.6

Código de error: 0x80072ee7

Descripción del error: No se pudo resolver el nombre de servidor o su dirección

CodeIntegrity:

===================================

Date: 2019-03-16 12:20:56.076

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-03-16 12:15:02.774

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-03-16 12:09:51.056

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-03-16 12:08:55.604

Description:

Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-16 12:08:55.335

Description:

Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-16 12:08:54.914

Description:

Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-16 12:08:54.534

Description:

Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-16 12:07:29.706

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz

Percentage of memory in use: 40%

Total physical RAM: 5814.71 MB

Available physical RAM: 3433.34 MB

Total Virtual: 6774.71 MB

Available Virtual: 4525.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.53 GB) (Free:20.23 GB) NTFS

\\?\Volume{74d61159-cb14-11e4-be65-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.34 GB) (Free:0.26 GB) NTFS

\\?\Volume{151e1625-0000-0000-0000-00b81b000000}\ () (Fixed) (Total:0.91 GB) (Free:0.45 GB) NTFS

==================== MBR &amp; Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 151E1625)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=110.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=936 MB) - (Type=27)

==================== End of Addition.txt ============================

Muchísimas gracias por la ayuda. Y lo siento, que un code tenía una errata y no lo ha cogido bien. Error de novata!:blush:

Hola.

Por lo del [code]…no te preocupes…ya lo arreglaré yo.

Mientras reviso los informes, por favor, desinstala SpyHunter para que NO interfiera en los próximos procedimientos que te mandaré.

Cuando lo hayas desinstalado nos lo indicas, gracias.

Saludos.

Hola, programa desinstalado!

1 me gusta

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File
ContextMenuHandlers3: [UnlockerShellExtension] -&gt; [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} =&gt; -&gt; No File
Task: {0DB72CAF-1AAB-45B6-ACAF-EB006796348A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {124CF614-C885-4CC3-A416-E0BB880675DE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {129706D3-D636-4F62-8C71-4E4DC1196E40} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -&gt; No File &lt;==== ATTENTION
Task: {1575DEF9-F655-451B-9A7D-53668B7157A9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {2215C0F6-63F8-4EC2-BDF3-68D9D57921C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {24BF55DA-237D-42B8-B90A-393751E0D7FF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -&gt; No File &lt;==== ATTENTION
Task: {25F6568A-A3EF-48F4-8BDD-33D2E526F026} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2FA95764-C41D-442B-8838-25B5C4007FF0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {3A6C2628-DCC2-4929-9AC6-A64022137020} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3ABB4ED9-B889-4159-BC3F-DD373DF3E5A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -&gt; No File &lt;==== ATTENTION
Task: {41E4A630-B962-4564-A616-09F0B8D22310} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {474EDADC-E84E-4AAC-982F-A7657C84B49F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {48BF754A-6025-4D17-BED3-9769EDCB2E2D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4A69A3A1-C9C6-432A-A0DC-F402B66D5D5F} - \WPD\SqmUpload_S-1-5-21-2869096185-1707726864-3217315644-1001 -&gt; No File &lt;==== ATTENTION
Task: {5BB532DD-1880-427C-84F2-84D48B3F22C4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -&gt; No File &lt;==== ATTENTION
Task: {5EC206E1-3515-43F7-AF3E-A467F189258F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {720B5558-FBAF-4F06-95E3-245941F72704} - \Microsoft\Windows\Setup\gwx\rundetector -&gt; No File &lt;==== ATTENTION
Task: {7601D7FD-27F3-422B-925E-B3F27E3E7B04} - \Microsoft\Windows\UNP\RunCampaignManager -&gt; No File &lt;==== ATTENTION
Task: {7722A0EE-A466-40E8-A749-861409461773} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -&gt; No File &lt;==== ATTENTION
Task: {81458842-1ADD-4635-8118-34712AA1F616} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8BDCF252-5C66-4A22-BB45-EE04DF488556} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -&gt; No File &lt;==== ATTENTION
Task: {8C50D9A6-BE95-46B1-B60F-2A71D7C19552} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {9C01FA77-1C23-4EE4-BAF0-0B137B396841} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -&gt; No File &lt;==== ATTENTION
Task: {A5BD808F-1D33-4F4E-896B-B88CC1A270A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -&gt; No File &lt;==== ATTENTION
Task: {A807AAC8-E2F8-4260-87E1-F88D18904C5C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording =&gt; C:\WINDOWS\ehome\ehrec.exe
Task: {A8E7CE45-109C-484E-95DF-91C4492297CB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -&gt; No File &lt;==== ATTENTION
Task: {B26E128E-65D3-48B3-A7C1-9AC244D3AE6C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B99464D2-5748-4A55-B85E-FC6F0EFDA46B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3090918-B8E7-4C30-BDE4-AEBD5EE51B80} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry =&gt; C:\WINDOWS\ehome\MCUpdate.exe
Task: {D1E6D24E-F3B0-4D45-B1EE-9C9CC0010FA7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -&gt; No File &lt;==== ATTENTION
Task: {D7C8F56B-A10C-4F59-9C69-69157004F140} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {E8AB73BA-73D7-42CF-8CA3-10751DCB1723} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart =&gt; C:\WINDOWS\ehome\ehrec.exe
Task: {E94C11F8-A61F-493F-94B6-8515CCBB4AA7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E95505C6-872D-473D-AC2C-7692FF6D26A0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -&gt; No File &lt;==== ATTENTION
Task: {F0FB4C42-F6BC-4880-9EA8-4739BF982845} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -&gt; No File &lt;==== ATTENTION
Task: {F3D393C6-177D-4988-B420-3D31275CF599} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F51F1630-996E-4691-94A3-D20561D63098} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F854FCCC-E800-46C9-8D9D-27A54CC0FB70} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FAB69052-EB3C-44CF-8D90-3F104BDB56AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -&gt; No File &lt;==== ATTENTION
Task: {FDA7D4BE-D22C-4002-B62F-869962AAC39E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -&gt; No File &lt;==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\Run: [59c9f93e] => C:\ProgramData\59c9f93e\59c9f93e.exe C:\ProgramData\59c9f93e\59c9f93etest.au3
BootExecute: autocheck autochk * sdnclean64.exe
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [10191664 2019-03-10] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [539440 2019-03-10] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [69432 2019-03-16] (EnigmaSoft Limited -> EnigmaSoft Limited)
2019-03-10 20:37 - 2019-03-10 20:37 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2019-03-16 12:17 - 2019-03-16 12:21 - 000069432 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2019-03-16 12:14 - 2019-03-16 12:14 - 000000000 ____D C:\ProgramData\bVnHrt
2019-03-16 12:09 - 2019-03-16 12:09 - 000000000 ____D C:\ProgramData\vFrJrqLG
2019-03-16 12:20 - 2019-03-16 12:20 - 000000000 ____D C:\ProgramData\ZwbEgv
2019-03-10 20:37 - 2019-03-10 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2019-03-10 20:37 - 2019-03-10 20:37 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2019-03-10 20:36 - 2019-03-10 20:36 - 000000000 ____D C:\Program Files\EnigmaSoft
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

Muchas gracias por la ayuda, de verdad! sois unas máquinas!!!

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by Vero (16-03-2019 17:08:27) Run:1
Running from C:\Users\Vero\Desktop
Loaded Profiles: Vero (Available Profiles: Vero)
Boot Mode: Normal
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File
ShellIconOverlayIdentifiers: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File
ContextMenuHandlers3: [UnlockerShellExtension] -&gt; [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} =&gt; -&gt; No File
Task: {0DB72CAF-1AAB-45B6-ACAF-EB006796348A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {124CF614-C885-4CC3-A416-E0BB880675DE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {129706D3-D636-4F62-8C71-4E4DC1196E40} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -&gt; No File &lt;==== ATTENTION
Task: {1575DEF9-F655-451B-9A7D-53668B7157A9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {2215C0F6-63F8-4EC2-BDF3-68D9D57921C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {24BF55DA-237D-42B8-B90A-393751E0D7FF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -&gt; No File &lt;==== ATTENTION
Task: {25F6568A-A3EF-48F4-8BDD-33D2E526F026} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2FA95764-C41D-442B-8838-25B5C4007FF0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {3A6C2628-DCC2-4929-9AC6-A64022137020} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3ABB4ED9-B889-4159-BC3F-DD373DF3E5A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -&gt; No File &lt;==== ATTENTION
Task: {41E4A630-B962-4564-A616-09F0B8D22310} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {474EDADC-E84E-4AAC-982F-A7657C84B49F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {48BF754A-6025-4D17-BED3-9769EDCB2E2D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4A69A3A1-C9C6-432A-A0DC-F402B66D5D5F} - \WPD\SqmUpload_S-1-5-21-2869096185-1707726864-3217315644-1001 -&gt; No File &lt;==== ATTENTION
Task: {5BB532DD-1880-427C-84F2-84D48B3F22C4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -&gt; No File &lt;==== ATTENTION
Task: {5EC206E1-3515-43F7-AF3E-A467F189258F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {720B5558-FBAF-4F06-95E3-245941F72704} - \Microsoft\Windows\Setup\gwx\rundetector -&gt; No File &lt;==== ATTENTION
Task: {7601D7FD-27F3-422B-925E-B3F27E3E7B04} - \Microsoft\Windows\UNP\RunCampaignManager -&gt; No File &lt;==== ATTENTION
Task: {7722A0EE-A466-40E8-A749-861409461773} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -&gt; No File &lt;==== ATTENTION
Task: {81458842-1ADD-4635-8118-34712AA1F616} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8BDCF252-5C66-4A22-BB45-EE04DF488556} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -&gt; No File &lt;==== ATTENTION
Task: {8C50D9A6-BE95-46B1-B60F-2A71D7C19552} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {9C01FA77-1C23-4EE4-BAF0-0B137B396841} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -&gt; No File &lt;==== ATTENTION
Task: {A5BD808F-1D33-4F4E-896B-B88CC1A270A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -&gt; No File &lt;==== ATTENTION
Task: {A807AAC8-E2F8-4260-87E1-F88D18904C5C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording =&gt; C:\WINDOWS\ehome\ehrec.exe
Task: {A8E7CE45-109C-484E-95DF-91C4492297CB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -&gt; No File &lt;==== ATTENTION
Task: {B26E128E-65D3-48B3-A7C1-9AC244D3AE6C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B99464D2-5748-4A55-B85E-FC6F0EFDA46B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3090918-B8E7-4C30-BDE4-AEBD5EE51B80} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry =&gt; C:\WINDOWS\ehome\MCUpdate.exe
Task: {D1E6D24E-F3B0-4D45-B1EE-9C9CC0010FA7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -&gt; No File &lt;==== ATTENTION
Task: {D7C8F56B-A10C-4F59-9C69-69157004F140} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe
Task: {E8AB73BA-73D7-42CF-8CA3-10751DCB1723} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart =&gt; C:\WINDOWS\ehome\ehrec.exe
Task: {E94C11F8-A61F-493F-94B6-8515CCBB4AA7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E95505C6-872D-473D-AC2C-7692FF6D26A0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -&gt; No File &lt;==== ATTENTION
Task: {F0FB4C42-F6BC-4880-9EA8-4739BF982845} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -&gt; No File &lt;==== ATTENTION
Task: {F3D393C6-177D-4988-B420-3D31275CF599} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F51F1630-996E-4691-94A3-D20561D63098} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F854FCCC-E800-46C9-8D9D-27A54CC0FB70} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FAB69052-EB3C-44CF-8D90-3F104BDB56AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -&gt; No File &lt;==== ATTENTION
Task: {FDA7D4BE-D22C-4002-B62F-869962AAC39E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -&gt; No File &lt;==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\...\Run: [59c9f93e] => C:\ProgramData\59c9f93e\59c9f93e.exe C:\ProgramData\59c9f93e\59c9f93etest.au3
BootExecute: autocheck autochk * sdnclean64.exe
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [10191664 2019-03-10] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [539440 2019-03-10] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [69432 2019-03-16] (EnigmaSoft Limited -> EnigmaSoft Limited)
2019-03-10 20:37 - 2019-03-10 20:37 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2019-03-16 12:17 - 2019-03-16 12:21 - 000069432 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2019-03-16 12:14 - 2019-03-16 12:14 - 000000000 ____D C:\ProgramData\bVnHrt
2019-03-16 12:09 - 2019-03-16 12:09 - 000000000 ____D C:\ProgramData\vFrJrqLG
2019-03-16 12:20 - 2019-03-16 12:20 - 000000000 ____D C:\ProgramData\ZwbEgv
2019-03-10 20:37 - 2019-03-10 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2019-03-10 20:37 - 2019-03-10 20:37 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2019-03-10 20:36 - 2019-03-10 20:36 - 000000000 ____D C:\Program Files\EnigmaSoft
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Classes\CLSID\ShellIconOverlayIdentifiers-x32: [ OneDrive1] -&gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Classes\CLSID\ShellIconOverlayIdentifiers-x32: [ OneDrive2] -&gt; {5AB7172C-9C11-405C-8DD5-AF20F3606282} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Classes\CLSID\ShellIconOverlayIdentifiers-x32: [ OneDrive3] -&gt; {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Classes\CLSID\ShellIconOverlayIdentifiers-x32: [ OneDrive4] -&gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Classes\CLSID\ShellIconOverlayIdentifiers-x32: [ OneDrive5] -&gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Classes\CLSID\ShellIconOverlayIdentifiers-x32: [ OneDrive6] -&gt; {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File => not found
HKLM\Software\Wow6432Node\Classes\CLSID\ShellIconOverlayIdentifiers-x32: [ OneDrive7] -&gt; {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =&gt; -&gt; No File => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\ContextMenuHandlers3: [UnlockerShellExtension] -&gt; [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} =&gt; -&gt; No File => not found
HKLM\Software\Classes\CLSID\ContextMenuHandlers3: [UnlockerShellExtension] -&gt; [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} =&gt; -&gt; No File => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DB72CAF-1AAB-45B6-ACAF-EB006796348A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DB72CAF-1AAB-45B6-ACAF-EB006796348A}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{124CF614-C885-4CC3-A416-E0BB880675DE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{124CF614-C885-4CC3-A416-E0BB880675DE}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{129706D3-D636-4F62-8C71-4E4DC1196E40}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{129706D3-D636-4F62-8C71-4E4DC1196E40}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1575DEF9-F655-451B-9A7D-53668B7157A9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1575DEF9-F655-451B-9A7D-53668B7157A9}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2215C0F6-63F8-4EC2-BDF3-68D9D57921C9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2215C0F6-63F8-4EC2-BDF3-68D9D57921C9}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24BF55DA-237D-42B8-B90A-393751E0D7FF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24BF55DA-237D-42B8-B90A-393751E0D7FF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25F6568A-A3EF-48F4-8BDD-33D2E526F026}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25F6568A-A3EF-48F4-8BDD-33D2E526F026}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FA95764-C41D-442B-8838-25B5C4007FF0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FA95764-C41D-442B-8838-25B5C4007FF0}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A6C2628-DCC2-4929-9AC6-A64022137020}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A6C2628-DCC2-4929-9AC6-A64022137020}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3ABB4ED9-B889-4159-BC3F-DD373DF3E5A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3ABB4ED9-B889-4159-BC3F-DD373DF3E5A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41E4A630-B962-4564-A616-09F0B8D22310}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41E4A630-B962-4564-A616-09F0B8D22310}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{474EDADC-E84E-4AAC-982F-A7657C84B49F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{474EDADC-E84E-4AAC-982F-A7657C84B49F}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48BF754A-6025-4D17-BED3-9769EDCB2E2D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48BF754A-6025-4D17-BED3-9769EDCB2E2D}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A69A3A1-C9C6-432A-A0DC-F402B66D5D5F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A69A3A1-C9C6-432A-A0DC-F402B66D5D5F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BB532DD-1880-427C-84F2-84D48B3F22C4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BB532DD-1880-427C-84F2-84D48B3F22C4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EC206E1-3515-43F7-AF3E-A467F189258F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EC206E1-3515-43F7-AF3E-A467F189258F}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{720B5558-FBAF-4F06-95E3-245941F72704}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{720B5558-FBAF-4F06-95E3-245941F72704}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7601D7FD-27F3-422B-925E-B3F27E3E7B04}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7601D7FD-27F3-422B-925E-B3F27E3E7B04}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7722A0EE-A466-40E8-A749-861409461773}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7722A0EE-A466-40E8-A749-861409461773}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81458842-1ADD-4635-8118-34712AA1F616}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81458842-1ADD-4635-8118-34712AA1F616}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BDCF252-5C66-4A22-BB45-EE04DF488556}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BDCF252-5C66-4A22-BB45-EE04DF488556}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C50D9A6-BE95-46B1-B60F-2A71D7C19552}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C50D9A6-BE95-46B1-B60F-2A71D7C19552}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C01FA77-1C23-4EE4-BAF0-0B137B396841}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C01FA77-1C23-4EE4-BAF0-0B137B396841}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5BD808F-1D33-4F4E-896B-B88CC1A270A8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5BD808F-1D33-4F4E-896B-B88CC1A270A8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A807AAC8-E2F8-4260-87E1-F88D18904C5C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A807AAC8-E2F8-4260-87E1-F88D18904C5C}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording =&gt; C:\WINDOWS\ehome\ehrec.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording =&gt; C:\WINDOWS\ehome\ehrec.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8E7CE45-109C-484E-95DF-91C4492297CB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8E7CE45-109C-484E-95DF-91C4492297CB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B26E128E-65D3-48B3-A7C1-9AC244D3AE6C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B26E128E-65D3-48B3-A7C1-9AC244D3AE6C}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B99464D2-5748-4A55-B85E-FC6F0EFDA46B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99464D2-5748-4A55-B85E-FC6F0EFDA46B}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3090918-B8E7-4C30-BDE4-AEBD5EE51B80}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3090918-B8E7-4C30-BDE4-AEBD5EE51B80}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry =&gt; C:\WINDOWS\ehome\MCUpdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry =&gt; C:\WINDOWS\ehome\MCUpdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1E6D24E-F3B0-4D45-B1EE-9C9CC0010FA7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1E6D24E-F3B0-4D45-B1EE-9C9CC0010FA7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7C8F56B-A10C-4F59-9C69-69157004F140}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7C8F56B-A10C-4F59-9C69-69157004F140}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask =&gt; C:\WINDOWS\ehome\mcupdate.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E8AB73BA-73D7-42CF-8CA3-10751DCB1723}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8AB73BA-73D7-42CF-8CA3-10751DCB1723}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart =&gt; C:\WINDOWS\ehome\ehrec.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart =&gt; C:\WINDOWS\ehome\ehrec.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E94C11F8-A61F-493F-94B6-8515CCBB4AA7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E94C11F8-A61F-493F-94B6-8515CCBB4AA7}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E95505C6-872D-473D-AC2C-7692FF6D26A0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E95505C6-872D-473D-AC2C-7692FF6D26A0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0FB4C42-F6BC-4880-9EA8-4739BF982845}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0FB4C42-F6BC-4880-9EA8-4739BF982845}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3D393C6-177D-4988-B420-3D31275CF599}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3D393C6-177D-4988-B420-3D31275CF599}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F51F1630-996E-4691-94A3-D20561D63098}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F51F1630-996E-4691-94A3-D20561D63098}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F854FCCC-E800-46C9-8D9D-27A54CC0FB70}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F854FCCC-E800-46C9-8D9D-27A54CC0FB70}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1 =&gt; C:\WINDOWS\ehome\ehPrivJob.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAB69052-EB3C-44CF-8D90-3F104BDB56AD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAB69052-EB3C-44CF-8D90-3F104BDB56AD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDA7D4BE-D22C-4002-B62F-869962AAC39E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDA7D4BE-D22C-4002-B62F-869962AAC39E}" => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\Software\Microsoft\Windows\CurrentVersion\Run\\59c9f93e" => removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
EsgShKernel => service not found.
ShMonitor => service not found.
EnigmaFileMonDriver => service not found.
"C:\Users\Public\Desktop\SpyHunter5.lnk" => not found
"C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys" => not found
C:\ProgramData\bVnHrt => moved successfully
C:\ProgramData\vFrJrqLG => moved successfully
C:\ProgramData\ZwbEgv => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft" => not found
"C:\ProgramData\EnigmaSoft Limited" => not found
"C:\Program Files\EnigmaSoft" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2869096185-1707726864-3217315644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 3 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 4 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 4:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::7ce2:cd6e:c81d:b60b%20
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.13
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{446E9633-696F-4BD2-9289-D56EE559FD01} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18811154 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/drivers => 240539 B
Edge => 236544 B
Chrome => 105547824 B
Firefox => 30920852 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 7676274 B
systemprofile32 => 0 B
LocalService => 9222 B
LocalService => 0 B
NetworkService => 19486 B
NetworkService => 0 B
Vero => 53324520 B

RecycleBin => 0 B
EmptyTemp: => 216.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:11:37 ====

Hola.

Imagino que tu problema ya NO aparece.??

APAGA totalmente el equipo y lo enciendes de nuevo, repitelo TRES veces seguidas y nos comentas como sigue tu problema para que te podamos dar los ultimo pasos que debes hacer.

Saludos.

Hola, aparentemente no… la cpu no se pone a mil y parece que todo funciona con normalidad. Un millón de gracias por tu ayuda Javier!!!

Perfecto :+1: excelente, nos alegra ver que ya está el problema inicial completamente arreglado, ahora solo queda eliminar las herramientas usadas.

Para hacerlo descarga :arrow_forward: DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.


Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos. :+1:

Tema Solucionado.

Saludos, Javier.