Buenas estimados. Mi problema es que al cliquear en cualquier sector de firefox salen nuevas ventanas que debo cerrar continuamente, y de vez en cuando tambien aparece publicidad sola. Hace unos días me tome el trabajo de “limpiar” de malwares la pc, estaba infectada de varios troyanos que pude identificar con la ayuda de ver otros casos similares en el foro, pero evidentemente quedó un rezago que no pude eliminar. Aguardo sus indicaciones. Saludos.
Hola @Diego_Albelo
Que herramientas usaste…??
Nos puedes poner los informes de esas herramientas…??
Saludos.
Los usuales del sitio (Malwarebites, adware cleaner y ccleaner)…ya borre los informes. Puedo hacer una pasada de todo nuevamente, no tengo inconvenientes ni apuro.
Reformulo: Malwarebytes Anti-Malware, AdwCleaner, ZHPCleaner, CCleaner y Farbar Recovery Scan Tool. Aclaro que se infecto gravemente, estaba muy lenta, de acuerdo al primer informe de Malwarebytes había 6 troyanos y 165 infecciones, y actualmente no esta teniendo ese inconveniente pero si la apertura de ventanas.
Perfecto. 
Entonces… ahora para revisar tu maquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado.
Descarga de nuevo TODAS las herramientas que te indico aunque YA las tuvieras en tu equipo descargas y/o instaladas.
Desactiva temporalmente el Antivirus 
Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.
Vamos a descargar en TU ESCRITORIO(y NO en otro lugar 
) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :
-
Malwarebytes’ Anti-Malware + Manual.
revisa en detalle el manual, para que sepas usarlo y configurarlo correctamente. -
Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1]
¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]
Ejecutas las herramientas de una en una y en el orden indicado :
CCleaner.-
-
Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.
-
Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
-
Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).
Malwarebytes.-
-
Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.
-
Realiza un Análisis Completo.
-
Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.
-
En el apartado del manual
Historial 
encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.
AdwCleaner.-
-
Ejecuta Adwcleaner.exe.
-
Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.
-
Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
-
El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.
-
El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt
Junkware Removal Tool.-
-
Ejecuta JRT.exe.
-
Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.
-
Si en algún momento te pide Reiniciar hazlo.
-
Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
-
Copia y pega el contenido de JRT.txt en tu próxima respuesta.
Farbar Recovery Scan Tool.-
-
Ejecuta FRST.exe.
-
En el mensaje de la ventana del Disclaimer, pulsamos Yes
-
En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
-
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.
Poner los informes en tu próxima respuesta de :
- Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden.
Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).
Y nos cuentas como funciona tu equipo en relación al problema planteado.
Saludos.
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 14/9/19
Hora del análisis: 15:12
Archivo de registro: 3711a1bb-d71b-11e9-9781-14dae93067bc.json
-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.625
Versión del paquete de actualización: 1.0.12453
Licencia: Gratis
-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: Diego-PC\Diego
-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 248592
Amenazas detectadas: 1
Amenazas en cuarentena: 1
Tiempo transcurrido: 12 min, 8 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 0
(No hay elementos maliciosos detectados)
Valor del registro: 0
(No hay elementos maliciosos detectados)
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 0
(No hay elementos maliciosos detectados)
Archivo: 1
Trojan.DNSChanger, C:\USERS\DIEGO\APPDATA\ROAMING\KPGOZGUDWAPC\JOHTADFCXWOPWKT.MSI, En cuarentena, [3073], [731501],1.0.12453
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-05-2019
# Database: 2019-08-27.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-14-2019
# Duration: 00:00:27
# OS: Windows 7 Ultimate
# Scanned: 35522
# Detected: 1
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Preinstalled Software ] *****
Preinstalled.CyberLinkService Folder C:\Program Files\CYBERLINK\SHARED FILES\PLUGIN\NEWBLUE
AdwCleaner_Debug.log - [3538 octets] - [14/09/2019 15:54:54]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64
Ran by Diego (Administrator) on 14/09/2019 at 15:58:19,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 35
Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\yw3kt3vs.default\user.js (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03RL54NK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33JOBBXO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MPXK54P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69M43J7L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NHM5QEB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ON5EB56 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYG2RQWF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C8EC1LKD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0YETA0F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HLM4UTIK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFS3AYGD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6OC9D23 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03RL54NK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33JOBBXO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MPXK54P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69M43J7L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NHM5QEB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ON5EB56 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYG2RQWF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C8EC1LKD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0YETA0F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HLM4UTIK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFS3AYGD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6OC9D23 (Temporary Internet Files Folder)
Deleted the following from C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\yw3kt3vs.default\prefs.js
user_pref(extensions.webextensions.uuids, {\[email protected]\:\f4c24928-7949-45fc-aa5b-a346d144d75c\,\[email protected]\:\ee73d93b-fc79-44db-9a1f-078e1
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/09/2019 at 16:04:00,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2019
Ran by Diego (administrator) on DIEGO-PC (14-09-2019 16:09:09)
Running from C:\Users\Diego\Desktop
Loaded Profiles: Diego (Available Profiles: Diego)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(DEVGURU Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5888320 2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1659731970-3403070027-1370717698-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\system32\prodad-codec.dll [607256 2014-09-04] (proDAD GmbH -> proDAD GmbH)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1659731970-3403070027-1370717698-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0CCC6676-B983-43FC-A4CF-674658B14617} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1659731970-3403070027-1370717698-1000UA => C:\Users\Diego\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {3AFC571C-4103-428F-A9A9-EDF1721A5130} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-10] (Google Inc -> Google Inc.)
Task: {49295505-6C9C-4D8C-92BD-75A2F9EAAB8F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {63AEFAB4-FAF4-4B19-8FE9-52A66BE79AE9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3942792 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {642D1B19-5F49-4D50-95B1-7ECF76FFBF66} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Diego-PC-Diego Diego-PC => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [448136 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DFC7026-2AEB-4016-93D9-7D64F11E5B6C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {7B6CCB49-724B-48DE-B363-007D8F065CC0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2045832 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {7C0C57D0-77A4-4B35-8CEC-E8C198864333} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {889A56C8-6857-45E9-9C80-A980487BD685} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {9B857B80-9F71-4DE0-8EF2-DC2EAA4D0F27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9FA5252E-88A0-4099-B567-7B1A54B54D0F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B3E9C995-3D8A-48CE-B41C-FDEB20A449C0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {CDAE929D-3360-4517-95A6-63EE9EB681B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1659731970-3403070027-1370717698-1000Core => C:\Users\Diego\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D7C0CF02-AAA5-4039-9468-BC9CE62764D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {F2EF7F75-51B8-4138-8141-79991DAC55CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-10] (Google Inc -> Google Inc.)
Task: {FDA35DD9-A992-412C-A706-0A1AF62DC750} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.49.130.52 200.42.4.198 200.42.4.198
Tcpip\..\Interfaces\{3B036E31-9B7E-404C-B1A5-1A189D704E98}: [DhcpNameServer] 200.49.130.52 200.42.4.198 200.42.4.198
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1659731970-3403070027-1370717698-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1659731970-3403070027-1370717698-1000 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-05-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
FireFox:
========
FF DefaultProfile: yw3kt3vs.default
FF ProfilePath: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\yw3kt3vs.default [2019-09-14]
FF Homepage: Mozilla\Firefox\Profiles\yw3kt3vs.default -> www.gibiru.com
FF HomepageOverride: Mozilla\Firefox\Profiles\yw3kt3vs.default -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\yw3kt3vs.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF NewTabOverride: Mozilla\Firefox\Profiles\yw3kt3vs.default -> Enabled: {4803117b-3ce7-45b3-92dd-4f5cdece86fe}
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\yw3kt3vs.default\Extensions\[email protected] [2019-09-12]
FF Extension: (Avast Online Security) - C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\yw3kt3vs.default\Extensions\[email protected] [2019-09-12]
FF Extension: (firefox) - C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\yw3kt3vs.default\Extensions\{4803117b-3ce7-45b3-92dd-4f5cdece86fe}.xpi [2019-09-08]
FF Extension: (Security Update Tool) - C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\yw3kt3vs.default\Extensions\{f819cd6a-0d11-4e67-9a6f-e3bdaf4eee3b}.xpi [2019-08-27]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-10-11] [Legacy] [not signed]
FF HKU\S-1-5-21-1659731970-3403070027-1370717698-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1659731970-3403070027-1370717698-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Diego\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1659731970-3403070027-1370717698-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Diego\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default [2019-09-14]
CHR Extension: (Presentaciones) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Documentos) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-03]
CHR Extension: (WhatsChrome) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2017-12-16]
CHR Extension: (YouTube) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-03]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-09-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-08-29]
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2018-11-08]
CHR Extension: (Hojas de cálculo) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-18]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Chrome Update Tool) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjdblhobihaknilfmfjfpidfblgajmk [2019-09-08]
CHR Extension: (Gmail) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-14]
CHR Extension: (Chrome Media Router) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-14]
CHR Profile: C:\Users\Diego\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-14]
CHR HKU\S-1-5-21-1659731970-3403070027-1370717698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.MWZ5I25XY34IK7L5UD7EV44UPY - C:\Users\Diego\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5975136 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [405072 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-27] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-04-01] (CyberLink Corp. -> CyberLink)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2019-08-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [780328 2019-08-16] (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
S2 SessionLauncher; C:\Users\Diego\AppData\Local\Temp\DX9\SessionLauncher.exe [X] <==== ATTENTION
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-09-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [209552 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [263008 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [205848 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [61472 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [282768 2019-09-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [169408 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1030784 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [478096 2019-08-27] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [387176 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [135520 2019-08-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-09-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166752 2019-08-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [268416 2011-06-08] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-09-14 16:09 - 2019-09-14 16:12 - 000022525 _____ C:\Users\Diego\Desktop\FRST.txt
2019-09-14 16:08 - 2019-09-14 16:09 - 000000000 ____D C:\FRST
2019-09-14 16:04 - 2019-09-14 16:08 - 000006297 _____ C:\Users\Diego\Desktop\JRT.txt
2019-09-14 15:54 - 2019-09-14 15:55 - 000000000 ____D C:\AdwCleaner
2019-09-14 15:46 - 2019-09-14 15:46 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-09-14 15:11 - 2019-09-14 15:11 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-09-14 15:11 - 2019-09-14 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-09-14 15:11 - 2019-08-27 05:50 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-09-14 15:10 - 2019-09-14 15:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-09-14 15:10 - 2019-09-14 15:10 - 000000000 ____D C:\Program Files\Malwarebytes
2019-09-14 14:21 - 2019-09-14 14:53 - 001614848 _____ (Farbar) C:\Users\Diego\Desktop\FRST64.exe
2019-09-14 14:18 - 2019-09-14 14:19 - 001790024 _____ (Malwarebytes) C:\Users\Diego\Desktop\JRT.exe
2019-09-14 14:13 - 2019-09-14 14:13 - 007636680 _____ (Malwarebytes) C:\Users\Diego\Desktop\adwcleaner_7.4.1.exe
2019-09-14 11:23 - 2019-09-14 11:24 - 066469432 _____ (Malwarebytes ) C:\Users\Diego\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.625-1.0.12453.exe
2019-09-12 19:48 - 2019-08-19 18:21 - 000363912 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-09-12 19:47 - 2019-09-12 19:47 - 000282768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-09-12 19:47 - 2019-09-12 19:47 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-09-12 00:26 - 2019-09-12 00:26 - 000000793 _____ C:\DelFix.txt
2019-09-11 23:11 - 2019-09-11 23:11 - 000123374 _____ C:\Users\Diego\Downloads\Factura_2019-09-11.pdf
2019-09-11 22:09 - 2019-09-11 22:09 - 000853368 _____ C:\Users\Diego\Downloads\null-19-05.pdf
2019-09-11 13:14 - 2019-08-15 22:02 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-09-11 13:14 - 2019-08-15 21:56 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-09-11 13:12 - 2019-08-28 23:56 - 003966904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-09-11 13:12 - 2019-08-28 23:55 - 004061112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-09-11 13:12 - 2019-08-28 23:55 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-09-11 13:12 - 2019-08-28 23:54 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-09-11 13:12 - 2019-08-28 23:53 - 005553104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-09-11 13:12 - 2019-08-28 23:53 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-09-11 13:12 - 2019-08-28 23:53 - 000264120 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-09-11 13:12 - 2019-08-28 23:53 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-09-11 13:12 - 2019-08-28 23:53 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-09-11 13:12 - 2019-08-28 23:52 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:51 - 001670784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 001078784 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-09-11 13:12 - 2019-08-28 23:27 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-09-11 13:12 - 2019-08-28 23:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-09-11 13:12 - 2019-08-28 23:22 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-09-11 13:12 - 2019-08-28 23:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-09-11 13:12 - 2019-08-28 23:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-09-11 13:12 - 2019-08-28 23:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-09-11 13:12 - 2019-08-28 23:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-09-11 13:12 - 2019-08-28 23:22 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-09-11 13:12 - 2019-08-28 23:22 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-09-11 13:12 - 2019-08-28 23:21 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-09-11 13:12 - 2019-08-28 23:21 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:21 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:21 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:21 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-09-11 13:12 - 2019-08-28 23:19 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-09-11 13:12 - 2019-08-28 23:19 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-09-11 13:12 - 2019-08-28 23:18 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-09-11 13:12 - 2019-08-28 23:15 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-09-11 13:12 - 2019-08-28 23:15 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-09-11 13:12 - 2019-08-28 23:15 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-09-11 13:12 - 2019-08-28 23:15 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-09-11 13:12 - 2019-08-28 23:15 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-09-11 13:12 - 2019-08-28 23:15 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-09-11 13:12 - 2019-08-28 23:14 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-09-11 13:12 - 2019-08-28 23:14 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-09-11 13:12 - 2019-08-28 23:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-09-11 13:12 - 2019-08-28 23:14 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-09-11 13:12 - 2019-08-28 23:14 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-09-11 13:12 - 2019-08-28 23:14 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-09-11 13:12 - 2019-08-28 23:14 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-09-11 13:12 - 2019-08-27 17:50 - 000390536 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-09-11 13:12 - 2019-08-27 16:59 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-09-11 13:12 - 2019-08-27 02:07 - 025752064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-09-11 13:12 - 2019-08-27 00:29 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-09-11 13:12 - 2019-08-27 00:27 - 000579072 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-09-11 13:12 - 2019-08-27 00:27 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-09-11 13:12 - 2019-08-27 00:27 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-09-11 13:12 - 2019-08-27 00:27 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-09-11 13:12 - 2019-08-27 00:26 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-09-11 13:12 - 2019-08-27 00:21 - 020290560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-09-11 13:12 - 2019-08-27 00:20 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-09-11 13:12 - 2019-08-27 00:19 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-09-11 13:12 - 2019-08-27 00:17 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-09-11 13:12 - 2019-08-27 00:17 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-09-11 13:12 - 2019-08-27 00:16 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-09-11 13:12 - 2019-08-27 00:16 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-09-11 13:12 - 2019-08-27 00:15 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-09-11 13:12 - 2019-08-27 00:15 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-09-11 13:12 - 2019-08-27 00:08 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-09-11 13:12 - 2019-08-27 00:05 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-09-11 13:12 - 2019-08-27 00:03 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-09-11 13:12 - 2019-08-27 00:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-09-11 13:12 - 2019-08-27 00:02 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-09-11 13:12 - 2019-08-27 00:02 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-09-11 13:12 - 2019-08-27 00:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-09-11 13:12 - 2019-08-26 23:59 - 002301952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-09-11 13:12 - 2019-08-26 23:59 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-09-11 13:12 - 2019-08-26 23:58 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-09-11 13:12 - 2019-08-26 23:58 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-09-11 13:12 - 2019-08-26 23:56 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-09-11 13:12 - 2019-08-26 23:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-09-11 13:12 - 2019-08-26 23:55 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-09-11 13:12 - 2019-08-26 23:54 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-09-11 13:12 - 2019-08-26 23:54 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-09-11 13:12 - 2019-08-26 23:53 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-09-11 13:12 - 2019-08-26 23:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-09-11 13:12 - 2019-08-26 23:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-09-11 13:12 - 2019-08-26 23:52 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-09-11 13:12 - 2019-08-26 23:50 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-09-11 13:12 - 2019-08-26 23:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-09-11 13:12 - 2019-08-26 23:42 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-09-11 13:12 - 2019-08-26 23:40 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-09-11 13:12 - 2019-08-26 23:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-09-11 13:12 - 2019-08-26 23:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-09-11 13:12 - 2019-08-26 23:39 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-09-11 13:12 - 2019-08-26 23:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-09-11 13:12 - 2019-08-26 23:37 - 002132480 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-09-11 13:12 - 2019-08-26 23:37 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-09-11 13:12 - 2019-08-26 23:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-09-11 13:12 - 2019-08-26 23:36 - 015389184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-09-11 13:12 - 2019-08-26 23:36 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-09-11 13:12 - 2019-08-26 23:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-09-11 13:12 - 2019-08-26 23:34 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2019-09-11 13:12 - 2019-08-26 23:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-09-11 13:12 - 2019-08-26 23:30 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-09-11 13:12 - 2019-08-26 23:28 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-09-11 13:12 - 2019-08-26 23:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-09-11 13:12 - 2019-08-26 23:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-09-11 13:12 - 2019-08-26 23:26 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-09-11 13:12 - 2019-08-26 23:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-09-11 13:12 - 2019-08-26 23:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-09-11 13:12 - 2019-08-26 23:15 - 001568256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-09-11 13:12 - 2019-08-26 23:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-09-11 13:12 - 2019-08-26 23:06 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-09-11 13:12 - 2019-08-26 23:04 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-09-11 13:12 - 2019-08-26 23:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-09-11 13:12 - 2019-08-22 19:07 - 000628480 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-09-11 13:12 - 2019-08-20 22:59 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2019-09-11 13:12 - 2019-08-20 22:56 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-09-11 13:12 - 2019-08-20 22:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2019-09-11 13:12 - 2019-08-20 22:56 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2019-09-11 13:12 - 2019-08-20 20:19 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2019-09-11 13:12 - 2019-08-20 01:24 - 000385248 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-09-11 13:12 - 2019-08-20 01:21 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-09-11 13:12 - 2019-08-20 01:21 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-09-11 13:12 - 2019-08-20 01:21 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-09-11 13:12 - 2019-08-20 01:21 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-09-11 13:12 - 2019-08-20 00:59 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys
2019-09-11 13:12 - 2019-08-20 00:51 - 003232256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-09-11 13:12 - 2019-08-19 23:47 - 001251840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-09-11 13:12 - 2019-08-15 04:59 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-09-11 13:12 - 2019-08-15 04:59 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-09-11 13:12 - 2019-08-14 14:54 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2019-09-11 13:12 - 2019-08-14 14:53 - 000253440 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2019-09-11 13:12 - 2019-08-14 02:22 - 000374496 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2019-09-11 13:12 - 2019-08-14 02:20 - 000300032 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2019-09-11 13:12 - 2019-08-14 02:20 - 000282112 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2019-09-11 13:12 - 2019-08-14 02:20 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\tssrvlic.dll
2019-09-11 13:12 - 2019-08-14 01:59 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\LSCSHostPolicy.dll
2019-09-11 13:12 - 2019-08-14 01:52 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2019-09-11 13:12 - 2019-08-13 19:20 - 000162016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-09-11 13:12 - 2019-08-13 19:19 - 000988384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-09-11 13:12 - 2019-08-13 19:19 - 000267488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-09-11 13:12 - 2019-08-13 19:16 - 001009664 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-09-11 13:12 - 2019-08-13 19:16 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2019-09-11 13:12 - 2019-08-13 19:15 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-09-11 13:12 - 2019-08-13 19:15 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-09-11 13:12 - 2019-08-13 19:15 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2019-09-11 13:12 - 2019-08-13 19:13 - 000833536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-09-11 13:12 - 2019-08-13 19:13 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2019-09-11 13:12 - 2019-08-13 19:13 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-09-11 13:12 - 2019-08-12 23:58 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-09-11 13:12 - 2019-08-12 23:58 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2019-09-11 13:12 - 2019-08-12 23:58 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-09-11 13:12 - 2019-08-12 23:58 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-09-11 13:12 - 2019-08-12 23:50 - 004927488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-09-11 13:12 - 2019-08-12 21:56 - 005785600 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-09-11 13:12 - 2019-08-12 21:56 - 002863104 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-09-11 13:12 - 2019-08-12 21:56 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-09-11 13:12 - 2019-08-12 21:56 - 001650176 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-09-11 13:12 - 2019-08-12 21:56 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-09-11 13:12 - 2019-08-12 21:56 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-09-11 13:12 - 2019-08-12 21:56 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-09-11 13:12 - 2019-08-12 21:56 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-09-11 13:11 - 2019-08-28 23:52 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-09-11 13:11 - 2019-08-28 23:52 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-09-11 13:11 - 2019-08-28 23:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-09-11 13:11 - 2019-08-28 23:50 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-09-11 13:11 - 2019-08-28 23:50 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-09-11 13:11 - 2019-08-28 23:50 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-09-11 13:11 - 2019-08-27 00:41 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-09-11 13:11 - 2019-08-27 00:41 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-09-11 13:11 - 2019-08-27 00:15 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-09-11 13:11 - 2019-08-12 21:56 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-09-11 13:11 - 2019-08-12 21:56 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-09-08 00:16 - 2019-09-14 15:43 - 000000000 ____D C:\Users\Diego\AppData\Roaming\kpgozgudwapc
2019-09-08 00:14 - 2019-09-08 01:17 - 000000000 ____D C:\Users\Diego\AppData\Local\Mail.Ru
2019-09-08 00:14 - 2019-09-08 00:15 - 000000000 ____D C:\ProgramData\Mail.Ru
2019-09-07 23:14 - 2019-09-07 23:14 - 000000000 ____D C:\ProgramData\Movavi Photo Editor 5
2019-09-07 23:14 - 2019-09-07 23:14 - 000000000 ____D C:\ProgramData\Movavi
2019-09-06 20:32 - 2019-09-06 20:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-09-06 15:25 - 2019-09-08 02:40 - 000000000 ____D C:\Users\Diego\AppData\Roaming\ZHP
2019-09-06 15:25 - 2019-09-06 15:25 - 000000000 ____D C:\Users\Diego\AppData\Local\ZHP
2019-09-06 11:42 - 2019-09-06 11:42 - 000000000 ____D C:\Users\Diego\AppData\Local\PhotoEditor
2019-09-06 11:42 - 2019-09-06 11:42 - 000000000 ____D C:\Users\Diego\AppData\Local\Movavi
2019-09-06 11:42 - 2019-09-06 11:42 - 000000000 ____D C:\Users\Diego\AppData\Local\CrashRpt
2019-09-06 11:23 - 2019-09-06 11:23 - 000012394 _____ C:\ProgramData\crsoxhya.gfw
2019-09-05 20:46 - 2019-09-08 00:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-09-05 09:18 - 2019-09-05 09:18 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-09-05 09:18 - 2019-09-05 09:18 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-09-05 09:18 - 2019-09-05 09:18 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-09-05 09:18 - 2019-09-05 09:18 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-08-29 23:12 - 2019-08-16 05:13 - 000135520 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2019-08-29 23:12 - 2019-08-16 05:12 - 000166752 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2019-08-29 22:26 - 2019-08-29 22:26 - 000000000 ____D C:\Program Files\Samsung
2019-08-29 22:24 - 2019-08-29 22:24 - 000000000 ____D C:\ProgramData\Samsung
2019-08-29 22:22 - 2019-08-29 22:23 - 036829824 _____ (Samsung Electronics Co., Ltd.) C:\Users\Diego\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
2019-08-20 10:33 - 2019-09-12 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-08-19 18:21 - 2019-08-19 18:21 - 000236024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-08-19 18:21 - 2019-08-19 18:21 - 000169408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-09-14 15:55 - 2019-01-23 17:50 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-09-14 15:54 - 2018-09-03 11:56 - 001447424 ___SH C:\Users\Diego\Desktop\Thumbs.db
2019-09-14 15:50 - 2019-03-15 14:43 - 000005044 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Diego-PC-Diego Diego-PC
2019-09-14 15:50 - 2017-02-07 14:46 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-09-14 15:46 - 2017-04-27 18:08 - 000000986 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-09-14 15:46 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-14 15:45 - 2009-07-14 01:45 - 000017056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-14 15:45 - 2009-07-14 01:45 - 000017056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-14 15:24 - 2017-04-27 18:08 - 000000990 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-09-14 15:11 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2019-09-14 15:01 - 2019-01-10 19:37 - 000000000 ____D C:\Users\Diego\AppData\LocalLow\Mozilla
2019-09-14 14:10 - 2019-02-13 13:33 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-09-14 14:10 - 2017-04-27 18:08 - 000003996 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2019-09-14 14:10 - 2017-04-27 18:08 - 000003744 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2019-09-14 14:10 - 2017-03-10 18:02 - 000003534 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-09-14 14:10 - 2017-03-10 18:02 - 000003406 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-09-14 14:10 - 2016-10-03 17:52 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-09-14 14:10 - 2016-10-03 10:57 - 000003712 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1659731970-3403070027-1370717698-1000UA
2019-09-14 14:10 - 2016-10-03 10:57 - 000003440 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1659731970-3403070027-1370717698-1000Core
2019-09-14 14:10 - 2016-09-30 12:20 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-09-14 03:58 - 2010-11-21 04:09 - 000757818 _____ C:\Windows\system32\perfh00A.dat
2019-09-14 03:58 - 2010-11-21 04:09 - 000165082 _____ C:\Windows\system32\perfc00A.dat
2019-09-14 03:58 - 2009-07-14 02:13 - 001708302 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-14 02:51 - 2016-10-22 18:36 - 000000000 ____D C:\Program Files\JD2 iTutosPC
2019-09-12 23:35 - 2016-10-24 19:35 - 000039936 _____ C:\Users\Diego\Documents\Gastos de la casa.xls
2019-09-12 23:04 - 2017-01-09 23:29 - 000002113 _____ C:\Users\Diego\Desktop\code.txt
2019-09-12 08:53 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\rescache
2019-09-12 00:36 - 2017-03-14 21:48 - 000000000 ____D C:\Program Files (x86)\The Logo Creator v6.8
2019-09-11 22:42 - 2009-07-14 01:45 - 000468160 _____ C:\Windows\system32\FNTCACHE.DAT
2019-09-11 22:36 - 2016-10-04 04:06 - 000000000 ___SD C:\Windows\system32\CompatTel
2019-09-11 22:24 - 2016-10-03 11:56 - 001681952 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-09-08 01:24 - 2016-10-22 19:51 - 000000000 ____D C:\Users\Diego\AppData\Roaming\MPC-HC
2019-09-08 00:15 - 2019-02-20 01:39 - 000000424 __RSH C:\ProgramData\ntuser.pol
2019-09-06 20:32 - 2017-04-27 18:08 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-09-06 15:54 - 2016-10-03 10:57 - 000000000 ____D C:\Users\Diego\AppData\Local\Google
2019-09-06 12:24 - 2009-07-14 02:08 - 000032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-09-06 10:09 - 2019-01-10 19:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-01 23:38 - 2016-11-07 13:13 - 000000000 ____D C:\Users\Diego\Desktop\TANTAWAWA
2019-09-01 23:37 - 2018-11-18 01:27 - 000000000 ____D C:\Users\Diego\Desktop\do terra
2019-09-01 23:37 - 2017-12-09 12:47 - 000000000 ____D C:\Users\Diego\Desktop\Expresión corporal
2019-09-01 23:32 - 2016-12-16 09:11 - 000000000 ____D C:\Users\Diego\Desktop\pao laburo
2019-09-01 23:31 - 2016-11-17 21:41 - 000000000 ____D C:\Users\Diego\Desktop\imagenes para flyer muestra
2019-09-01 23:29 - 2019-01-28 19:36 - 000000000 ____D C:\Users\Diego\Desktop\celular pao 2019
2019-09-01 23:22 - 2018-05-27 22:05 - 000000000 ____D C:\Users\Diego\Desktop\archivos hoy domingo (2)
2019-08-29 19:03 - 2016-10-03 10:58 - 000002403 _____ C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-27 10:23 - 2016-10-03 17:51 - 000478096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-08-25 09:21 - 2016-10-23 16:55 - 000409088 ___SH C:\Users\Diego\Documents\Thumbs.db
2019-08-22 19:44 - 2016-09-30 12:23 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-19 18:21 - 2019-01-14 17:17 - 000263008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-08-19 18:21 - 2019-01-06 11:29 - 000205848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-08-19 18:21 - 2019-01-06 11:29 - 000061472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-08-19 18:21 - 2018-10-23 08:20 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-08-19 18:21 - 2017-11-16 14:08 - 000209552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-08-19 18:21 - 2016-10-03 17:51 - 001030784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-08-19 18:21 - 2016-10-03 17:51 - 000387176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-08-19 18:21 - 2016-10-03 17:51 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-08-19 18:21 - 2016-10-03 17:51 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-08-19 14:45 - 2018-08-09 21:46 - 000000000 ____D C:\Users\Diego\Desktop\audios pao
==================== Files in the root of some directories ================
2005-04-07 23:16 - 2005-04-07 23:16 - 000000015 ____H () C:\Users\Diego\AppData\Roaming\logs.dat
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2019-09-10 13:35
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-09-2019
Ran by Diego (14-09-2019 16:13:21)
Running from C:\Users\Diego\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-09-29 14:16:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-1659731970-3403070027-1370717698-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1659731970-3403070027-1370717698-1004 - Limited - Enabled)
Diego (S-1-5-21-1659731970-3403070027-1370717698-1000 - Administrator - Enabled) => C:\Users\Diego
HomeGroupUser$ (S-1-5-21-1659731970-3403070027-1370717698-1002 - Limited - Enabled)
Invitado (S-1-5-21-1659731970-3403070027-1370717698-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
ARIA Engine v1.0.9.8 (HKLM\...\ARIA Engine_is1) (Version: v1.0.9.8 - Plogue Art et Technologie, Inc)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.7.2388 - AVAST Software)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Compresor WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2307.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0 - CyberLink Corp.)
D110 (HKLM-x32\...\{55C4B9E9-39C8-4BD6-9BCF-41BE40393A5F}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 80.4.126 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
eEnjoy VIDEO DVR (HKLM-x32\...\{B6BF84B7-7CAF-4B3A-A46C-CF2E4BEF809D}) (Version: 2014.03.12 - eEnjoy)
Eines de correcció del Microsoft Office 2013: català (HKLM-x32\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM-x32\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Finale 2011 (HKLM-x32\...\Finale 2011) (Version: 2011..r2.2 - MakeMusic)
Garritan ARIA Player v1.02 (HKLM\...\__ARIA_1012___is1) (Version: v1.0.2.1 - Garritan)
Garritan Instruments for Finale (HKLM\...\__ARIA_1013___is1) (Version: v1.0.2.2 - Garritan)
Google Chrome (HKU\S-1-5-21-1659731970-3403070027-1370717698-1000\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (HKLM-x32\...\{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}) (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
K-Lite Codec Pack 12.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.5.5 - KLCP)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 69.0 (x86 es-AR) (HKLM-x32\...\Mozilla Firefox 69.0 (x86 es-AR)) (Version: 69.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (HKLM\...\{CE47BA54-78AC-409F-9151-BDF5BE15A804}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM-x32\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PS_AIO_07_D110_SW_Min (HKLM-x32\...\{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
Python 2.7.7 (HKLM-x32\...\{049CA433-77A0-4e48-AC76-180A282C4E10}) (Version: 2.7.7150 - Python Software Foundation)
QuickTransfer (HKLM-x32\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM-x32\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.13.0 - Samsung Electronics Co., Ltd.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{8E4B1BE8-DCF3-4B90-A726-B28107442623}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Toolbox (HKLM-x32\...\{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}) (Version: 140.0.424.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
UltraISO Premium V9.71 (HKLM-x32\...\UltraISO_is1) (Version: - )
Vegas Pro 13.0 (64-bit) (HKLM\...\{204DC300-0BC8-11E5-B87F-F04DA23A5C58}) (Version: 13.0.453 - Sony)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Diego\Desktop\WhatsChrome.lnk -> C:\Users\Diego\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=bgkodfmeijboinjdegggmkbkjfiagaan
ShortcutWithArgument: C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\WhatsChrome (1).lnk -> C:\Users\Diego\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=bgkodfmeijboinjdegggmkbkjfiagaan
ShortcutWithArgument: C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\WhatsChrome.lnk -> C:\Users\Diego\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=bgkodfmeijboinjdegggmkbkjfiagaan
==================== Loaded Modules (Whitelisted) ==============
2009-05-14 16:49 - 2009-05-14 16:49 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2009-05-14 16:49 - 2009-05-14 16:49 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 23:34 - 2019-01-06 11:11 - 000000927 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 cap.cyberlink.com
127.0.0.1 activation.cyberlink.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\
HKU\S-1-5-21-1659731970-3403070027-1370717698-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{E9A8C169-F7B6-413D-A296-323E20DD2D52}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9EDE9BAE-9EE6-4BF8-BE28-75CE1F87582C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{437EEC64-10C4-4EF1-A3CB-E51AC0003127}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{19437B19-442A-4FC4-8B63-028E03123650}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{14822677-79D2-4083-BC06-70B3A35F2A5F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{2081E884-7EDD-4BFE-9D56-1E8FA3EB86FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{D3B8AFC9-2554-4602-B7AF-DB0DBB8E8FD0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{5C86EE28-33C6-4728-BAEE-0A458F48DDE1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{91B40C4B-F73A-42DC-93EA-9A0A59025212}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{8A18A86C-A6BD-4485-AAD5-E8DBC70FE1A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{ECDBEF3E-D6E7-4575-B00D-B431B59D3733}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{A9E4C819-ECBA-4506-97F9-DE0DA553F8DA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{58495125-A6F5-423E-A21D-3AB886BCF3A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard)
FirewallRules: [{918A3EC2-1D59-45FB-B50B-A3FECC6156D1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{D0B40AC6-068C-4E02-9F1F-3997029D416C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F6952490-98FE-4A67-A74E-734950DB2C83}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{B86C0182-7E4E-4DB0-A007-110E33B6B049}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{C0232BF7-BDB9-4683-A820-AEA6816BE13F}] => (Allow) LPort=1688
FirewallRules: [{50275C26-3816-4448-AAA1-B9A808E899DC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\{14BC6853-A74E-4874-B50D-679889D1544D}\setup\hpznui40.exe (Hewlett Packard -> Hewlett-Packard)
FirewallRules: [TCP Query User{9997CFA0-AFAB-4E4C-925E-E995F5FEC750}C:\users\diego\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\diego\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{8522D9E9-FB82-4BE5-8C3B-5FF090713EC6}C:\users\diego\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\diego\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{7BA052DA-4D34-4D43-A20D-A4C39AE97454}C:\users\diego\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\diego\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{53FA4F4B-5DDE-40CA-AF0C-6DA9693EAC2B}C:\users\diego\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\diego\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{FD4A3F50-4986-45E4-BA2B-9B24FCA7A596}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D43F45C6-4472-4EA7-A70B-590E98F4CA88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E2C93578-C5C5-431B-A495-E36B335F4864}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [UDP Query User{20E1D908-49AF-4264-9833-5A2EA9E02463}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [{8B47A470-6FC2-4C43-942E-469AC975182D}] => (Block) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [{A6104F5C-5877-4C0A-B25E-E22316E4B93C}] => (Block) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [{54941B1D-6C84-48E6-8E6E-21CDAFEA28FB}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{1DFC2F81-BAE3-4DDD-B8C2-9B00FE04E164}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{94F70059-4FCA-40FA-AC77-7E8063836085}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:465.66 GB) (Free:146.42 GB) (31%)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/14/2019 03:47:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (09/14/2019 03:46:07 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x00000000.
Error: (09/14/2019 03:46:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
0x80070005
System errors:
=============
Error: (09/14/2019 03:46:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio SessionLauncher no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 0503 10/18/2011
Motherboard: ASUSTeK Computer INC. P5G41T-M LX V2
Processor: Intel(R) Celeron(R) CPU E3300 @ 2.50GHz
Percentage of memory in use: 86%
Total physical RAM: 2013.12 MB
Available physical RAM: 264.99 MB
Total Virtual: 4026.23 MB
Available Virtual: 1323.44 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:146.42 GB) NTFS
\\?\Volume{67ac173d-8622-11e6-bd63-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 488CCE3A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Estan todos los informes. Al concluír con cada analisis reinicié, conecte el router, activé el antivirus nuevamente (avast) y les envié los informes. Al cliquear para loguearme me salieron las ventanas habituales, y el antivirus bloqueó una de ellas pero no identifique el nombre, sigue igual que antes.
Bien… y ahora sigue estos pasos, MUY Importante Realiza una copia de seguridad del registro :
-
Para hacerlo descarga
DelFix.exe(en tu escritorio). -
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
-
Atención, ahora marca/selecciona únicamente la casilla
Create registry backup, las demás casillas NO. -
Pulsar en Run.
Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.
Con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.
- Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1659731970-3403070027-1370717698-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\yw3kt3vs.default -> www.gibiru.com
FF HomepageOverride: Mozilla\Firefox\Profiles\yw3kt3vs.default -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\yw3kt3vs.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1659731970-3403070027-1370717698-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Diego\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1659731970-3403070027-1370717698-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Diego\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
S2 SessionLauncher; C:\Users\Diego\AppData\Local\Temp\DX9\SessionLauncher.exe [X] <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-09-08 00:14 - 2019-09-08 01:17 - 000000000 ____D C:\Users\Diego\AppData\Local\Mail.Ru
2019-09-08 00:14 - 2019-09-08 00:15 - 000000000 ____D C:\ProgramData\Mail.Ru
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
ENDGuárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.
Nota Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.
Y ahora inicia tu equipo desde el Modo Seguro – con funciones de Red, de Windows
-
Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
-
Presionar el botón FIX y aguardar a que termine.
-
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).
Pegar el contenido de este fichero en tu próxima respuesta.
Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.
Saludos.
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-09-2019
Ran by Diego (14-09-2019 20:51:44) Run:1
Running from C:\Users\Diego\Desktop
Loaded Profiles: Diego (Available Profiles: Diego)
Boot Mode: Safe Mode (with Networking)
==============================================
fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1659731970-3403070027-1370717698-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\yw3kt3vs.default -> www.gibiru.com
FF HomepageOverride: Mozilla\Firefox\Profiles\yw3kt3vs.default -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\yw3kt3vs.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1659731970-3403070027-1370717698-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Diego\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1659731970-3403070027-1370717698-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Diego\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
S2 SessionLauncher; C:\Users\Diego\AppData\Local\Temp\DX9\SessionLauncher.exe [X] <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-09-08 00:14 - 2019-09-08 01:17 - 000000000 ____D C:\Users\Diego\AppData\Local\Mail.Ru
2019-09-08 00:14 - 2019-09-08 00:15 - 000000000 ____D C:\ProgramData\Mail.Ru
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************
Error: Restore point can only be created in normal mode.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-1659731970-3403070027-1370717698-1000\SOFTWARE\Policies\Google => removed successfully
"Firefox homepage" => removed successfully
"Firefox HomepageOverride ([email protected]) " => removed successfully
"Firefox NewTabOverride ({a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}) " => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKU\S-1-5-21-1659731970-3403070027-1370717698-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => removed successfully
"C:\Users\Diego\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll" => not found
HKU\S-1-5-21-1659731970-3403070027-1370717698-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => removed successfully
"C:\Users\Diego\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll" => not found
HKLM\System\CurrentControlSet\Services\SessionLauncher => removed successfully
SessionLauncher => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
C:\Users\Diego\AppData\Local\Mail.Ru => moved successfully
C:\ProgramData\Mail.Ru => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1659731970-3403070027-1370717698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1659731970-3403070027-1370717698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
========= netsh winsock reset =========
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
========= End of CMD: =========
========= ipconfig /renew =========
Configuraci¢n IP de Windows
Adaptador de Ethernet Conexi¢n de rea local:
Sufijo DNS espec¡fico para la conexi¢n. . : fibertel.com.ar
Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.242
M scara de subred . . . . . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada . . . . . : 192.168.0.1
========= End of CMD: =========
========= ipconfig /flushdns =========
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.
========= End of CMD: =========
========= netsh advfirewall reset =========
Aceptar
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Aceptar
========= End of CMD: =========
========= netsh int ipv4 reset =========
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= End of CMD: =========
========= netsh int ipv6 reset =========
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17798298 B
Java, Flash, Steam htmlcache => 379 B
Windows/system/drivers => 362477 B
Edge => 0 B
Chrome => 928870 B
Firefox => 46164925 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 33253 B
LocalService => 33125 B
NetworkService => 0 B
Diego => 4166467 B
RecycleBin => 0 B
EmptyTemp: => 66.3 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:52:04 ====
Luego de verificar está exactamente igual.
Hola.
Tienes sincronizado tus navegadores desde el usuario con otros dispositivos…??
Si, con un smartphone Samsung J7.
Hola.
Bien… pues por ahí viene el problema, 
al estar sincronizado se autoregeneran en TU equipo los mismos problemas que se han ido eliminando al realizar las desinfecciones.
Debes desactivar la sincronización en TODOS tus navegadores, dejándolas desactivadas y después de hacerlo REPITE de nuevo TODOS los pasos/procesos que te indiqué en mi segundo mensaje, haciéndolos en el mismo orden y nos pones los nuevos informes que se te generarán. 
Saludos.
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 15/9/19
Hora del análisis: 10:45
Archivo de registro: 1ab227a3-d7bf-11e9-9c4a-14dae93067bc.json
-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.625
Versión del paquete de actualización: 1.0.12453
Licencia: Gratis
-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: Diego-PC\Diego
-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 248169
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 9 min, 42 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 0
(No hay elementos maliciosos detectados)
Valor del registro: 0
(No hay elementos maliciosos detectados)
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 0
(No hay elementos maliciosos detectados)
Archivo: 0
(No hay elementos maliciosos detectados)
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-05-2019
# Database: 2019-08-27.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-15-2019
# Duration: 00:00:36
# OS: Windows 7 Ultimate
# Scanned: 35522
# Detected: 1
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Preinstalled Software ] *****
Preinstalled.CyberLinkService Folder C:\Program Files\CYBERLINK\SHARED FILES\PLUGIN\NEWBLUE
AdwCleaner_Debug.log - [8144 octets] - [14/09/2019 15:54:54]
AdwCleaner[S00].txt - [1456 octets] - [14/09/2019 15:55:30]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64
Ran by Diego (Administrator) on 15/09/2019 at 11:00:43,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 8
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52H919HR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BF9KSKYP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H44CWPID (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JFDJR1HH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52H919HR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BF9KSKYP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H44CWPID (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JFDJR1HH (Temporary Internet Files Folder)
Deleted the following from C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\yw3kt3vs.default\prefs.js
user_pref(extensions.webextensions.uuids, {\[email protected]\:\f4c24928-7949-45fc-aa5b-a346d144d75c\,\[email protected]\:\ee73d93b-fc79-44db-9a1f-078e1
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/09/2019 at 11:08:00,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~