Url muy extraña sec-surf.com

Morayma_Nazari · 26 Mayo, 2019 18:57

Hola a todos/as y gracias

Desde hace unos dias, cuando enciendo mi PC y abro mi navegador web (Google Chrome). Aparece como es lógico, mi página de inicio. Que en este caso, es la de Google. Pero lo extraño, es que aparece con una URL muy rara que os paso a mostrar a continuación:

Al principio, pensé que esto se debía a que se me instaló automáticamente (o yo no recuerdo qué hice exactamente para que se me instalara) de Mcafree Segurity y que al desinstalara, el problema se sulucionaría pero no, aún persiste.

Además, ahora cada vez que abro una nueva pestaña, tengo que iniciar sesión con mi cuenta de Google.

Saludos y gracias.

SanMar · 23 Mayo, 2019 16:21

Hola @Morayma_Nazari

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos:

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes

No olvides actualizarlo.
Lee detenidamente su Manual
Realiza un Análisis Personalizado marcando todas las unidades
Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
Reinicias el Sistema.
En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: ¿Como Pegar reportes en el Foro?

Nos comentas.

Salu2

Morayma_Nazari · 23 Mayo, 2019 19:56

~ ZHPCleaner v2019.5.19.67 by Nicolas Coolman (2019/05/19)
~ Run by Usuario (Administrator)  (23/05/2019 21:04:19)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\Usuario\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Usuario\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 17134)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (1)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (167)

Morayma_Nazari · 23 Mayo, 2019 20:29

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-23-2019
# Duration: 00:00:25
# OS:       Windows 10 Pro
# Scanned:  27335
# Detected: 15


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.WebBar             C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.InstallCore        HKCU\Software\csastats
PUP.Optional.Legacy             HKCU\Software\WebDiscoverBrowser
PUP.Optional.Legacy             HKLM\Software\WebDiscoverBrowser
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\WebDiscoverBrowser
PUP.Optional.Legacy             HKU\.DEFAULT\Software\WebDiscoverBrowser
PUP.Optional.Legacy             HKU\S-1-5-18\Software\WebDiscoverBrowser
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\format-factory-portable.softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\format-factory.softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\format-factory-portable.softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\format-factory.softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.softonic.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Morayma_Nazari · 23 Mayo, 2019 21:35

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 23/5/19
Hora del análisis: 21:16
Archivo de registro: 39c77c4e-7d8f-11e9-a4e1-d8cb8a33b553.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.586
Versión del paquete de actualización: 1.0.10742
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.765)
CPU: x64
Sistema de archivos: NTFS
Usuario: USUARIO-PC\Usuario

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 308325
Amenazas detectadas: 2
Amenazas en cuarentena: 2
Tiempo transcurrido: 5 min, 19 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 1
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{93B1BCDC-2432-495B-B252-5F97DB85861B}, En cuarentena, [5965], [580173],1.0.10742

Valor del registro: 1
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{93B1BCDC-2432-495B-B252-5F97DB85861B}|PATH, En cuarentena, [5965], [580173],1.0.10742

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Hola. El problema aún persiste. He observado que al hacer click en el icono de Chrome, mientras se carga la página de inicio, en la barra de direcciones, aparece una dirección web: www.sec-surf .com

SanMar · 23 Mayo, 2019 21:34

Hola @Morayma_Nazari

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer, pulsamos Yes
En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

Morayma_Nazari · 23 Mayo, 2019 22:16

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05.2019
Ran by Usuario (administrator) on USUARIO-PC (MSI MS-7817) (24-05-2019 00:06:56)
Running from C:\Users\Usuario\Desktop
Loaded Profiles: Usuario (Available Profiles: Usuario)
Platform: Windows 10 Pro Version 1803 17134.765 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> ) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Jesús Cerquides - Francesc Sebastià) [File not signed] C:\Program Files (x86)\Euclides Grec Politònic\EuclidesGP.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(Logitech Inc -> Logitech Europe S.A.) C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
(Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Usuario\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\conhost.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\ctfmon.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\dwm.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\notepad.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\notepad.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\notepad.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\sihost.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\spoolsv.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\VSSVC.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\wbem\WmiPrvSE.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\wbem\WmiPrvSE.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\WUDFHost.exe
(Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952216 2000-01-01] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [32256 2018-04-12] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [27136 2018-04-12] (Microsoft Corporation) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-932762285-3625409212-74071954-1000\...\Run: [Spotify] => C:\Users\Usuario\AppData\Roaming\Spotify\Spotify.exe [26062056 2019-05-20] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-932762285-3625409212-74071954-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-932762285-3625409212-74071954-1000\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-932762285-3625409212-74071954-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\Screensavers\Vintage_.scr [2041209 2019-02-01] () [File not signed]
HKLM\...\Providers\Internet Print Provider: C:\WINDOWS\system32\inetpp.dll [174080 2018-04-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\WINDOWS\system32\vfwwdm32.dll [67072 2018-04-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.MJPG] => C:\Windows\SysWOW64\Pvmjpg30.dll [401408 2005-07-12] (Pegasus Imaging Corporation) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-23] (Google LLC -> Google Inc.)
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-05-31]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (No File)
Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Euclides Grec Politònic.lnk [2019-01-08]
ShortcutTarget: Euclides Grec Politònic.lnk -> C:\Program Files (x86)\Euclides Grec Politònic\EuclidesGP.exe (Jesús Cerquides - Francesc Sebastià) [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0502FDB8-7989-482A-938D-8A6AEF690BB4} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\WINDOWS\System32\LocationNotificationWindows.exe [66048 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {14354976-0E33-4D42-B80B-CF0F29A5B84A} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization => C:\WINDOWS\system32\defrag.exe [185856 2018-04-12] (Microsoft Corp.) [File not signed]
Task: {1564FC25-99E4-40F9-9798-605998458F1C} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\WINDOWS\system32\DFDWiz.exe [52224 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {1F247C3C-4934-4537-BAC4-F9B881FD415B} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck => C:\WINDOWS\system32\appidcertstorecheck.exe [19456 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {2A37DB51-0EC8-4E76-8BB9-F8DB8319AFEE} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\WINDOWS\system32\appidpolicyconverter.exe [160256 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {2A9EAE2C-DE80-46B2-9AF1-F80C920992AC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
Task: {2CA45A2B-D5CC-4625-B245-759CD060BB2A} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\WINDOWS\system32\srtasks.exe [56832 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {315D269F-3072-4439-BB3C-6380CF3886E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-10] (Google Inc -> Google Inc.)
Task: {34506FBC-34AE-4295-BAD9-7A193F11D4C2} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [437248 2018-04-12] () [File not signed]
Task: {37D00957-5D2F-4241-B927-EB89CF2CF5BD} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\WINDOWS\System32\WindowsActionDialog.exe [59392 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {398D9726-EED1-45A3-AE64-9E96A26F1976} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {43D4F575-32F4-4AA2-8BEE-10EA2E50CB0C} - System32\Tasks\Microsoft\Windows\Workplace Join\Recovery-Check => C:\WINDOWS\System32\dsregcmd.exe [704512 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {535F9B7A-CFC6-4433-86C8-0215D89E2A88} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\WINDOWS\system32\RAServer.exe [128000 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {55DDD943-9433-4595-8954-E70488AC789C} - System32\Tasks\Microsoft\Windows\DirectX\DXGIAdapterCache => C:\WINDOWS\system32\dxgiadaptercache.exe [45568 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {5C2A0B84-E780-4A75-A8D0-3071693E09AA} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\WINDOWS\system32\BthUdTask.exe [40448 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {6867774E-C73F-4604-95F3-F2E609519C21} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\WINDOWS\system32\usoclient.exe [40960 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {6E6767A6-A214-474E-AAFD-4F1C3CD82A1A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\WINDOWS\system32\usoclient.exe [40960 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {7AF5D7A1-F52F-4385-A018-7E504FC90F86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {84BFA8B5-1027-4E25-80AF-262D28CBFB94} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\WINDOWS\System32\drvinst.exe [166912 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {8DA8D982-458E-4B95-8C0D-FB2C109E8D53} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\WINDOWS\system32\SpaceAgent.exe [130560 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {8FCEA16D-88D2-426E-BD5C-7ED3B4C13500} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload => C:\WINDOWS\system32\dmclient.exe [102400 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {9232D7C9-B044-47F7-AD9C-F7202AF624FA} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\WINDOWS\system32\defrag.exe [185856 2018-04-12] (Microsoft Corp.) [File not signed]
Task: {93D1D503-8E33-4372-A09D-E7E2B2D2D698} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9D9600BC-8C05-43FE-9070-FD0970EF98F6} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\WINDOWS\system32\MDMAgent.exe [109056 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {A3541FA4-5056-4113-95EF-59BC4E2D065A} - System32\Tasks\Microsoft\Windows\Chkdsk\SyspartRepair => C:\WINDOWS\system32\bcdboot.exe [213504 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {A74C95C8-AE84-427A-98BF-CE0D94631D65} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\WINDOWS\system32\spaceman.exe [35328 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {A7B5E6A7-ADC2-4B70-896B-3D91B3734B46} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\WINDOWS\system32\lpremove.exe [43008 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {AA4E51D3-54B4-4F7B-972A-2AA85C6A049B} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [69120 2018-04-11] (Microsoft Corporation) [File not signed]
Task: {B33599FD-B45D-471B-ABB4-DD01FDBD4728} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\WINDOWS\System32\dsregcmd.exe [704512 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {BBA7A142-2598-425B-9669-B67FCB5AE992} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [62464 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {D05D6568-4495-44A2-B345-91AC6BB7BEDC} - System32\Tasks\Opera scheduled Autoupdate 1551298084 => C:\Users\Usuario\AppData\Local\Programs\Opera\launcher.exe
Task: {D2D0D155-C307-4F29-844B-A4851C59F67F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-10] (Google Inc -> Google Inc.)
Task: {D6BDC6FF-5B52-4DA3-8976-B3AE2360E6D4} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [219648 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {E56CA438-B8D4-4612-8CFA-E3A56A970895} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\WINDOWS\system32\disksnapshot.exe [91136 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {ED0238B7-E407-4034-80A2-8FA1DB9390EF} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\WINDOWS\System32\XblGameSaveTask.exe [31744 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {F3F5DF62-F9CF-424A-81E0-1CD0321AE811} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_pepper.exe [1452600 2019-05-14] (Adobe Inc. -> Adobe)
Task: {F945DE7F-D233-4488-B442-BABFEC742706} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe [114688 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {FCA913E4-F409-49DB-B5CC-9D767049F654} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\WINDOWS\System32\wsqmcons.exe [91136 2018-04-12] (Microsoft Corporation) [File not signed]
Task: {FDF66687-0506-4ABB-82A4-5E74A0367CBF} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\WINDOWS\system32\dmclient.exe [102400 2018-04-12] (Microsoft Corporation) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{20fe0c3b-b910-497d-a576-5fc998b2d300}: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{85db9ee8-2f51-438f-91ce-b02ec4aee5ae}: [NameServer] 8.8.8.8,8.8.4.4

Morayma_Nazari · 23 Mayo, 2019 22:21

Internet Explorer:
==================
HKU\S-1-5-21-932762285-3625409212-74071954-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sec-surf.com/
SearchScopes: HKU\S-1-5-21-932762285-3625409212-74071954-1000 -> DefaultScope {11BBFDBF-A35D-416F-858D-75094198505D} URL = hxxp://www.sec-surf.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-932762285-3625409212-74071954-1000 -> {11BBFDBF-A35D-416F-858D-75094198505D} URL = hxxp://www.sec-surf.com/search?q={searchTerms}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-04-30] (McAfee, Inc. -> McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-04-30] (McAfee, Inc. -> McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll [2018-04-12] (Microsoft Corporation) [File not signed]
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2018-04-12] (Microsoft Corporation) [File not signed]
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll [2018-04-12] (Microsoft Corporation) [File not signed]
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2018-04-12] (Microsoft Corporation) [File not signed]
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2018-04-12] (Microsoft Corporation) [File not signed]
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2018-04-12] (Microsoft Corporation) [File not signed]
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2018-04-12] (Microsoft Corporation) [File not signed]
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2018-04-12] (Microsoft Corporation) [File not signed]
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2018-04-12] (Microsoft Corporation) [File not signed]
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2018-04-12] (Microsoft Corporation) [File not signed]

Morayma_Nazari · 23 Mayo, 2019 22:22

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-932762285-3625409212-74071954-1000 -> hxxp://www.sec-surf.com/

FireFox:
========
FF DefaultProfile: chq04jl7.default
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\chq04jl7.default [2019-05-23]
FF Homepage: Mozilla\Firefox\Profiles\chq04jl7.default -> hxxp://www.sec-surf.com/
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-04-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-04-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-04-30] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-04-30] <==== ATTENTION

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.sec-surf.com/
CHR StartupUrls: Default -> "hxxp://www.sec-surf.com/"
CHR DefaultSearchURL: Default -> hxxp://www.sec-surf.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> buscar
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2019-05-24]
CHR Extension: (Presentaciones) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-10]
CHR Extension: (Duolingo en la web) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2019-02-01]
CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-10]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-10]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-10]
CHR Extension: (Hojas de cálculo) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-10]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-10]
CHR Extension: (Player para ver Movistar+) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenfcfndncbbggmafjjeihkdclggbojn [2019-03-06]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-10]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

Morayma_Nazari · 23 Mayo, 2019 22:24

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AJRouter; C:\WINDOWS\System32\AJRouter.dll [25088 2018-04-12] (Microsoft Corporation) [File not signed]
S3 ALG; C:\WINDOWS\System32\alg.exe [91136 2018-04-12] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\WINDOWS\System32\appidsvc.dll [77312 2018-04-12] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\WINDOWS\System32\appinfo.dll [166912 2018-04-12] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [197120 2018-04-12] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\WINDOWS\SysWOW64\appmgmts.dll [164864 2018-04-12] (Microsoft Corporation) [File not signed]
S3 AssignedAccessManagerSvc; C:\WINDOWS\System32\assignedaccessmanagersvc.dll [604672 2018-04-12] (Microsoft Corporation) [File not signed]
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-03-01] (Kaspersky Lab -> AO Kaspersky Lab)
S3 AxInstSV; C:\WINDOWS\System32\AxInstSV.dll [110080 2018-04-12] (Microsoft Corporation) [File not signed]
R2 BITS; C:\WINDOWS\System32\qmgr.dll [1374208 2018-04-12] (Microsoft Corporation) [File not signed]
S3 BluetoothUserService; C:\WINDOWS\System32\Microsoft.Bluetooth.UserService.dll [464384 2018-04-12] (Microsoft Corporation) [File not signed]
R3 CryptSvc; C:\WINDOWS\system32\cryptsvc.dll [94720 2018-04-12] (Microsoft Corporation) [File not signed]
S3 DeviceInstall; C:\WINDOWS\system32\umpnpmgr.dll [119296 2018-04-12] (Microsoft Corporation) [File not signed]
S3 DevicePickerUserSvc; C:\WINDOWS\System32\Windows.Devices.Picker.dll [400896 2018-04-12] (Microsoft Corporation) [File not signed]
S3 DevicePickerUserSvc; C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll [312832 2018-04-12] (Microsoft Corporation) [File not signed]
S3 DevicesFlowUserSvc; C:\WINDOWS\System32\DevicesFlowBroker.dll [750080 2018-04-12] (Microsoft Corporation) [File not signed]
S3 DevQueryBroker; C:\WINDOWS\system32\DevQueryBroker.dll [33792 2018-04-12] (Microsoft Corporation) [File not signed]
S3 diagsvc; C:\WINDOWS\system32\DiagSvc.dll [219648 2018-04-12] (Microsoft Corporation) [File not signed]
S3 dmwappushservice; C:\WINDOWS\system32\dmwappushsvc.dll [57856 2018-04-12] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\WINDOWS\System32\dot3svc.dll [252928 2018-04-12] (Microsoft Corporation) [File not signed]
R2 DPS; C:\WINDOWS\system32\dps.dll [168448 2018-04-12] (Microsoft Corporation) [File not signed]
S3 Eaphost; C:\WINDOWS\System32\eapsvc.dll [109568 2018-04-12] (Microsoft Corporation) [File not signed]
S3 EFS; C:\WINDOWS\system32\efssvc.dll [58880 2018-04-12] (Microsoft Corporation) [File not signed]
S3 embeddedmode; C:\WINDOWS\System32\embeddedmodesvc.dll [167424 2018-04-12] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\WINDOWS\system32\es.dll [486400 2018-04-12] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [331264 2018-04-12] (Microsoft Corporation) [File not signed]
S3 Fax; C:\WINDOWS\system32\fxssvc.exe [642048 2018-04-12] (Microsoft Corporation) [File not signed]
S3 fdPHost; C:\WINDOWS\system32\fdPHost.dll [20992 2018-04-12] (Microsoft Corporation) [File not signed]
S3 FDResPub; C:\WINDOWS\system32\fdrespub.dll [34816 2018-04-12] (Microsoft Corporation) [File not signed]
S3 fhsvc; C:\WINDOWS\system32\fhsvc.dll [121344 2018-04-12] (Microsoft Corporation) [File not signed]
S3 GraphicsPerfSvc; C:\WINDOWS\System32\GraphicsPerfSvc.dll [90624 2018-04-12] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\WINDOWS\system32\hidserv.dll [33792 2018-04-12] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [29696 2018-04-12] (Microsoft Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel(R) pGFX -> Intel Corporation)
R2 iphlpsvc; C:\WINDOWS\System32\iphlpsvc.dll [786432 2018-04-12] (Microsoft Corporation) [File not signed]
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [63488 2018-04-12] (Microsoft Corporation) [File not signed]
S3 irmon; C:\WINDOWS\System32\irmon.dll [24576 2018-04-12] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\WINDOWS\system32\keyiso.dll [89088 2018-04-12] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [70656 2018-04-12] (Microsoft Corporation) [File not signed]
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2019-01-07] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-03-01] (Kaspersky Lab -> AO Kaspersky Lab)
S3 KtmRm; C:\WINDOWS\system32\msdtckrm.dll [368128 2018-04-12] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\WINDOWS\system32\srvsvc.dll [271360 2018-04-12] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\WINDOWS\System32\wkssvc.dll [271872 2018-04-12] (Microsoft Corporation) [File not signed]
R3 lfsvc; C:\WINDOWS\System32\lfsvc.dll [44544 2018-04-12] (Microsoft Corporation) [File not signed]
R3 LicenseManager; C:\WINDOWS\system32\LicenseManagerSvc.dll [48640 2018-04-12] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\WINDOWS\System32\lltdsvc.dll [269312 2018-04-12] (Microsoft Corporation) [File not signed]
R3 lmhosts; C:\WINDOWS\System32\lmhsvc.dll [26112 2018-04-12] (Microsoft Corporation) [File not signed]
R2 LSM; C:\WINDOWS\System32\lsm.dll [671744 2018-04-12] (Microsoft Corporation) [File not signed]
S3 LxpSvc; C:\WINDOWS\System32\LanguageOverlayServer.dll [199680 2018-04-12] (Microsoft Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899640 2019-04-30] (McAfee, Inc. -> McAfee, Inc.)
S3 MessagingService; C:\WINDOWS\System32\MessagingService.dll [52224 2018-04-12] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [148480 2018-04-12] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\WINDOWS\system32\iscsiexe.dll [150528 2018-04-12] (Microsoft Corporation) [File not signed]
S3 NaturalAuthentication; C:\WINDOWS\System32\NaturalAuth.dll [824832 2018-04-12] (Microsoft Corporation) [File not signed]
S3 NcaSvc; C:\WINDOWS\System32\ncasvc.dll [167936 2018-04-12] (Microsoft Corporation) [File not signed]
R3 NcbService; C:\WINDOWS\System32\ncbservice.dll [376832 2018-04-12] (Microsoft Corporation) [File not signed]
S3 NcdAutoSetup; C:\WINDOWS\System32\NcdAutoSetup.dll [88064 2018-04-12] (Microsoft Corporation) [File not signed]
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-19] (Logitech Inc -> Logitech)
S3 Netman; C:\WINDOWS\System32\netman.dll [262656 2018-04-12] (Microsoft Corporation) [File not signed]
S3 NetSetupSvc; C:\WINDOWS\System32\NetSetupSvc.dll [335360 2018-04-12] (Microsoft Corporation) [File not signed]
S3 NgcCtnrSvc; C:\WINDOWS\System32\NgcCtnrSvc.dll [582144 2018-04-12] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\WINDOWS\System32\nlasvc.dll [367616 2018-04-12] (Microsoft Corporation) [File not signed]
S2 OneSyncSvc; C:\WINDOWS\System32\APHostService.dll [324608 2018-04-10] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\WINDOWS\system32\pnrpsvc.dll [343552 2018-04-12] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\WINDOWS\system32\p2psvc.dll [424960 2018-04-12] (Microsoft Corporation) [File not signed]
S2 PCLEPCI; C:\WINDOWS\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
S3 PeerDistSvc; C:\WINDOWS\system32\peerdistsvc.dll [1967104 2018-04-12] (Microsoft Corporation) [File not signed]
S3 PerfHost; C:\WINDOWS\SysWow64\perfhost.exe [21504 2018-04-12] (Microsoft Corporation) [File not signed]
S3 PimIndexMaintenanceSvc; C:\WINDOWS\System32\PimIndexMaintenance.dll [185856 2018-04-12] (Microsoft Corporation) [File not signed]
S3 pla; C:\WINDOWS\system32\pla.dll [1463296 2018-04-12] (Microsoft Corporation) [File not signed]
S3 pla; C:\WINDOWS\SysWOW64\pla.dll [1537536 2018-04-12] (Microsoft Corporation) [File not signed]
R3 PlugPlay; C:\WINDOWS\system32\umpnpmgr.dll [119296 2018-04-12] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\WINDOWS\system32\pnrpauto.dll [26624 2018-04-12] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\WINDOWS\system32\pnrpsvc.dll [343552 2018-04-12] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\WINDOWS\System32\ipsecsvc.dll [441856 2018-04-12] (Microsoft Corporation) [File not signed]
R2 Power; C:\WINDOWS\system32\umpo.dll [152576 2018-04-12] (Microsoft Corporation) [File not signed]
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3441152 2018-04-12] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\WINDOWS\system32\qwave.dll [278016 2018-04-12] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [236032 2018-04-12] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [104960 2018-04-12] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [155648 2018-04-12] (Microsoft Corporation) [File not signed]
S3 RetailDemo; C:\WINDOWS\system32\RDXService.dll [681984 2018-04-12] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\WINDOWS\System32\RpcEpMap.dll [78336 2018-04-12] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [10752 2018-04-12] (Microsoft Corporation) [File not signed]
S3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1248768 2018-04-12] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\System32\sens.dll [73216 2018-04-12] (Microsoft Corporation) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1273344 2018-04-12] (Microsoft Corporation) [File not signed]
S3 SensorService; C:\WINDOWS\system32\SensorService.dll [712192 2018-04-12] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\WINDOWS\system32\sessenv.dll [397312 2018-04-12] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [346112 2018-04-12] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [604672 2018-04-12] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [613376 2018-04-12] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [564736 2018-04-12] (Microsoft Corporation) [File not signed]
S4 shpamsvc; C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [195584 2018-04-12] (Microsoft Corporation) [File not signed]
S3 smphost; C:\WINDOWS\System32\smphost.dll [23552 2018-04-12] (Microsoft Corporation) [File not signed]
S3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [20992 2018-04-12] (Microsoft Corporation) [File not signed]
S3 SmsRouter; C:\WINDOWS\system32\SmsRouterSvc.dll [590336 2018-04-12] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15360 2018-04-12] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [768512 2018-04-12] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [228864 2018-04-12] (Microsoft Corporation) [File not signed]
R3 SstpSvc; C:\WINDOWS\system32\sstpsvc.dll [207872 2018-04-12] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\System32\wiaservc.dll [611840 2018-04-12] (Microsoft Corporation) [File not signed]
S3 svsvc; C:\WINDOWS\system32\svsvc.dll [13824 2018-04-12] (Microsoft Corporation) [File not signed]
R3 swprv; C:\WINDOWS\System32\swprv.dll [467456 2018-04-12] (Microsoft Corporation) [File not signed]
R3 TabletInputService; C:\WINDOWS\System32\TabSvc.dll [221696 2018-04-12] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [308224 2018-04-12] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [254464 2018-04-12] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\system32\themeservice.dll [69632 2018-04-12] (Microsoft Corporation) [File not signed]
S3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [303616 2018-04-12] (Microsoft Corporation) [File not signed]
R3 TimeBrokerSvc; C:\WINDOWS\System32\TimeBrokerServer.dll [176128 2018-04-12] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\System32\trkwks.dll [110592 2018-04-12] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\WINDOWS\servicing\TrustedInstaller.exe [131584 2018-04-11] (Microsoft Corporation) [File not signed]
S4 UevAgentService; C:\WINDOWS\system32\AgentService.exe [1189376 2018-04-12] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\WINDOWS\System32\umrdp.dll [367104 2018-04-12] (Microsoft Corporation) [File not signed]
S3 UnistoreSvc; C:\WINDOWS\System32\unistore.dll [1220096 2018-04-12] (Microsoft Corporation) [File not signed]
S3 UnistoreSvc; C:\WINDOWS\SysWOW64\unistore.dll [965632 2018-04-12] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [451072 2018-04-12] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [331264 2018-04-12] (Microsoft Corporation) [File not signed]
S3 UserDataSvc; C:\WINDOWS\System32\userdataservice.dll [1495040 2018-04-12] (Microsoft Corporation) [File not signed]
R2 UserManager; C:\WINDOWS\System32\usermgr.dll [1027584 2018-04-12] (Microsoft Corporation) [File not signed]
R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [345600 2018-04-12] (Microsoft Corporation) [File not signed]
S3 vds; C:\WINDOWS\System32\vds.exe [642560 2018-04-12] (Microsoft Corporation) [File not signed]
R3 VSS; C:\WINDOWS\system32\vssvc.exe [1540096 2018-04-12] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\WINDOWS\system32\w32time.dll [579584 2018-04-12] (Microsoft Corporation) [File not signed]
S3 WalletService; C:\WINDOWS\system32\WalletService.dll [427520 2018-04-12] (Microsoft Corporation) [File not signed]
S3 WarpJITSvc; C:\WINDOWS\System32\Windows.WARP.JITService.dll [31744 2018-04-12] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\WINDOWS\System32\wcncsvc.dll [468992 2018-04-12] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\WINDOWS\system32\wdi.dll [99840 2018-04-12] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2018-04-12] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\WINDOWS\system32\wdi.dll [99840 2018-04-12] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2018-04-12] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-01-06] (Microsoft Corporation -> Microsoft Corporation)
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [217088 2018-04-12] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [191488 2018-04-12] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\WINDOWS\system32\wecsvc.dll [202240 2018-04-12] (Microsoft Corporation) [File not signed]
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [27136 2018-04-12] (Microsoft Corporation) [File not signed]
S3 WiaRpc; C:\WINDOWS\System32\wiarpc.dll [81920 2018-04-12] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-01-06] (Microsoft Corporation -> Microsoft Corporation)
R2 Winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [224256 2018-04-12] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\WINDOWS\system32\WsmSvc.dll [2612736 2018-04-12] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2378752 2018-04-12] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [203264 2018-04-12] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1184256 2018-04-11] (Microsoft Corporation) [File not signed]
R2 WpnService; C:\WINDOWS\system32\WpnService.dll [280576 2018-04-12] (Microsoft Corporation) [File not signed]
S2 WpnUserService; C:\WINDOWS\System32\WpnUserService.dll [96768 2018-04-12] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\System32\wscsvc.dll [266240 2018-04-12] (Microsoft Corporation) [File not signed]
S3 XblAuthManager; C:\WINDOWS\System32\XblAuthManager.dll [1115648 2018-04-12] (Microsoft Corporation) [File not signed]
S3 XblGameSave; C:\WINDOWS\System32\XblGameSave.dll [1308672 2018-04-12] (Microsoft Corporation) [File not signed]
S3 XboxGipSvc; C:\WINDOWS\System32\XboxGipSvc.dll [58880 2018-04-12] (Microsoft Corporation) [File not signed]
S3 XboxNetApiSvc; C:\WINDOWS\system32\XboxNetApiSvc.dll [1148928 2018-04-12] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\WINDOWS\System32\drivers\1394ohci.sys [237568 2018-04-12] (Microsoft Corporation) [File not signed]
S3 AcpiDev; C:\WINDOWS\System32\drivers\AcpiDev.sys [20480 2018-04-12] (Microsoft Corporation) [File not signed]
S3 acpipagr; C:\WINDOWS\System32\drivers\acpipagr.sys [12800 2018-04-12] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\WINDOWS\System32\drivers\acpipmi.sys [14848 2018-04-12] (Microsoft Corporation) [File not signed]
S3 acpitime; C:\WINDOWS\System32\drivers\acpitime.sys [13824 2018-04-12] (Microsoft Corporation) [File not signed]
R1 afunix; C:\WINDOWS\system32\drivers\afunix.sys [39424 2018-04-12] (Microsoft Corporation) [File not signed]
R1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2018-04-12] (Microsoft Corporation) [File not signed]
R1 ahcache; C:\WINDOWS\System32\DRIVERS\ahcache.sys [254464 2018-04-12] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\drivers\asyncmac.sys [28672 2018-04-12] (Microsoft Corporation) [File not signed]
R1 BasicDisplay; C:\WINDOWS\System32\drivers\BasicDisplay.sys [63488 2018-04-12] (Microsoft Corporation) [File not signed]
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [34816 2018-04-12] (Microsoft Corporation) [File not signed]
S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2018-04-12] (Windows (R) Win 7 DDK provider) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [10240 2018-04-12] (Microsoft Corporation) [File not signed]
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [86528 2018-04-12] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [67072 2018-04-12] (Microsoft Corporation) [File not signed]
R3 BthPan; C:\WINDOWS\System32\drivers\bthpan.sys [129536 2018-04-12] (Microsoft Corporation) [File not signed]
S3 buttonconverter; C:\WINDOWS\System32\drivers\buttonconverter.sys [39936 2018-04-12] (Microsoft Corporation) [File not signed]
S3 CapImg; C:\WINDOWS\System32\drivers\capimg.sys [123392 2018-04-12] (Microsoft Corporation) [File not signed]
S3 circlass; C:\WINDOWS\System32\drivers\circlass.sys [49152 2018-04-12] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\WINDOWS\System32\drivers\CmBatt.sys [32256 2018-04-12] (Microsoft Corporation) [File not signed]
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 CompositeBus; C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys [40448 2018-04-12] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dot4; C:\WINDOWS\System32\drivers\Dot4.sys [151968 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
R3 dot4usb; C:\WINDOWS\System32\drivers\dot4usb.sys [49056 2012-10-19] (Hewlett-Packard Company -> Microsoft Corporation)
S3 ErrDev; C:\WINDOWS\System32\drivers\errdev.sys [13824 2018-04-12] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 fdc; C:\WINDOWS\System32\drivers\fdc.sys [32768 2018-04-12] (Microsoft Corporation) [File not signed]
R1 FileCrypt; C:\WINDOWS\System32\drivers\filecrypt.sys [55808 2018-04-12] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\WINDOWS\System32\drivers\filetrace.sys [36352 2018-04-12] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\WINDOWS\System32\drivers\flpydisk.sys [26624 2018-04-12] (Microsoft Corporation) [File not signed]
S3 genericusbfn; C:\WINDOWS\System32\drivers\genericusbfn.sys [20992 2018-04-12] (Microsoft Corporation) [File not signed]
R1 GpuEnergyDrv; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [8192 2018-04-12] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\drivers\HDAudBus.sys [86016 2018-04-12] (Microsoft Corporation) [File not signed]
S3 hidi2c; C:\WINDOWS\System32\drivers\hidi2c.sys [54272 2018-04-12] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\WINDOWS\System32\drivers\hidir.sys [47104 2018-04-12] (Microsoft Corporation) [File not signed]
S3 HwNClx0101; C:\WINDOWS\System32\Drivers\mshwnclx.sys [27136 2018-04-12] (Microsoft Corporation) [File not signed]
S3 HyperVideo; C:\WINDOWS\System32\drivers\HyperVideo.sys [28672 2018-04-12] (Microsoft Corporation) [File not signed]
S3 i8042prt; C:\WINDOWS\System32\drivers\i8042prt.sys [105984 2018-04-12] (Microsoft Corporation) [File not signed]
S3 iagpio; C:\WINDOWS\System32\drivers\iagpio.sys [36864 2018-04-12] (Intel(R) Corporation) [File not signed]
S3 iai2c; C:\WINDOWS\System32\drivers\iai2c.sys [91648 2018-04-12] (Intel(R) Corporation) [File not signed]
S3 iaLPSS2i_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [79360 2018-04-12] (Intel Corporation) [File not signed]
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [88576 2018-04-12] (Intel Corporation) [File not signed]
S3 iaLPSS2i_I2C; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [171520 2018-04-12] (Intel Corporation) [File not signed]
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [174592 2018-04-12] (Intel Corporation) [File not signed]
S3 iaLPSSi_I2C; C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152 2018-04-12] (Intel Corporation) [File not signed]
S3 IndirectKmd; C:\WINDOWS\System32\drivers\IndirectKmd.sys [38912 2018-04-12] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [85504 2018-04-12] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\WINDOWS\System32\drivers\ipnat.sys [214528 2018-04-12] (Microsoft Corporation) [File not signed]
S3 IPT; C:\WINDOWS\System32\drivers\ipt.sys [32256 2018-04-12] (Microsoft Corporation) [File not signed]
S3 irda; C:\WINDOWS\system32\drivers\irda.sys [119808 2018-04-12] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\drivers\irenum.sys [19968 2018-04-12] (Microsoft Corporation) [File not signed]
R3 kbdhid; C:\WINDOWS\System32\drivers\kbdhid.sys [40448 2018-04-12] (Microsoft Corporation) [File not signed]
R3 kdnic; C:\WINDOWS\System32\drivers\kdnic.sys [23040 2018-04-12] (Microsoft Corporation) [File not signed]
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [75600 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [125568 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [91472 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [236672 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [1091920 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [190800 2019-03-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1168000 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [58704 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [60536 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [60784 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50304 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [46416 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48080 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [245272 2019-04-25] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [302368 2019-04-25] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116104 2019-04-25] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [198768 2019-05-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [104576 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [184960 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [218240 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 ksthunk; C:\WINDOWS\system32\drivers\ksthunk.sys [27136 2018-04-12] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\WINDOWS\System32\drivers\lltdio.sys [65024 2018-04-12] (Microsoft Corporation) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-05-23] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-05-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-05-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-05-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-05-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\System32\drivers\modem.sys [42496 2018-04-12] (Microsoft Corporation) [File not signed]
R3 monitor; C:\WINDOWS\System32\drivers\monitor.sys [44544 2018-04-12] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\drivers\mouhid.sys [33280 2018-04-12] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\WINDOWS\System32\drivers\mshidkmdf.sys [8704 2018-04-12] (Microsoft Corporation) [File not signed]
S3 mshidumdf; C:\WINDOWS\System32\drivers\mshidumdf.sys [11776 2018-04-12] (Microsoft Corporation) [File not signed]
R2 MsLldp; C:\WINDOWS\System32\drivers\mslldp.sys [84480 2018-04-12] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [10752 2018-04-12] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [10752 2018-04-12] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [12800 2018-04-12] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\WINDOWS\System32\drivers\MTConfig.sys [16896 2018-04-12] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\WINDOWS\System32\drivers\ndiscap.sys [53760 2018-04-12] (Microsoft Corporation) [File not signed]
S3 NdisImPlatform; C:\WINDOWS\System32\drivers\NdisImPlatform.sys [128512 2018-04-12] (Microsoft Corporation) [File not signed]
S3 Ndisuio; C:\WINDOWS\System32\drivers\ndisuio.sys [65024 2018-04-12] (Microsoft Corporation) [File not signed]
R3 NdisVirtualBus; C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [20992 2018-04-12] (Microsoft Corporation) [File not signed]
R2 Ndu; C:\WINDOWS\System32\drivers\Ndu.sys [128000 2018-04-12] (Microsoft Corporation) [File not signed]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [175104 2018-04-12] (Microsoft Corporation) [File not signed]
R1 npsvctrig; C:\WINDOWS\System32\drivers\npsvctrig.sys [26112 2018-04-12] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [7168 2018-04-12] (Microsoft Corporation) [File not signed]
S3 nvdimm; C:\WINDOWS\System32\drivers\nvdimm.sys [104448 2018-04-12] (Microsoft Corporation) [File not signed]
S3 Parport; C:\WINDOWS\System32\drivers\parport.sys [98816 2018-04-12] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\WINDOWS\System32\drivers\peauth.sys [726528 2018-04-12] (Microsoft Corporation) [File not signed]
S3 pmem; C:\WINDOWS\System32\drivers\pmem.sys [105984 2018-04-12] (Microsoft Corporation) [File not signed]
S3 PNPMEM; C:\WINDOWS\System32\drivers\pnpmem.sys [16896 2018-04-12] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\drivers\raspptp.sys [97280 2018-04-12] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\WINDOWS\system32\drivers\qwavedrv.sys [49152 2018-04-12] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [17408 2018-04-12] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\WINDOWS\System32\drivers\AgileVpn.sys [108032 2018-04-12] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\drivers\rasl2tp.sys [106496 2018-04-12] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [82944 2018-04-12] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\WINDOWS\System32\drivers\rassstp.sys [78848 2018-04-12] (Microsoft Corporation) [File not signed]
R3 rdpbus; C:\WINDOWS\System32\drivers\rdpbus.sys [27136 2018-04-12] (Microsoft Corporation) [File not signed]
R3 RFCOMM; C:\WINDOWS\System32\drivers\rfcomm.sys [193536 2018-04-12] (Microsoft Corporation) [File not signed]
S3 rhproxy; C:\WINDOWS\System32\drivers\rhproxy.sys [104448 2018-04-12] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\WINDOWS\System32\drivers\rspndr.sys [81920 2018-04-12] (Microsoft Corporation) [File not signed]
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2000-01-01] (Realtek Semiconductor Corp -> Realtek )
S3 s3cap; C:\WINDOWS\System32\drivers\vms3cap.sys [9216 2018-04-12] (Microsoft Corporation) [File not signed]
R3 Serenum; C:\WINDOWS\System32\drivers\serenum.sys [25088 2018-04-12] (Microsoft Corporation) [File not signed]
R3 Serial; C:\WINDOWS\System32\drivers\serial.sys [84992 2018-04-12] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\WINDOWS\System32\drivers\sermouse.sys [28160 2018-04-12] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\WINDOWS\System32\drivers\sfloppy.sys [17920 2018-04-12] (Microsoft Corporation) [File not signed]
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation) [File not signed]
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [42072 2000-01-01] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [42584 2000-01-01] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2017-01-16] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [43648 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 tcpipreg; C:\WINDOWS\System32\drivers\tcpipreg.sys [51712 2018-04-12] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\WINDOWS\System32\drivers\tsusbflt.sys [63488 2018-04-12] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\WINDOWS\System32\drivers\TsUsbGD.sys [35328 2018-04-12] (Microsoft Corporation) [File not signed]
S3 tsusbhub; C:\WINDOWS\System32\drivers\tsusbhub.sys [126464 2018-04-12] (Microsoft Corporation) [File not signed]
S3 tunnel; C:\WINDOWS\System32\drivers\tunnel.sys [119296 2018-04-12] (Microsoft Corporation) [File not signed]
S3 UcmCx0101; C:\WINDOWS\System32\Drivers\UcmCx.sys [128512 2018-04-12] (Microsoft Corporation) [File not signed]
S3 UcmTcpciCx0101; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [152576 2018-04-12] (Microsoft Corporation) [File not signed]
S3 UcmUcsi; C:\WINDOWS\System32\drivers\UcmUcsi.sys [57856 2018-04-12] (Microsoft Corporation) [File not signed]
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [45056 2018-04-12] (Microsoft Corporation) [File not signed]
R3 umbus; C:\WINDOWS\System32\drivers\umbus.sys [56832 2018-04-12] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\WINDOWS\System32\drivers\umpass.sys [14336 2018-04-12] (Microsoft Corporation) [File not signed]
R3 usbaudio; C:\WINDOWS\system32\drivers\usbaudio.sys [151552 2018-04-12] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\WINDOWS\System32\drivers\usbcir.sys [102912 2018-04-12] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\WINDOWS\System32\drivers\usbohci.sys [30208 2018-04-12] (Microsoft Corporation) [File not signed]
R3 usbprint; C:\WINDOWS\System32\drivers\usbprint.sys [27136 2018-04-12] (Microsoft Corporation) [File not signed]
S3 usbser; C:\WINDOWS\System32\drivers\usbser.sys [72192 2018-04-12] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\WINDOWS\System32\drivers\usbuhci.sys [35328 2018-04-12] (Microsoft Corporation) [File not signed]
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [236048 2018-12-18] (Oracle Corporation -> Oracle Corporation)
S3 VMBusHID; C:\WINDOWS\System32\drivers\VMBusHID.sys [25088 2018-04-12] (Microsoft Corporation) [File not signed]
S3 vwifibus; C:\WINDOWS\System32\drivers\vwifibus.sys [27136 2018-04-12] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\WINDOWS\System32\drivers\vwififlt.sys [76288 2018-04-12] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\WINDOWS\System32\drivers\wacompen.sys [30720 2018-04-12] (Microsoft Corporation) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2019-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2019-01-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-01-06] (Microsoft Windows -> Microsoft Corporation)
S3 WINUSB; C:\WINDOWS\System32\drivers\WinUSB.sys [92672 2018-04-12] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\WINDOWS\System32\drivers\wmiacpi.sys [18432 2018-04-12] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\WINDOWS\system32\drivers\ws2ifsl.sys [23040 2018-04-12] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\WINDOWS\System32\drivers\WudfPf.sys [125440 2018-04-12] (Microsoft Corporation) [File not signed]
R3 WUDFRd; C:\WINDOWS\System32\drivers\WudfRd.sys [264192 2018-04-12] (Microsoft Corporation) [File not signed]
R3 WUDFWpdFs; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [264192 2018-04-12] (Microsoft Corporation) [File not signed]
S3 xinputhid; C:\WINDOWS\System32\drivers\xinputhid.sys [46592 2018-04-12] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Morayma_Nazari · 23 Mayo, 2019 22:25

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-24 00:04 - 2019-05-24 00:06 - 000089818 _____ C:\Users\Usuario\Desktop\Addition.txt
2019-05-24 00:02 - 2019-05-24 00:07 - 000064079 _____ C:\Users\Usuario\Desktop\FRST.txt
2019-05-24 00:02 - 2019-05-24 00:06 - 000000000 ____D C:\FRST
2019-05-24 00:00 - 2019-05-24 00:00 - 002435072 _____ (Farbar) C:\Users\Usuario\Desktop\FRST64.exe
2019-05-23 21:25 - 2019-05-23 21:25 - 000000000 ___HD C:\OneDriveTemp
2019-05-23 21:24 - 2019-05-23 21:24 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-05-23 21:24 - 2019-05-23 21:24 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-05-23 21:24 - 2019-05-23 21:24 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-05-23 21:15 - 2019-05-23 21:24 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-05-23 21:15 - 2019-05-23 21:15 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-05-23 21:15 - 2019-05-23 21:15 - 000001872 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-23 21:15 - 2019-05-23 21:15 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbamtray
2019-05-23 21:15 - 2019-05-23 21:15 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbam
2019-05-23 21:15 - 2019-05-23 21:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-23 21:15 - 2019-05-23 21:15 - 000000000 ____D C:\Program Files\Malwarebytes
2019-05-23 21:15 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-05-23 21:15 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-23 21:14 - 2019-05-23 21:14 - 063448936 _____ (Malwarebytes ) C:\Users\Usuario\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.586-1.0.10710.exe
2019-05-23 21:04 - 2019-05-23 21:04 - 000019909 _____ C:\Users\Usuario\Desktop\ZHPCleaner (R).txt
2019-05-23 21:03 - 2019-05-23 21:03 - 000020539 _____ C:\Users\Usuario\Desktop\ZHPCleaner (S).txt
2019-05-23 20:57 - 2019-05-23 21:04 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ZHP
2019-05-23 20:57 - 2019-05-23 20:57 - 000000877 _____ C:\Users\Usuario\Desktop\ZHPCleaner.lnk
2019-05-23 20:57 - 2019-05-23 20:57 - 000000000 ____D C:\Users\Usuario\AppData\Local\ZHP
2019-05-23 20:56 - 2019-05-23 20:56 - 003149696 _____ C:\Users\Usuario\Desktop\ZHPCleaner.exe
2019-05-23 20:43 - 2019-05-23 20:43 - 007025360 _____ (Malwarebytes) C:\Users\Usuario\Desktop\adwcleaner_7.3 (1).exe
2019-05-23 20:41 - 2019-05-23 20:44 - 000000000 ____D C:\AdwCleaner
2019-05-23 17:35 - 2019-05-23 17:35 - 000021476 _____ C:\Users\Usuario\AppData\Local\recently-used.xbel
2019-05-14 20:09 - 2019-05-03 14:14 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-14 20:09 - 2019-05-03 14:14 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-05-14 20:09 - 2019-05-03 14:13 - 001376472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-14 20:09 - 2019-05-03 14:13 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-14 20:09 - 2019-05-03 13:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-14 20:09 - 2019-05-03 13:54 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-14 20:09 - 2019-05-03 13:52 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-14 20:09 - 2019-05-03 13:51 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-14 20:09 - 2019-05-03 13:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-14 20:09 - 2019-05-03 13:50 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-14 20:09 - 2019-05-03 13:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-14 20:09 - 2019-05-03 13:49 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-14 20:09 - 2019-05-03 13:49 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-14 20:09 - 2019-05-03 13:49 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-14 20:09 - 2019-05-03 13:43 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-14 20:09 - 2019-05-03 13:43 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-14 20:09 - 2019-05-03 13:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-14 20:09 - 2019-05-03 13:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-14 20:09 - 2019-05-03 13:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-14 20:09 - 2019-05-03 13:28 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-14 20:09 - 2019-05-03 13:27 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-14 20:09 - 2019-05-03 13:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-14 20:09 - 2019-05-03 13:25 - 004055040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-14 20:09 - 2019-05-03 13:25 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-14 20:09 - 2019-05-03 08:43 - 000177128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-14 20:09 - 2019-05-03 08:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-14 20:09 - 2019-05-03 08:34 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-14 20:09 - 2019-05-03 08:33 - 005625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-14 20:09 - 2019-05-03 08:33 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-14 20:09 - 2019-05-03 08:33 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-14 20:09 - 2019-05-03 08:33 - 000709720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-05-14 20:09 - 2019-05-03 08:33 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-14 20:09 - 2019-05-03 08:33 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-14 20:09 - 2019-05-03 08:33 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-14 20:09 - 2019-05-03 08:33 - 000063072 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-14 20:09 - 2019-05-03 08:32 - 000793640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-05-14 20:09 - 2019-05-03 08:32 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-14 20:09 - 2019-05-03 08:32 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-14 20:09 - 2019-05-03 08:32 - 000438984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-14 20:09 - 2019-05-03 08:32 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-14 20:09 - 2019-05-03 08:32 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-14 20:09 - 2019-05-03 08:32 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-14 20:09 - 2019-05-03 08:31 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-14 20:09 - 2019-05-03 08:31 - 007519888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-14 20:09 - 2019-05-03 08:31 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-14 20:09 - 2019-05-03 08:31 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-14 20:09 - 2019-05-03 08:31 - 002771256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-14 20:09 - 2019-05-03 08:31 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-14 20:09 - 2019-05-03 08:31 - 001260480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-14 20:09 - 2019-05-03 08:31 - 001141224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-14 20:09 - 2019-05-03 08:31 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-05-14 20:09 - 2019-05-03 08:31 - 000983632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-14 20:09 - 2019-05-03 08:31 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-14 20:09 - 2019-05-03 08:31 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-05-14 20:09 - 2019-05-03 08:31 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-14 20:09 - 2019-05-03 08:20 - 000434704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-14 20:09 - 2019-05-03 08:20 - 000384976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-14 20:09 - 2019-05-03 08:20 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-14 20:09 - 2019-05-03 08:20 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-14 20:09 - 2019-05-03 08:19 - 006043712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-14 20:09 - 2019-05-03 08:19 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-14 20:09 - 2019-05-03 08:19 - 000056288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-14 20:09 - 2019-05-03 08:18 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-14 20:09 - 2019-05-03 08:18 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-14 20:09 - 2019-05-03 08:18 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-05-14 20:09 - 2019-05-03 08:12 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-14 20:09 - 2019-05-03 08:10 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-14 20:09 - 2019-05-03 08:05 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-14 20:09 - 2019-05-03 08:02 - 019401216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-14 20:09 - 2019-05-03 08:02 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-14 20:09 - 2019-05-03 08:01 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-14 20:09 - 2019-05-03 08:00 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-14 20:09 - 2019-05-03 08:00 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-14 20:09 - 2019-05-03 08:00 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-14 20:09 - 2019-05-03 08:00 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-14 20:09 - 2019-05-03 07:59 - 007593472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-14 20:09 - 2019-05-03 07:59 - 005788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-14 20:09 - 2019-05-03 07:59 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-14 20:09 - 2019-05-03 07:59 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-14 20:09 - 2019-05-03 07:59 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-14 20:09 - 2019-05-03 07:59 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-14 20:09 - 2019-05-03 07:59 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-14 20:09 - 2019-05-03 07:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-14 20:09 - 2019-05-03 07:58 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-14 20:09 - 2019-05-03 07:58 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-05-14 20:09 - 2019-05-03 07:58 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-05-14 20:09 - 2019-05-03 07:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-14 20:09 - 2019-05-03 07:58 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-14 20:09 - 2019-05-03 07:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-14 20:09 - 2019-05-03 07:58 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-14 20:09 - 2019-05-03 07:57 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-14 20:09 - 2019-05-03 07:57 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-14 20:09 - 2019-05-03 07:57 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-05-14 20:09 - 2019-05-03 07:57 - 001295872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-05-14 20:09 - 2019-05-03 07:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-14 20:09 - 2019-05-03 07:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-14 20:09 - 2019-05-03 07:57 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-05-14 20:09 - 2019-05-03 07:56 - 005350912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-14 20:09 - 2019-05-03 07:56 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-14 20:09 - 2019-05-03 07:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-14 20:09 - 2019-05-03 07:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-14 20:09 - 2019-05-03 07:56 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-05-14 20:09 - 2019-05-03 07:55 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-14 20:09 - 2019-05-03 07:55 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-14 20:09 - 2019-05-03 07:55 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-14 20:09 - 2019-05-03 07:54 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-14 20:09 - 2019-05-03 07:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-14 20:09 - 2019-05-03 07:54 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-14 20:09 - 2019-05-03 07:54 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-14 20:09 - 2019-05-03 07:54 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-14 20:09 - 2019-05-03 07:54 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-14 20:09 - 2019-05-03 07:54 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-14 20:09 - 2019-05-03 07:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-14 20:09 - 2019-05-03 07:54 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-14 20:09 - 2019-05-03 07:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-14 20:09 - 2019-05-03 07:54 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-14 20:09 - 2019-05-03 07:54 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-05-14 20:09 - 2019-05-03 07:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-05-14 20:09 - 2019-05-03 07:53 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-14 20:09 - 2019-05-03 07:53 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-14 20:09 - 2019-05-03 07:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-14 20:09 - 2019-05-03 07:53 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-14 20:09 - 2019-05-03 06:38 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-05-14 20:09 - 2019-04-23 09:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-14 20:09 - 2019-04-23 08:14 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-14 20:09 - 2019-04-19 12:55 - 001634920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-14 20:09 - 2019-04-19 12:54 - 000720200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-14 20:09 - 2019-04-19 12:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-05-14 20:09 - 2019-04-19 12:39 - 012754944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-14 20:09 - 2019-04-19 12:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-14 20:09 - 2019-04-19 12:38 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-14 20:09 - 2019-04-19 12:36 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-14 20:09 - 2019-04-19 12:34 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-14 20:09 - 2019-04-19 11:44 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-14 20:09 - 2019-04-19 11:37 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-14 20:09 - 2019-04-19 11:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-14 20:09 - 2019-04-19 11:28 - 011940864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-14 20:09 - 2019-04-19 11:26 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-14 20:09 - 2019-04-19 11:25 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-14 20:09 - 2019-04-19 07:07 - 000985400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-14 20:09 - 2019-04-19 07:06 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-14 20:09 - 2019-04-19 07:06 - 000798520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-14 20:09 - 2019-04-19 07:06 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-14 20:09 - 2019-04-19 07:06 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-05-14 20:09 - 2019-04-19 07:06 - 000274232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-14 20:09 - 2019-04-19 07:02 - 000831800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-14 20:09 - 2019-04-19 07:01 - 001982008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-14 20:09 - 2019-04-19 07:01 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-05-14 20:09 - 2019-04-19 07:01 - 000576016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-14 20:09 - 2019-04-19 07:01 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-05-14 20:09 - 2019-04-19 06:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-14 20:09 - 2019-04-19 06:42 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-14 20:09 - 2019-04-19 06:41 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-14 20:09 - 2019-04-19 06:41 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-14 20:09 - 2019-04-19 06:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-14 20:09 - 2019-04-19 06:40 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-14 20:09 - 2019-04-19 06:40 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-14 20:09 - 2019-04-19 06:40 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-14 20:09 - 2019-04-19 06:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-14 20:09 - 2019-04-19 06:39 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-05-14 20:09 - 2019-04-19 06:39 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-14 20:09 - 2019-04-19 06:39 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-14 20:09 - 2019-04-19 06:39 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-14 20:09 - 2019-04-19 06:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-14 20:09 - 2019-04-19 06:39 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-14 20:09 - 2019-04-19 06:38 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-14 20:09 - 2019-04-19 06:38 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-14 20:09 - 2019-04-19 06:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-14 20:09 - 2019-04-19 06:38 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-14 20:09 - 2019-04-19 06:38 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-14 20:09 - 2019-04-19 06:38 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-14 20:09 - 2019-04-19 06:37 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-14 20:09 - 2019-04-19 06:37 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-14 20:09 - 2019-04-19 06:37 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-14 20:09 - 2019-04-19 06:37 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-14 20:09 - 2019-04-19 06:37 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-05-14 20:09 - 2019-04-19 06:37 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-14 20:09 - 2019-04-19 06:37 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-14 20:09 - 2019-04-19 06:36 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-14 20:09 - 2019-04-19 06:36 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-14 20:09 - 2019-04-19 06:36 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-14 20:09 - 2019-04-19 06:36 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-05-14 20:09 - 2019-04-19 06:36 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-14 20:09 - 2019-04-19 06:36 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-14 20:09 - 2019-04-19 06:36 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-14 20:09 - 2019-04-19 06:35 - 001938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-14 20:09 - 2019-04-19 06:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-14 20:09 - 2019-04-19 06:35 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-14 20:09 - 2019-04-19 06:35 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-14 20:09 - 2019-04-19 06:35 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-14 20:09 - 2019-04-19 06:35 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-05-14 20:09 - 2019-04-19 06:35 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-14 20:09 - 2019-04-19 06:35 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-14 20:09 - 2019-04-19 06:35 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-14 20:09 - 2019-04-19 06:34 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-14 20:09 - 2019-04-19 06:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-14 20:09 - 2019-04-19 06:34 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-14 20:09 - 2019-04-19 06:34 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-14 20:09 - 2019-04-19 06:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-14 20:09 - 2019-04-19 05:18 - 000806360 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-14 20:09 - 2019-04-19 05:18 - 000806360 _____ C:\WINDOWS\system32\locale.nls
2019-05-14 20:09 - 2019-04-09 03:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-14 20:09 - 2019-04-09 03:48 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-14 20:09 - 2019-04-09 03:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-14 20:09 - 2019-04-09 03:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-14 20:09 - 2019-04-09 03:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-14 18:10 - 2019-05-14 18:10 - 004753464 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-05-10 17:36 - 2019-05-10 17:36 - 000000054 _____ C:\Users\Usuario\.gtk-bookmarks
2019-04-30 20:07 - 2019-04-30 20:07 - 000000000 ____D C:\Users\Usuario\Documents\FormatFactory
2019-04-30 19:49 - 2019-05-15 15:25 - 000000000 ____D C:\Users\Usuario\AppData\Local\WallpaperSuite
2019-04-30 19:49 - 2019-04-30 19:49 - 000000000 ____D C:\ProgramData\McAfee
2019-04-30 19:49 - 2019-04-30 19:49 - 000000000 ____D C:\Program Files\McAfee
2019-04-30 19:37 - 2019-05-01 11:31 - 000000000 ____D C:\ProgramData\Freemake
2019-04-30 19:37 - 2019-04-30 19:37 - 000000000 ____D C:\Users\Usuario\Documents\Freemake
2019-04-30 19:37 - 2019-04-30 19:37 - 000000000 ____D C:\Users\Usuario\AppData\Local\FreemakeVideoConverter
2019-04-30 19:36 - 2019-05-01 11:31 - 000000000 ____D C:\Program Files (x86)\Freemake
2019-04-29 23:42 - 2019-05-01 14:56 - 000000000 ____D C:\Program Files\VideoLAN
2019-04-29 22:07 - 2019-04-29 22:08 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Apowersoft
2019-04-29 22:07 - 2019-04-29 22:07 - 000000000 ____D C:\Users\Usuario\AppData\Local\Apowersoft
2019-04-29 21:39 - 2019-04-29 21:39 - 000000000 ____D C:\Users\Usuario\Impostazioni locali
2019-04-29 18:52 - 2019-04-30 00:10 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\HandBrake
2019-04-25 11:24 - 2019-04-25 11:24 - 000302368 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2019-04-25 11:23 - 2019-05-01 13:37 - 000198768 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2019-04-25 11:23 - 2019-04-25 11:23 - 000245272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2019-04-25 11:23 - 2019-04-25 11:23 - 000116104 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-23 23:52 - 2019-01-06 18:57 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-23 23:47 - 2019-01-07 21:19 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-05-23 22:26 - 2019-01-10 19:02 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\audacity
2019-05-23 22:16 - 2019-01-06 19:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-23 21:26 - 2019-01-09 23:52 - 000000000 ____D C:\Users\Usuario\AppData\Local\Spotify
2019-05-23 21:25 - 2019-01-09 23:52 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Spotify
2019-05-23 21:25 - 2015-09-22 15:04 - 000000000 ___RD C:\Users\Usuario\OneDrive
2019-05-23 21:25 - 2015-05-20 23:23 - 000000000 __SHD C:\Users\Usuario\IntelGraphicsProfiles
2019-05-23 21:24 - 2019-01-06 19:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-23 21:24 - 2019-01-06 19:26 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-05-23 21:22 - 2019-01-06 18:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-23 21:22 - 2019-01-06 18:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-05-23 21:15 - 2019-01-06 18:57 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-23 21:15 - 2019-01-02 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-23 20:46 - 2019-01-06 18:57 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-23 20:37 - 2019-01-09 18:03 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\WhatsApp
2019-05-23 18:21 - 2019-01-10 01:09 - 000000000 ____D C:\Users\Usuario\AppData\Local\babl-0.1
2019-05-23 17:35 - 2019-01-18 16:18 - 000000000 ____D C:\Users\Usuario\AppData\Local\gtk-2.0
2019-05-23 17:02 - 2019-01-06 18:57 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-23 09:31 - 2019-01-10 18:49 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-05-23 09:31 - 2019-01-10 18:49 - 000000823 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-05-23 09:01 - 2019-01-10 18:53 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-23 09:01 - 2019-01-10 18:53 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-17 15:55 - 2019-01-06 19:50 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-932762285-3625409212-74071954-1000
2019-05-17 15:55 - 2019-01-06 19:36 - 000002399 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-17 14:18 - 2019-01-06 23:43 - 000000000 ____D C:\Program Files\rempl
2019-05-16 18:26 - 2015-06-11 11:28 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-15 15:31 - 2019-01-10 18:53 - 000003620 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 15:31 - 2019-01-10 18:53 - 000003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-15 15:30 - 2019-01-06 19:45 - 002394928 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-15 15:30 - 2019-01-06 19:09 - 000786502 _____ C:\WINDOWS\system32\perfh00A.dat
2019-05-15 15:30 - 2019-01-06 19:09 - 000155134 _____ C:\WINDOWS\system32\perfc00A.dat
2019-05-15 15:30 - 2019-01-06 19:05 - 000541264 _____ C:\WINDOWS\system32\perfh008.dat
2019-05-15 15:30 - 2019-01-06 19:05 - 000088122 _____ C:\WINDOWS\system32\perfc008.dat
2019-05-15 15:30 - 2019-01-06 18:56 - 000000000 ____D C:\WINDOWS\INF
2019-05-15 15:24 - 2019-01-06 19:21 - 000458440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-15 00:33 - 2019-01-06 18:57 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-15 00:33 - 2019-01-06 18:57 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-15 00:33 - 2019-01-06 18:57 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-15 00:33 - 2019-01-06 18:57 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-05-15 00:33 - 2019-01-06 18:57 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-14 20:18 - 2019-01-06 18:49 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-14 20:08 - 2019-01-06 23:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 20:05 - 2019-01-06 23:45 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-14 18:10 - 2019-01-13 00:37 - 000004620 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-05-14 18:10 - 2019-01-06 18:57 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-14 18:10 - 2019-01-06 18:57 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-14 10:38 - 2019-04-04 19:31 - 000000000 ____D C:\Program Files (x86)\WinRAR
2019-05-14 10:38 - 2019-02-02 00:51 - 000000000 ____D C:\Program Files\WinRAR
2019-05-14 10:38 - 2015-05-30 15:35 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-05-14 10:38 - 2015-05-30 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-05-10 17:36 - 2019-01-06 19:36 - 000000000 ____D C:\Users\Usuario
2019-05-06 00:07 - 2015-05-31 15:43 - 000000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2019-05-04 01:53 - 2019-01-06 19:00 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-04 01:53 - 2019-01-06 19:00 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-01 15:04 - 2019-01-06 19:36 - 000000000 ____D C:\Users\DefaultAppPool
2019-05-01 11:23 - 2019-01-06 19:43 - 000000000 ____D C:\Users\Usuario\AppData\Local\Packages
2019-04-30 22:52 - 2016-11-21 21:26 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Mozilla
2019-04-30 20:30 - 2015-06-10 20:31 - 000000000 ____D C:\FFOutput
2019-04-30 19:45 - 2019-01-10 01:11 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-04-29 22:25 - 2015-05-31 15:44 - 000000000 ____D C:\Users\Public\Documents\Pinnacle
2019-04-29 12:58 - 2019-04-10 15:14 - 000005120 _____ C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-04-28 17:40 - 2016-06-04 17:01 - 000000000 ____D C:\Users\Usuario\Documents\Grabaciones de sonido
2019-04-26 16:29 - 2019-01-09 19:09 - 000000017 _____ C:\WINDOWS\MovingPicture.ini

==================== Files in the root of some directories =======

2019-04-10 15:14 - 2019-04-29 12:58 - 000005120 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-05-23 17:35 - 2019-05-23 17:35 - 000021476 _____ () C:\Users\Usuario\AppData\Local\recently-used.xbel

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\SysWOW64\userinit.exe => MD5 is legit
==================== End of FRST.txt ============================

SanMar · 24 Mayo, 2019 04:42

Hola @Morayma_Nazari

Aun falta el reporte de Adittion.

Lo esperamos en tu próxima respuesta.

Salu2…

Morayma_Nazari · 24 Mayo, 2019 21:32

Hola. Sí, lo sé, pero es que era muy tarde y me tuve que ir a dormir. Y hasta ahora, no he podido conectarme. Te lo pongo en varias respuestas porque en una sola no me cabe:

 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by Usuario (24-05-2019 00:08:05)
Running from C:\Users\Usuario\Desktop
Windows 10 Pro Version 1803 17134.765 (X64) (2019-01-06 17:42:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-932762285-3625409212-74071954-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-932762285-3625409212-74071954-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-932762285-3625409212-74071954-1003 - Limited - Enabled)
Invitado (S-1-5-21-932762285-3625409212-74071954-501 - Limited - Disabled)
Usuario (S-1-5-21-932762285-3625409212-74071954-1000 - Administrator - Enabled) => C:\Users\Usuario
WDAGUtilityAccount (S-1-5-21-932762285-3625409212-74071954-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Kaspersky Internet Security (Disabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Disabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Edito: He tenido que editar esta respuesta varias veces esta respuesta para que el código estuviera lo suficientemente bien embebido

8GadgetPack (HKLM-x32\...\{9B9D3CF8-D10A-4A8D-8630-37ED01E9A37D}) (Version: 28.0.0 - 8GadgetPack.net)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.192 - Adobe)
Apowersoft Online Launcher version 1.7.5 (HKLM-x32\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.5 - APOWERSOFT LIMITED)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
Configuración de cámara Logitech (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Euclides Grec Politònic 1.1 (HKLM-x32\...\Euclides Grec Politònic) (Version: 1.1 - Grup Electra)
GIMP 2.10.8 (HKLM\...\GIMP-2_is1) (Version: 2.10.8 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.36 - McAfee, Inc.)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-932762285-3625409212-74071954-1000\...\OneDriveSetup.exe) (Version: 19.070.0410.0005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 64.0.2 (x64 es-ES)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Pinnacle Instant DVD Recorder (HKLM-x32\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version: 2.00.088 - )
proDAD Heroglyph 2.5 (HKLM-x32\...\proDAD-Heroglyph-2.5) (Version:  - )
proDAD Vitascene 1.0 (HKLM-x32\...\proDAD-Vitascene-1.0) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Software de cámara Web Logitech (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Spotify (HKU\S-1-5-21-932762285-3625409212-74071954-1000\...\Spotify) (Version: 1.1.7.13766.gf9dc3904 - Spotify AB)
Studio 11 (HKLM-x32\...\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}) (Version: 11.0 - Pinnacle Systems)
Studio 11 (HKLM-x32\...\{2F952048-3220-4AC7-A206-D01EFC774BB2}) (Version: 11.0.0.0 - Pinnacle Systems) Hidden
Studio 11 Bonus DVD (HKLM-x32\...\{45A1BF92-700A-4408-B95E-79F462E3D67D}) (Version: 11.0.0.0 - Pinnacle Systems)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.22.5 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
Vintage Love Screensaver (HKLM-x32\...\Vintage Love Screensaver) (Version:  - )
WhatsApp (HKU\S-1-5-21-932762285-3625409212-74071954-1000\...\WhatsApp) (Version: 0.3.2848 - WhatsApp)
WinRAR 5.71 (نسخه 32بيتي) (HKLM-x32\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
WinRAR 5.71 (نسخه 64بيتي) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Yahoo! Desktop Login (HKLM-x32\...\{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}) (Version: 1.00.0001 - Pinnacle Systems) Hidden

Morayma_Nazari · 24 Mayo, 2019 21:33

Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1510.1.0_x86__kgqvnymyfvs32 [2019-05-21] (king.com)
Complemento de Fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-03-21] (Microsoft Corporation)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.520.0_x64__rz1tebttyb220 [2019-03-12] (Dolby Laboratories)
Extensión de vídeo MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2019-04-08] (Microsoft Corporation)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-01-06] (Fitbit)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2019-03-06] (Instagram)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.9.0_x64__nfy108tqq3p12 [2019-01-06] (Thumbmunkeys Ltd)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-02-13] (Adobe Systems Incorporated)
Repost -> C:\Program Files\WindowsApps\17036IYIA.Repost_20.5.5.0_x64__dggz0n4pnn0ge [2019-05-06] (IYIA)
Teléfono Microsoft -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2019-01-06] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-932762285-3625409212-74071954-1000_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-932762285-3625409212-74071954-1000_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 ____N () [File not signed] C:\Windows\ShellExperiences\TileControl.dll
2009-07-14 01:41 - 2009-07-14 01:41 - 000053248 _____ (Hewlett-Packard Corporation) [File not signed] C:\WINDOWS\System32\hpzllw71.dll
2019-01-06 19:27 - 2009-07-14 01:41 - 000230400 _____ (Hewlett-Packard Corporation) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\hpzppw71.dll
2015-05-31 22:14 - 2009-07-08 12:51 - 000938496 _____ (Hewlett-Packard) [File not signed] C:\WINDOWS\system32\hpowiax7.dll
2006-06-02 13:42 - 2006-06-02 13:42 - 000270336 _____ (Jesús Cerquides - Francesc Sebastià) [File not signed] C:\Program Files (x86)\Euclides Grec Politònic\EuclidesGP.exe
2018-04-12 01:35 - 2018-04-12 18:24 - 000128000 ____N (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\Ink\IpsPlugin.dll
2018-04-12 18:18 - 2018-04-12 18:18 - 000040960 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000391680 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\AboveLockAppHost.dll
2018-04-12 18:23 - 2018-04-10 23:06 - 000267776 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\AccountAccessor.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000210432 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\ACPBackgroundManagerPolicy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000081408 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\acppage.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000305664 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\Actioncenter.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000601600 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\ActXPrxy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000024064 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\adhapi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000084992 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\adhsvc.dll
2018-04-12 18:23 - 2018-04-10 23:08 - 000070656 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\APHostClient.dll
2018-04-12 18:23 - 2018-04-10 23:05 - 000324608 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\aphostservice.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000902144 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\AppContracts.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000550400 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\apphelp.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000166912 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\appinfo.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000689664 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\ApplicationFrame.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000114688 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\AppMon.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000759808 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\AppointmentApis.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000899072 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\appwiz.cpl
2018-04-12 01:34 - 2018-04-12 01:34 - 000097792 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\ATL.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000036864 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\atlthunk.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000289280 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\AUTHZ.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000063488 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\BackgroundMediaPolicy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001669632 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\BatMeter.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000252416 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\bcastdvr.proxy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000029696 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\bi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000064000 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\bidispl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000081920 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\bitsigd.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000029696 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\bitsperf.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000061440 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\BitsProxy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000256000 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\BrokerLib.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000057344 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\browcli.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000154112 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\BrowserSettingSync.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000033280 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\BthTelemetry.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000169984 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\CallHistoryClient.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000034304 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\canonurl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000034304 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\CapabilityAccessHandlers.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000731648 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\CellularAPI.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000245760 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\CEMAPI.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000098304 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\cflapi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000099840 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\CLDAPI.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000196096 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\ClipboardServer.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000303104 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\CloudBackupSettings.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000049152 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\ColorAdapterClient.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000935424 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\COMDLG32.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000625664 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\conhost.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 001874944 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\ConstraintIndex.Search.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001090560 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\ContactApis.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000216576 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\container.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000014336 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\coreaudiopolicymanagerext.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000107520 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\CoreShellExtFramework.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000302080 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\Cortana.Persona.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000200192 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\CourtesyEngine.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000125952 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\cryptcatsvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000167936 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\cryptnet.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000454656 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\cryptngc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000372736 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\CryptoWinRT.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000094720 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\cryptsvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000061952 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\crypttpmeksvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000051200 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\cscapi.dll
2018-04-12 01:35 - 2018-04-12 18:24 - 000291328 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\cscobj.dll
2018-04-12 01:35 - 2018-04-12 18:24 - 000798720 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\cscui.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000010752 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\ctfmon.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000178688 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\d3d10_1.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000350208 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\d3d10_1core.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 004332032 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\D3DCOMPILER_47.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000014336 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\DABAPI.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000343040 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\dataexchange.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000094208 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\davclnt.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000026624 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\DAVHLPR.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000152576 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\dbgcore.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 001728512 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\dbghelp.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000026112 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\delegatorprovider.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000086528 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\desktopshellext.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000347136 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\deviceaccess.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000285696 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\dlnashext.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000106496 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\DMCfgUtils.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000014848 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\dmiso8601utils.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000036352 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\DMProcessXMLFiltered.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000097280 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\dmxmlhelputils.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000015872 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\DPAPI.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000205312 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\dpapisrv.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000168448 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\dps.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000283136 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\drivers\umdf\wpdfs.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000025600 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\drprov.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000031744 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\DSPARSE.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000578048 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\DUser.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000062464 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\dwm.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000060928 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\dwmghost.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000130560 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\dwmredir.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000243200 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\eappcfg.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000072192 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\eappprxy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000257024 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\edputil.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000105984 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\efslsaext.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000044544 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\EFSUTIL.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000708096 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\efswrt.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000131072 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\EhStorAPI.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000207360 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\EhStorShell.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000076800 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\elscore.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000701952 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\ElsLad.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001110016 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\EmailApis.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000045568 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\embeddedmodesvcapi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000045056 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\ErrorDetailsCore.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000486400 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\es.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000182784 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\EthernetMediaManager.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000077824 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\EventAggregation.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000090624 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\execmodelproxy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 004782592 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\explorerframe.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000014336 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\familysafetyext.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000441856 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\fhcfg.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000448000 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\fhsettingsprovider.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000029184 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\fhsvcctl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000019456 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\fontgroupsoverride.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000140800 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\FontProvider.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000300032 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\framedynos.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000098304 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\FwRemoteSvr.DLL
2018-04-12 01:35 - 2018-04-12 01:35 - 000046080 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\FXSMON.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000490496 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Geolocation.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000154624 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\globinputhost.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000162816 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\GLU32.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000037888 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\gmsaclient.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000060928 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\hcproviders.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000034816 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\HID.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000033792 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\hidserv.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000249856 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\hnetcfgclient.dll
2018-04-12 01:35 - 2018-04-12 18:24 - 000626688 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\HolographicExtensions.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000476672 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\HrtfApo.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000033280 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\HTTPAPI.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000018432 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\httpprxc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000125952 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\httpprxm.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000014336 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\IconCodecService.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000141312 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\IDStore.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000495104 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\imapi2.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000055296 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\ImgUtil.dll
2018-04-12 01:35 - 2018-04-12 18:24 - 000174080 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\inetpp.dll
2018-04-12 18:23 - 2018-04-10 23:08 - 000057856 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\InprocLogger.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000394240 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\InputSwitch.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000786432 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\iphlpsvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000251392 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\IPPMon.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000441856 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\ipsecsvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000105472 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\JOINUTIL.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000007680 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\KBDSP.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000026624 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\KDCPW.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000072704 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\keepaliveprovider.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000089088 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\keyiso.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000273920 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\ksproxy.ax
2018-04-12 01:34 - 2018-04-12 01:34 - 000135680 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\kswdmcap.ax
2018-04-12 01:34 - 2018-04-12 01:34 - 000024064 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\ktmw32.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000044544 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\lfsvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000091648 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000048640 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\licensemanagersvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000030208 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\LINKINFO.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000026112 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\lmhsvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000122880 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\loadperf.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000111104 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\LocationWinPalMisc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000671744 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\lsm.dll
2018-04-12 18:23 - 2018-04-10 23:07 - 000176128 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\MCCSEngineShared.dll
2018-04-12 18:23 - 2018-04-10 23:09 - 000020480 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\MCCSPal.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001025024 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\MessagingDataModel2.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 001422848 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\MFC42.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000035840 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\MfcSubs.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000285696 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\mfksproxy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000123904 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\mi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000265728 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\MicrosoftAccountCloudAP.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000394752 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\MicrosoftAccountWAMExtension.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000025088 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\midimap.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000301056 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\mintdh.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001371648 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\MiracastReceiver.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000243200 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\miutils.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000242688 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\MLANG.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000019456 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\MobileNetworking.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000029184 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\msacm32.drv
2018-04-12 01:34 - 2018-04-12 01:34 - 000666112 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\mscms.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000376832 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\MSCOREE.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000086528 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\MsCtfMonitor.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000114176 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\msctfui.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000011776 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\Msidle.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000045568 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\msimtf.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000060416 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\mskeyprotect.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000002560 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\msprivs.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000462848 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\MSUTB.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000262656 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\MTFServer.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000067072 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\napinsp.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001048576 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\NaturalLanguage6.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000025088 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\NcaApi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000376832 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\ncbservice.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000069120 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\NCObjAPI.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000417280 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\ncsi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000026624 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\ncuprov.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000072192 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\nduprov.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000104448 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\netfxperf.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000160256 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\netjoin.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000063488 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\netprovfw.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001194496 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\NetworkExplorer.dll
2018-04-12 18:23 - 2018-04-10 23:06 - 000137728 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\NetworkHelper.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000365056 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\NetworkUXBroker.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000080896 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\nlaapi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000367616 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\nlasvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000005632 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\Normaliz.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000245760 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\NOTEPAD.EXE
2018-04-12 01:34 - 2018-04-12 01:34 - 000045056 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\NotificationPlatformComponent.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000216576 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\npsm.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000876544 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\NPSMDesktopProvider.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000018944 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\nrpsrv.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000868864 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\ntshrui.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000416768 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\OLEACC.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000048128 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\OnDemandBrokerClient.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000363520 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\OneBackupHandler.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001041920 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\OPENGL32.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000026112 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\osbaseln.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000212992 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\PackageStateRoaming.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000066560 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\pcacli.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000296448 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\pdh.dll
2018-04-12 01:35 - 2018-04-12 18:24 - 000223744 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\PeerDist.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000225792 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\peopleband.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000084480 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\perftrack.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000016384 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\perfts.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000205824 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\PersonaX.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000391680 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\PhoneDataSync.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000431616 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\PhoneOm.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000067072 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\PhonePlatformAbstraction.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000814080 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\PhoneProviders.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000185856 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\pimindexmaintenance.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000060928 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\PimIndexMaintenanceClient.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 001047552 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\PIMSTORE.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000233984 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\pku2u.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000088064 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\PlaySndSrv.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000388608 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\PlayToDevice.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002091520 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\pnidui.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000621056 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\PortableDeviceApi.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000125440 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\portabledeviceclassextension.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000181760 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\PortableDeviceTypes.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000056832 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\PrintIsolationProxy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000479744 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\prnfldr.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000123904 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\profext.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000144384 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\profsvcext.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000459264 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\provsvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000163328 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\ProximityCommon.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000016896 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\ProximityCommonPal.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000076288 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\ProximityServicePAL.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001374208 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\qmgr.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000107008 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\query.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000293888 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\QuickActionsDataModel.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000098304 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\radardt.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000016896 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\rasadhlp.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000184320 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\rasman.dll
2018-04-12 01:35 - 2018-04-12 01:35 - 000309760 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\rasppp.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000250880 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\rastapi.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000105472 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\REGAPI.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000062976 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\rilProxy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000078336 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\rpcepmap.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000064000 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\rtutils.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000077824 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\samcli.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000121344 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\SAMLIB.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000925184 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\samsrv.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000022528 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\sbservicetrigger.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000387584 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\searchfolder.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000059392 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\SebBackgroundManagerPolicy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000027648 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\secur32.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000094208 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\SecureTimeAggregator.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000130048 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\SecurityCenterBroker.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000026624 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\SecurityCenterBrokerPS.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000910336 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\SecurityHealthSSO.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000073216 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\sens.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000152576 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\SettingMonitor.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000475136 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\SettingSync.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000092672 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\settingsyncpolicy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000003072 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\sfc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000054272 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\sfc_os.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000068608 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\shacctprofile.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000168448 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000010752 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\shfolder.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000613376 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\shsvcs.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000079360 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\sihost.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000067072 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\SmartCardBackgroundPolicy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000032768 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\snmpapi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000091648 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\SPOOLSS.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000768512 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\spoolsv.exe
2018-04-12 01:33 - 2018-04-12 01:33 - 000366080 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\srchadmin.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000061952 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\srumapi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000210944 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\srumsvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000271360 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\srvsvc.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000026624 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\srwmi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000047616 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\SSCORE.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000013312 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\sscoreext.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000061440 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\ssdpapi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000228864 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\ssdpsrv.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000207872 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\sstpsvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000416768 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\stobject.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000025600 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\storagewmi_passthru.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000467456 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\swprv.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 003367424 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\SyncCenter.dll
2018-04-12 18:23 - 2018-04-10 23:05 - 000619520 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\SyncController.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000078336 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\Syncreg.dll
2018-04-12 18:23 - 2018-04-10 23:06 - 000391168 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\SYNCUTIL.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000024576 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\SYSNTFY.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000030208 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\SystemEventsBrokerClient.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000221696 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\tabsvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000400896 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\TaskApis.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000477696 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\taskcomp.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001339392 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\TaskFlowDataEngine.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000218112 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\tcpmon.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000069632 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\themeservice.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000067072 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\threadpoolwinrt.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000035328 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\TimeBrokerClient.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000176128 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\timebrokerserver.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000110592 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\trkwks.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000182784 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\twext.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000613376 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\twinapi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000711680 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\UiaManager.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000280576 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\UIAnimation.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000119296 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\umpnpmgr.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000152576 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\umpo.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000096256 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\umpoext.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001220096 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\unistore.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000388608 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\upnp.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000333824 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\usbmon.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000436224 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\UserDataAccountApis.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001495040 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\userdataservice.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001027584 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\usermgr.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000273408 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\usermgrproxy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000079360 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\USP10.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000599040 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\UxTheme.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000288256 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\vaultcli.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000345600 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\vaultsvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000149504 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\vfuprov.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000033280 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\vidcap.ax
2018-04-12 01:34 - 2018-04-12 01:34 - 000056320 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\VirtDisk.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000696832 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\vpnike.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000061440 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\vss_ps.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001651712 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\vssapi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000068096 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\VssTrace.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 001540096 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\vssvc.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000463360 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wbem\esscli.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000973312 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wbem\fastprox.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000061952 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\wbem\krnlprov.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000107008 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wbem\ncprov.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000387072 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wbem\repdrvfs.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001232384 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wbem\wbemcore.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000524288 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wbem\wbemess.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000043520 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wbem\wbemprox.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000062976 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wbem\wbemsvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000214016 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wbem\wmiprov.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000829440 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wbem\wmiprvsd.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000488448 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wbem\wmiprvse.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000224256 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\wbem\wmisvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000130560 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wbem\wmiutils.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000485888 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\wbemcomn.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000099840 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\wdi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000216064 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wdigest.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000253952 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\wdmaud.drv
2018-04-12 01:34 - 2018-04-12 01:34 - 000284160 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\webauthn.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000046080 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\websocket.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000611840 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\wiaservc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000018432 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\wiatrace.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000310784 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\WiFiProfilesSettingHandler.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001250816 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\windowmanagement.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000116224 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000029696 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.ApplicationModel.Background.TimeBroker.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000679936 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.CloudStore.Schema.Shell.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000511488 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\windows.cortana.Desktop.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000342528 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\windows.cortana.onecore.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000140800 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\windows.cortana.pal.desktop.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000124416 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.Cortana.ProxyStub.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002229248 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.Devices.Bluetooth.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000187904 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\windows.devices.radios.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000196608 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.Energy.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000069632 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.Globalization.Fontgroups.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000506880 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.Graphics.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000644608 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000623104 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\Windows.Internal.Bluetooth.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000045056 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.Internal.SecurityMitigationsBroker.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000849408 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.Internal.Signals.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000274944 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.Media.Devices.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001808384 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.Media.Speech.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000205312 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.Networking.HostName.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000187392 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.Networking.Sockets.PushEnabledApplication.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000357376 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.Shell.BlueLightReduction.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000091648 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000228864 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\windows.storage.onecore.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000756224 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\windows.storage.search.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000620032 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.System.Launcher.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000217088 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.System.Profile.HardwareId.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000145920 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.System.Profile.RetailInfo.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000058368 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.System.Profile.SystemId.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000062464 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.System.UserProfile.DiagnosticsSettings.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000255488 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.UI.AppDefaults.dll
2018-04-12 01:35 - 2018-04-12 01:35 - 000050176 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\Windows.UI.Shell.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001072640 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.UI.Xaml.Phone.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001347072 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.Web.Http.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001143808 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\WindowsPerformanceRecorderControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000031232 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\winrnr.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000188928 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\WinRtTracing.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000805888 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\WinSync.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000271872 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\wkssvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000361984 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\WLDAP32.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000005632 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\WMI.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000046080 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\WMICLNT.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000166400 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wmidcom.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000222208 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\WorkFoldersShell.dll
2018-04-12 01:33 - 2018-04-12 01:33 - 000065536 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wpdshserviceobj.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000353792 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\wpnclient.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000576512 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\wpnprv.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000280576 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\wpnservice.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000096768 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\wpnuserservice.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000205824 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\wscinterop.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000266240 ____N (Microsoft Corporation) [File not signed] c:\windows\system32\wscsvc.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 001210368 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\wscui.cpl
2018-04-12 01:34 - 2018-04-12 01:34 - 000685056 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\wsdapi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000052736 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\WSDCHNGR.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000568832 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\WSDMon.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000014848 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\wshirda.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000163328 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\WSMAUTO.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 002612736 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\WsmSvc.DLL
2018-04-12 01:34 - 2018-04-12 01:34 - 000062976 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\wsnmp32.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000018432 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\WSOCK32.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000208896 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\wuceffects.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000250880 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\WUDFHost.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000572928 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\WUDFx.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000183808 ____N (Microsoft Corporation) [File not signed] C:\Windows\System32\XamlTileRender.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000426496 ____N (Microsoft Corporation) [File not signed] C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000113664 ____N (Microsoft) [File not signed] C:\Windows\System32\VaultRoaming.dll

Morayma_Nazari · 24 Mayo, 2019 21:35

====== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-01-06 18:58 - 2019-01-21 13:53 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-932762285-3625409212-74071954-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\fondo nuevo.jpg
DNS Servers: 80.58.61.254 - 80.58.61.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD4634AD-9A94-4C43-8806-34127CE887F1}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\RM.exe (Pinnacle Systems) [File not signed]
FirewallRules: [{75991113-70FF-4050-81E2-C6F5BE11C6F9}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\RM.exe (Pinnacle Systems) [File not signed]
FirewallRules: [{0F94417D-B01C-4E3E-A50C-E8300B1CE5B0}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\Studio.exe (Pinnacle Systems) [File not signed]
FirewallRules: [{AD332B64-E62D-4C84-9EDB-0E76F10FF913}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\Studio.exe (Pinnacle Systems) [File not signed]
FirewallRules: [{AF0615B4-6344-43EC-9DAF-11E35DADE004}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\PMSRegisterFile.exe ( ) [File not signed]
FirewallRules: [{3C6B538E-974D-4E6E-B092-39F5A6ECE685}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\PMSRegisterFile.exe ( ) [File not signed]
FirewallRules: [{D75A2C3B-DF48-4985-B678-0B6087EE3EC3}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\umi.exe (Pinnacle Systems) [File not signed]
FirewallRules: [{33C396A2-008A-4417-9D78-7F20E1D1E8E8}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\umi.exe (Pinnacle Systems) [File not signed]
FirewallRules: [{965FFE1B-C8CC-4B95-9D37-C09715F9B217}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B32B9D8C-867E-4647-AE97-1036F2F057BF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6E9AD41F-D4AD-4DD4-A488-7BA0E7542DEF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{5F52C7CC-57A4-467C-B803-5EAD3BA2FB47}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{B5E7DA1E-FD38-4DB5-AD2E-F03208A0B973}C:\users\usuario\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\usuario\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{CE7DDB9C-3449-417E-8582-75B63A49B65A}C:\users\usuario\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\usuario\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{02D35E25-B226-4BAC-B797-D67F8163D5A6}] => (Allow) C:\Users\Usuario\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{DE8854EB-068D-49C3-84BA-959DDF4DDFDF}] => (Allow) C:\Users\Usuario\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{BBDA0C0C-251B-49E9-9AB2-5A98CCC38934}] => (Allow) C:\Users\Usuario\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{D38DCF77-C09F-4639-B30D-F67F76E00EF6}] => (Allow) C:\Users\Usuario\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{C2B32A9C-5CF4-4ABD-B060-A0AFF5E85B8D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

28-04-2019 15:01:48 Punto de control programado
14-05-2019 18:30:42 Punto de control programado

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2019 08:45:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: ksde.exe, versión: 19.0.0.1088, marca de tiempo: 0x5a970d17
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x455f5660
Identificador del proceso con errores: 0x5cc
Hora de inicio de la aplicación con errores: 0x01d51197aa54e637
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: e4d9c99c-b02e-4842-ab45-213636d88053
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (05/23/2019 09:38:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Microsoft.Photos.exe, versión: 2019.19031.17720.0, marca de tiempo: 0x5cb93269
Nombre del módulo con errores: Windows.UI.Xaml.dll, versión: 10.0.17134.556, marca de tiempo: 0xd94c4e1e
Código de excepción: 0xc000027b
Desplazamiento de errores: 0x00000000006a6082
Identificador del proceso con errores: 0xa08
Hora de inicio de la aplicación con errores: 0x01d51135b54f81b9
Ruta de acceso de la aplicación con errores: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Ruta de acceso del módulo con errores: C:\Windows\System32\Windows.UI.Xaml.dll
Identificador del informe: a6ca70d5-a8ca-4249-b78a-c740790a3001
Nombre completo del paquete con errores: Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: App

Error: (05/20/2019 07:52:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: backgroundTaskHost.exe, versión: 10.0.17134.1, marca de tiempo: 0xcb43d9c5
Nombre del módulo con errores: twinapi.appcore.dll, versión: 10.0.17134.137, marca de tiempo: 0xb5d50228
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000007247f
Identificador del proceso con errores: 0x3218
Hora de inicio de la aplicación con errores: 0x01d50f34c032f971
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\backgroundTaskHost.exe
Ruta de acceso del módulo con errores: C:\Windows\System32\twinapi.appcore.dll
Identificador del informe: b9f98bd2-8bd3-4ae5-a70f-47b4f278d25e
Nombre completo del paquete con errores: Microsoft.WindowsFeedbackHub_1.1811.10862.0_x64__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: App

Error: (05/02/2019 09:14:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: TiWorker.exe, versión: 4.1.0.0, marca de tiempo: 0x593a0b3e
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x2c48
Hora de inicio de la aplicación con errores: 0x01d5011ac640fe37
Ruta de acceso de la aplicación con errores: C:\WINDOWS\SysWOW64\migwiz\S-1-5-45\TiWorker.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: 3424d3dc-ca59-4d0f-93fc-cffd86f85dd4
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (05/01/2019 02:17:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: FFInstX64.exe, versión: 1.3.0.0, marca de tiempo: 0x5cbd6db9
Nombre del módulo con errores: FFInstX64.exe, versión: 1.3.0.0, marca de tiempo: 0x5cbd6db9
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000000213a
Identificador del proceso con errores: 0x1df0
Hora de inicio de la aplicación con errores: 0x01d50017cea9482b
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\FormatFactory\FFInstX64.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\FormatFactory\FFInstX64.exe
Identificador del informe: 0f8b2b78-a72a-4ab1-9ea9-d5a4dc1ecd2c
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (04/30/2019 07:51:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: FFInstX64.exe, versión: 1.3.0.0, marca de tiempo: 0x5cbd6db9
Nombre del módulo con errores: FFInstX64.exe, versión: 1.3.0.0, marca de tiempo: 0x5cbd6db9
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000000213a
Identificador del proceso con errores: 0x303c
Hora de inicio de la aplicación con errores: 0x01d4ff7d486a578f
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\FormatFactory\FFInstX64.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\FormatFactory\FFInstX64.exe
Identificador del informe: 9534ff03-e13b-49ed-b5c6-0ae9d757c296
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (04/30/2019 07:50:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: formatfactory-4-6-1-0.exe, versión: 4.6.1.0, marca de tiempo: 0x57956397
Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.17134.556, marca de tiempo: 0xadca2670
Código de excepción: 0x0eedfade
Desplazamiento de errores: 0x001118a2
Identificador del proceso con errores: 0x2a80
Hora de inicio de la aplicación con errores: 0x01d4ff7ce8e0981b
Ruta de acceso de la aplicación con errores: C:\Users\Usuario\Contacts\Downloads\formatfactory-4-6-1-0.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll
Identificador del informe: a11cd0d3-370a-4c8f-b20c-27afff32bb54
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (04/30/2019 07:49:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: FFInstX64.exe, versión: 1.3.0.0, marca de tiempo: 0x5cbd6db9
Nombre del módulo con errores: FFInstX64.exe, versión: 1.3.0.0, marca de tiempo: 0x5cbd6db9
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000000213a
Identificador del proceso con errores: 0x468
Hora de inicio de la aplicación con errores: 0x01d4ff7cffad0757
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\FormatFactory\FFInstX64.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\FormatFactory\FFInstX64.exe
Identificador del informe: 48a53ecd-36a7-4a86-b2b4-457f8b35ba77
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:


System errors:
=============
Error: (05/24/2019 12:07:59 AM) (Source: DCOM) (EventID: 10016) (User: USUARIO-PC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario Usuario-PC\Usuario con SID (S-1-5-21-932762285-3625409212-74071954-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (05/23/2019 11:58:09 PM) (Source: DCOM) (EventID: 10016) (User: USUARIO-PC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario Usuario-PC\Usuario con SID (S-1-5-21-932762285-3625409212-74071954-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (05/23/2019 10:34:16 PM) (Source: DCOM) (EventID: 10016) (User: USUARIO-PC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario Usuario-PC\Usuario con SID (S-1-5-21-932762285-3625409212-74071954-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (05/23/2019 10:33:25 PM) (Source: DCOM) (EventID: 10016) (User: USUARIO-PC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario Usuario-PC\Usuario con SID (S-1-5-21-932762285-3625409212-74071954-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (05/23/2019 09:28:28 PM) (Source: DCOM) (EventID: 10016) (User: USUARIO-PC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario Usuario-PC\Usuario con SID (S-1-5-21-932762285-3625409212-74071954-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (05/23/2019 09:25:49 PM) (Source: DCOM) (EventID: 10016) (User: USUARIO-PC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario Usuario-PC\Usuario con SID (S-1-5-21-932762285-3625409212-74071954-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (05/23/2019 09:25:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (05/23/2019 09:24:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. V1.7 07/18/2014
Motherboard: MSI H81M-P33 (MS-7817)
Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 59%
Total physical RAM: 3974.02 MB
Available physical RAM: 1626.91 MB
Total Virtual: 6406.02 MB
Available Virtual: 3452.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.92 GB) (Free:797.46 GB) NTFS

\\?\Volume{9f4b89cc-ff17-11e4-a284-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{d3483da6-0000-0000-0000-10c1e8000000}\ () (Fixed) (Total:0.5 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D3483DA6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=507 MB) - (Type=27)

==================== End of Addition.txt ============================

SanMar · 28 Mayo, 2019 20:05

Hola @Morayma_Nazari

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

Descarga DelFix en el escritorio de Windows.
Clic Derecho, “Ejecutar como Administrador”.
En la ventana principal, marca solamente la casilla “Create Registry Backup”.
Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
HKU\S-1-5-21-932762285-3625409212-74071954-1000\...\Policies\Explorer: [NoSecurityTab] 1
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
HKU\S-1-5-21-932762285-3625409212-74071954-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sec-surf.com/
SearchScopes: HKU\S-1-5-21-932762285-3625409212-74071954-1000 -> DefaultScope {11BBFDBF-A35D-416F-858D-75094198505D} URL = hxxp://www.sec-surf.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-932762285-3625409212-74071954-1000 -> {11BBFDBF-A35D-416F-858D-75094198505D} URL = hxxp://www.sec-surf.com/search?q={searchTerms}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-04-30] (McAfee, Inc. -> McAfee, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-04-30] (McAfee, Inc. -> McAfee, Inc.)
Edge HomeButtonPage: HKU\S-1-5-21-932762285-3625409212-74071954-1000 -> hxxp://www.sec-surf.com/
FF Homepage: Mozilla\Firefox\Profiles\chq04jl7.default -> hxxp://www.sec-surf.com/
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-04-30]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-04-30] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-04-30] <==== ATTENTION
CHR HomePage: Default -> hxxp://www.sec-surf.com/
CHR StartupUrls: Default -> "hxxp://www.sec-surf.com/"
CHR DefaultSearchURL: Default -> hxxp://www.sec-surf.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> buscar
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899640 2019-04-30] (McAfee, Inc. -> McAfee, Inc.)
2019-04-30 19:49 - 2019-04-30 19:49 - 000000000 ____D C:\Program Files\McAfee
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

Ejecutas Frst.exe.
Presionas el botón Fix y aguardas a que termine.
La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
Lo pegas en tu próxima respuesta.

Luego de reiniciar nos comentas si el problema desapareció.

Salu2.

Morayma_Nazari · 24 Mayo, 2019 22:36

Hola. ¿Cómo realizo la copia de seguridad de mi regristro?

SanMar · 24 Mayo, 2019 22:53

Hola @Morayma_Nazari

Lee todos los pasos que te deje en el Punto1.

Salu2

Morayma_Nazari · 25 Mayo, 2019 14:28

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by Usuario (25-05-2019 01:10:39) Run:1
Running from C:\Users\Usuario\Desktop
Loaded Profiles: Usuario (Available Profiles: Usuario)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
HKU\S-1-5-21-932762285-3625409212-74071954-1000\...\Policies\Explorer: [NoSecurityTab] 1
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
HKU\S-1-5-21-932762285-3625409212-74071954-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sec-surf.com/
SearchScopes: HKU\S-1-5-21-932762285-3625409212-74071954-1000 -> DefaultScope {11BBFDBF-A35D-416F-858D-75094198505D} URL = hxxp://www.sec-surf.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-932762285-3625409212-74071954-1000 -> {11BBFDBF-A35D-416F-858D-75094198505D} URL = hxxp://www.sec-surf.com/search?q={searchTerms}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-04-30] (McAfee, Inc. -> McAfee, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-04-30] (McAfee, Inc. -> McAfee, Inc.)
Edge HomeButtonPage: HKU\S-1-5-21-932762285-3625409212-74071954-1000 -> hxxp://www.sec-surf.com/
FF Homepage: Mozilla\Firefox\Profiles\chq04jl7.default -> hxxp://www.sec-surf.com/
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee� WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-04-30]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-04-30] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-04-30] <==== ATTENTION
CHR HomePage: Default -> hxxp://www.sec-surf.com/
CHR StartupUrls: Default -> "hxxp://www.sec-surf.com/"
CHR DefaultSearchURL: Default -> hxxp://www.sec-surf.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> buscar
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899640 2019-04-30] (McAfee, Inc. -> McAfee, Inc.)
2019-04-30 19:49 - 2019-04-30 19:49 - 000000000 ____D C:\Program Files\McAfee
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
[836] C:\Program Files\McAfee\WebAdvisor\servicehost.exe => process closed successfully.
[11156] C:\Program Files\McAfee\WebAdvisor\uihost.exe => process closed successfully.
"HKU\S-1-5-21-932762285-3625409212-74071954-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSecurityTab" => removed successfully
HKLM\System\CurrentControlSet\Control\Lsa\\Notification Packages => value restored successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
HKU\S-1-5-21-932762285-3625409212-74071954-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-932762285-3625409212-74071954-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-932762285-3625409212-74071954-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{11BBFDBF-A35D-416F-858D-75094198505D} => removed successfully
HKLM\Software\Classes\CLSID\{11BBFDBF-A35D-416F-858D-75094198505D} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\Software\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
"HKU\S-1-5-21-932762285-3625409212-74071954-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage" => removed successfully
"Firefox homepage" => removed successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" => removed successfully
C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => moved successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" => removed successfully
C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js => moved successfully
C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg => moved successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => removed successfully
McAfee WebAdvisor => Unable to stop service.
HKLM\System\CurrentControlSet\Services\McAfee WebAdvisor => removed successfully
McAfee WebAdvisor => service removed successfully

"C:\Program Files\McAfee" folder move:

Could not move "C:\Program Files\McAfee" => Scheduled to move on reboot.

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-932762285-3625409212-74071954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-932762285-3625409212-74071954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 287403261 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2391931 B
Edge => 1357226 B
Chrome => 422414458 B
Firefox => 76941780 B
Opera => 141024 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 14562 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Usuario => 66828088 B
DefaultAppPool => 0 B

RecycleBin => 3351182622 B
EmptyTemp: => 3.9 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-05-2019 01:15:48)

C:\Program Files\McAfee => moved successfully

==== End of Fixlog 01:15:56 ====

Hola @SanMar. He tenido que borrar una de las respuestas porque el contenido estaba repetido. Creo que no me falta nada. Si ves que no es así, me lo dices y vuelvo a pegar el log.

Por otra parte, creo que todo se ha solucionado.

SanMar · 25 Mayo, 2019 14:32

Hola @Morayma_Nazari

Perfecto…

Para ir terminando, elimina las herramientas utilizadas:

Ejecutas nuevamente >> Delfix, desde tu escritorio.

Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)
Marca las casilla Remove disinfection tools y Purgue Sistem Restore
Pulsar en Run.

Se abrirá el informe (DelFix.txt), pegalo en tu próxima respuesta y cierra la herramienta.

Prueba el equipo, reinicia dos o tres veces, nos comentas si todo esta en orden para dar por Solucionado el tema.

Salu2.