Virus lanegoz.ru

#24

Ahi publiqué con lo que me resultó ESET. Según eset no tengo nada, pero las paginas se siguen abriendo solas, y mi internet baja sin motivo de pronto.

0 me gusta

#25

Hola

Faltan los nuevos reportes de FRST para revisarlos.

Un saludo

1 me gusta

#26

Fix result of Farbar Recovery Scan Tool (x64) Version: 12.02.2019 01
Ran by Gustavo Caro (13-02-2019 14:40:12) Run:4
Running from C:\Users\Gustavo Caro\Desktop
Loaded Profiles: Gustavo Caro (Available Profiles: Gustavo Caro & CDFAccount)
Boot Mode: Normal
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
(Tencent) E:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [uTorrent] => C:\Users\Gustavo Caro\AppData\Roaming\uTorrent\uTorrent.exe [1908920 2019-01-17] (BitTorrent Inc.)
FF Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Gustavo Caro\AppData\Roaming\Mozilla\Firefox\Profiles\kasxhkyj.default\Extensions\@setupvpncom.xpi [2018-07-02]
CHR StartupUrls: Default -> "hxxps://boards.4chan.org/w/","hxxps://www.youtube.com/watch?v=EvazDsAWAno","hxxps://www.reddit.com/r/leagueoflegends","hxxp://www.lolskill.net/game/LAS/panconmoco","hxxp://www.probuilds.net/guide/EUW/2310884659/18995872","hxxps://www.facebook.com/groups/SDLG14/?fref=nf","hxxp://boards.4chan.org/wg/","hxxp://boards.4chan.org/wg/thread/6312763/startpage-and-new-tab-thread-3#p6312811","file:///C:/Users/Cherno/Documents/startpage/index.html"
CHR Extension: (MyJSCript) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpabpfikknflecblchhfkpkcpilbkfcd [2019-01-14]
CHR Extension: (InstaG Downloader) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkdcmgmnegofdddphijckfagibepdlb [2018-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-04]
CHR Extension: (MyJSCript) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpabpfikknflecblchhfkpkcpilbkfcd [2019-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-06]
R2 aow_drv; E:\Program Files\TxGameAssistant\UI\2.0.6479.123\aow_drv_x64_ev.sys [853776 2018-09-14] (Tencent)
2019-01-23 16:31 - 2019-01-23 16:31 - 000000000 ____D C:\ProgramData\Tencent
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>  -> No File
Task: {65011265-4A40-4A61-9A09-5A5FA5404146} - System32\Tasks\[email protected]\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
FirewallRules: [TCP Query User{753216C3-F510-4AE3-A570-7396F5622796}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{CEABEBB5-03B5-4EAA-83B6-9D2A14030235}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{70C0A1C8-DBD5-4485-AD41-8DEF0262C939}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{3B56E869-A751-4093-A098-B0848DCAE33A}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe No File

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
E:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe => No running process found
"HKU\S-1-5-21-808367516-1742056278-3576212296-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent" => not found
"C:\Users\Gustavo Caro\AppData\Roaming\Mozilla\Firefox\Profiles\kasxhkyj.default\Extensions\@setupvpncom.xpi" => not found
"Chrome StartupUrls" => removed successfully
CHR Extension: (MyJSCript) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpabpfikknflecblchhfkpkcpilbkfcd [2019-01-14] => Error: No automatic fix found for this entry.
CHR Extension: (InstaG Downloader) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkdcmgmnegofdddphijckfagibepdlb [2018-07-11] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-04] => Error: No automatic fix found for this entry.
CHR Extension: (MyJSCript) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpabpfikknflecblchhfkpkcpilbkfcd [2019-01-14] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-06] => Error: No automatic fix found for this entry.
aow_drv => service not found.
C:\ProgramData\Tencent => moved successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\AccExt => not found
HKLM\Software\Classes\CLSID\{2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65011265-4A40-4A61-9A09-5A5FA5404146}" => not found
"C:\WINDOWS\System32\Tasks\[email protected]\Windows64Professional" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\[email protected]\Windows64Professional" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65B85F6F-35B3-4459-A179-28255D5B7B25}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\HelloFace\FODCleanupTask" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{753216C3-F510-4AE3-A570-7396F5622796}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CEABEBB5-03B5-4EAA-83B6-9D2A14030235}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{70C0A1C8-DBD5-4485-AD41-8DEF0262C939}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3B56E869-A751-4093-A098-B0848DCAE33A}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-808367516-1742056278-3576212296-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-808367516-1742056278-3576212296-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Ethernet 2 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Local Area Connection* 12 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Bluetooth Network Connection mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Ethernet 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Local Area Connection* 12:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi:

   Sufijo DNS espec¡fico para la conexi¢n. . : Home
   V¡nculo: direcci¢n IPv6 local. . . : fe80::5414:aa0b:9cd6:e94b%14
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.7
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de Ethernet Bluetooth Network Connection:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to cancel {2B29A9B6-4870-4675-904D-9584920C2EA7}.
0 out of 1 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44956754 B
Java, Flash, Steam htmlcache => 38600543 B
Windows/system/drivers => 9395853 B
Edge => 0 B
Chrome => 883911505 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 44812 B
NetworkService => 0 B
Gustavo Caro => 20448229 B
CDFAccount => 0 B

RecycleBin => 0 B
EmptyTemp: => 961.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:41:10 ====
0 me gusta

#27

Hola

Ese reporte es del Fixlist, lo que necesito son unos nuevos reportes como los que sacaste con los pasos de este post.

Un saludo

1 me gusta

#28
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.02.2019 01
Ran by Gustavo Caro (administrator) on DESKTOP-4O241NA (28-02-2019 13:31:30)
Running from C:\Users\Gustavo Caro\Desktop
Loaded Profiles: Gustavo Caro (Available Profiles: Gustavo Caro & CDFAccount)
Platform: Windows 10 Pro Version 1803 17134.590 (X64) Language: Inglés (Estados Unidos)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Tencent Technology(Shenzhen) Company Limited -> Tencent) E:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atiesrxx.exe
(Atheros) [File not signed] C:\Windows\SysWOW64\acs.exe
(TunnelBear, Inc. -> ) C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(AnchorFree Inc -> AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Wireless) [File not signed] C:\Program Files (x86)\TP-LINK\QSS\jswpbapi.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Native Instruments GmbH) [File not signed] C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(Electronic Arts, Inc. -> Electronic Arts) E:\Origin\OriginWebHelperService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atieclxx.exe
() [File not signed] C:\Windows\DAODx.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
() [File not signed] C:\Program Files (x86)\TP-LINK\Utilidad de Cliente Inalambrico TP-LINK\TWCU.exe
(Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Riot Games, Inc. -> ) F:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.188\deploy\LeagueClient.exe
(Riot Games, Inc. -> ) F:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.188\deploy\LeagueClientUx.exe
(Riot Games, Inc. -> ) F:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.188\deploy\LeagueClientUxRender.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Riot Games, Inc. -> ) F:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.188\deploy\LeagueClientUxRender.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\WINDOWS\system [0 2018-04-11]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8841472 2018-04-14] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18591352 2018-03-19] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [WindowsDefender] => C:\WINDOWS\system [0 2018-04-11]
HKLM\...\Run: [AvastUI.exe] => AvastUI.exe
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
HKLM-x32\...\Run: [jswtrayutil] => C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe [32871 2011-04-01] () [File not signed]
HKLM-x32\...\Run: [TWCU] => C:\Program Files (x86)\TP-LINK\Utilidad de Cliente Inalambrico TP-LINK\TWCU.exe [561263 2011-03-28] () [File not signed]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409936 2018-02-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3133216 2019-01-04] (Valve -> Valve Corporation)
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [SideSync] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [12476064 2018-03-07] (Samsung Electronics CO., LTD. -> )
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [Spotify] => C:\Users\Gustavo Caro\AppData\Roaming\Spotify\Spotify.exe [26118888 2019-02-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [Discord] => C:\Users\Gustavo Caro\AppData\Local\Discord\app-0.0.304\Discord.exe [81747288 2019-01-15] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [2229200 2019-02-21] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [TMozillaMaintenanceService] => C:\Users\Gustavo Caro\AppData\Roaming\TMozillaMaintenanceService\TMozillaMaintenanceService.com [678400 2019-02-23] (U.S. Bancorp) [File not signed]
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [SecurityHealth] => C:\WINDOWS\system [0 2018-04-11]
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [WindowsDefender] => C:\WINDOWS\system [0 2018-04-11]
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [AvastUI.exe] => AvastUI.exe
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-25] (Google LLC -> Google Inc.)
Startup: C:\Users\Gustavo Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-09-25]
ShortcutTarget: Twitch.lnk -> C:\Users\Gustavo Caro\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.75.0.4 200.75.0.5
Tcpip\..\Interfaces\{069fc00c-315a-48a2-a7a5-dd23c1fa2864}: [DhcpNameServer] 200.75.0.4 200.75.0.5
Tcpip\..\Interfaces\{52eef787-8ae4-49f1-876d-b7e6ea6e0245}: [DhcpNameServer] 200.75.0.4 200.75.0.5
Tcpip\..\Interfaces\{7663b9b6-89e2-4d11-8252-6f263ed2028c}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7663b9b6-89e2-4d11-8252-6f263ed2028c}: [DhcpNameServer] 200.75.0.4 200.75.0.5
Tcpip\..\Interfaces\{7a0ebada-2f15-4da7-9b60-a91c87b58c7a}: [DhcpNameServer] 200.75.0.4 200.75.0.5
Tcpip\..\Interfaces\{8ca87710-03b6-448d-aa63-8b3e7aec149c}: [DhcpNameServer] 200.75.0.4 200.75.0.5

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cl/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-16] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: kasxhkyj.default
FF ProfilePath: C:\Users\Gustavo Caro\AppData\Roaming\Mozilla\Firefox\Profiles\kasxhkyj.default [2019-01-28]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems Incorporated -> Adobe Systems)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.cl/
CHR StartupUrls: Default -> "hxxps://boards.4chan.org/w/","hxxps://www.youtube.com/watch?v=EvazDsAWAno","hxxps://www.reddit.com/r/leagueoflegends","hxxp://www.lolskill.net/game/LAS/panconmoco","hxxp://www.probuilds.net/guide/EUW/2310884659/18995872","hxxps://www.facebook.com/groups/SDLG14/?fref=nf","hxxp://boards.4chan.org/wg/","hxxp://boards.4chan.org/wg/thread/6312763/startpage-and-new-tab-thread-3#p6312811","file:///C:/Users/Cherno/Documents/startpage/index.html"
CHR Profile: C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default [2019-02-28]
CHR Extension: (Presentaciones) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-17]
CHR Extension: (Documentos) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-17]
CHR Extension: (Google Drive) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-17]
CHR Extension: (YouTube) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-17]
CHR Extension: (Form Filler) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo [2019-02-22]
CHR Extension: (Tampermonkey) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-02-06]
CHR Extension: (LoL Stream Browser) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp [2018-06-17]
CHR Extension: (Sketch Toy) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednofnkligfbacmlfggaccfhpkfopojb [2018-06-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-07-11]
CHR Extension: (Video Downloader professional) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-08-07]
CHR Extension: (Hojas de cálculo) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-17]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (AdBlock) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-24]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-02-27]
CHR Extension: (MyJSCript) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpabpfikknflecblchhfkpkcpilbkfcd [2019-01-14]
CHR Extension: (Google Keep: notas y listas) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2019-02-25]
CHR Extension: (Flying Paint) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaddkdiibkddhdbcmmplkhcpgeinggfo [2018-06-17]
CHR Extension: (Eliminar todos los mensajes para Facebook ™) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnpnpdgfopkoibbhemhdinhcbghpokf [2019-01-14]
CHR Extension: (InstaG Downloader) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkdcmgmnegofdddphijckfagibepdlb [2018-07-11]
CHR Extension: (Messenger Cleaner) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhfajmpgiahjmnbhemaehbgadnhnhbd [2019-02-07]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-17]
CHR Extension: (Gmail) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-17]
CHR Extension: (Chrome Media Router) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15]
CHR Profile: C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-01-28]
CHR Profile: C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-02-27]
CHR Extension: (Presentaciones) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-17]
CHR Extension: (Documentos) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-17]
CHR Extension: (Google Drive) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-17]
CHR Extension: (YouTube) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-17]
CHR Extension: (Tampermonkey) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-02-22]
CHR Extension: (Adobe Acrobat) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-07-11]
CHR Extension: (Hojas de cálculo) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-17]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-28]
CHR Extension: (MyJSCript) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpabpfikknflecblchhfkpkcpilbkfcd [2019-01-14]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-17]
CHR Extension: (Gmail) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-17]
CHR Extension: (Chrome Media Router) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15]
CHR Profile: C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACS; C:\Windows\SysWOW64\acs.exe [499796 2011-04-01] (Atheros) [File not signed]
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atiesrxx.exe [481768 2018-03-23] (Advanced Micro Devices, Inc. -> AMD)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2018-04-14] (ASUSTeK Computer Inc. -> )
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2018-04-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2018-04-14] (ASUSTeK Computer Inc. -> ) [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2018-04-14] (ASUSTeK Computer Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7212480 2018-09-16] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11141696 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2018-12-08] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53632 2018-11-16] (AnchorFree Inc -> AnchorFree Inc.)
R2 jswpbapi; C:\Program Files (x86)\TP-LINK\QSS\jswpbapi.exe [265216 2011-04-01] (Wireless) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe [360529 2011-04-01] (wireless) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [202872 2018-03-19] (Logitech Inc -> Logitech Inc.)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [217040 2019-02-21] (TEFINCOM S.A. -> )
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2298688 2019-02-14] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [3171144 2019-02-14] (Electronic Arts, Inc. -> Electronic Arts)
R2 QMEmulatorService; E:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [342776 2018-06-21] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [119680 2018-06-19] (TunnelBear, Inc. -> )

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-11-16] (AnchorFree Inc -> AnchorFree Inc.)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atikmdag.sys [41595872 2018-03-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atikmpag.sys [546280 2018-03-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-04-14] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2018-04-14] (ASUSTeK Computer Inc. -> )
R3 athur; C:\WINDOWS\System32\drivers\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-26] (WDKTestCert Robert,130802973755980687 -> C-MEDIA)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 JSWSCIMD; C:\WINDOWS\system32\DRIVERS\jswscimdx.sys [75264 2011-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-03-19] (Logitech Inc -> Logitech Inc.)
R1 MpKsl2f34fc42; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA7022B6-DEEC-423A-84E5-746A212B4FA3}\MpKsl2f34fc42.sys [58120 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrd.sys [32840 2018-04-14] (Realtek Semiconductor Corp -> NT Kernel Resources)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2018-04-14] (Realtek Semiconductor Corp -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [43648 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-05-16] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
S3 WSIMD; C:\WINDOWS\system32\DRIVERS\wsimdx.sys [75776 2011-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2018-05-18] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
U4 diagnosticshub.standardcollector.service; no ImagePath
S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-28 13:31 - 2019-02-28 13:32 - 000032149 _____ C:\Users\Gustavo Caro\Desktop\FRST.txt
2019-02-26 15:18 - 2019-02-26 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-02-23 17:09 - 2019-02-23 17:09 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Roaming\TMozillaMaintenanceService
2019-02-21 16:27 - 2019-02-21 16:27 - 000001999 _____ C:\Users\Public\Desktop\NordVPN.lnk
2019-02-21 16:27 - 2019-02-21 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2019-02-21 16:27 - 2019-02-21 16:27 - 000000000 ____D C:\Program Files (x86)\NordVPN
2019-02-20 21:09 - 2019-02-20 21:10 - 000000000 ____D C:\ProgramData\NordVpn
2019-02-20 21:09 - 2019-02-20 21:09 - 000000000 ____D C:\ProgramData\Caphyon
2019-02-20 21:08 - 2019-02-21 16:27 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Local\NordVPN
2019-02-20 21:08 - 2019-02-20 21:08 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2019-02-20 11:55 - 2019-02-20 11:55 - 000001158 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2019-02-20 11:55 - 2019-02-20 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2019-02-20 11:55 - 2019-02-20 11:55 - 000000000 ____D C:\ProgramData\Hotspot Shield
2019-02-20 11:55 - 2019-02-20 11:55 - 000000000 ____D C:\Program Files\TAP-Windows
2019-02-20 11:55 - 2019-02-20 11:55 - 000000000 ____D C:\Program Files (x86)\Hotspot Shield
2019-02-17 00:32 - 2019-02-17 00:32 - 000000000 ____D C:\Users\Gustavo Caro\Desktop\Odin3_v3.13.1
2019-02-17 00:14 - 2019-02-17 00:15 - 000000000 ____D C:\Users\Gustavo Caro\Desktop\FIRMWARE
2019-02-16 23:59 - 2019-02-17 00:36 - 000000000 ____D C:\Users\Gustavo Caro\Desktop\SamFirm_v0.3.6
2019-02-14 22:54 - 2019-02-14 22:54 - 000000000 ____D C:\Program Files (x86)\Origin Games
2019-02-14 22:21 - 2019-02-14 22:21 - 000000000 ____D C:\ProgramData\Electronic Arts
2019-02-14 19:56 - 2019-02-19 14:28 - 000000885 _____ C:\Users\Public\Desktop\Apex Legends.lnk
2019-02-14 19:56 - 2019-02-14 19:56 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2019-02-14 18:01 - 2019-02-14 18:01 - 000000588 _____ C:\Users\Public\Desktop\Origin.lnk
2019-02-14 18:01 - 2019-02-14 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2019-02-14 17:54 - 2019-02-21 23:18 - 000000000 ____D C:\ProgramData\Origin
2019-02-14 17:54 - 2019-02-21 23:09 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Roaming\Origin
2019-02-14 17:54 - 2019-02-14 22:54 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Local\Origin
2019-02-14 17:54 - 2019-02-14 17:54 - 000000000 ____D C:\Users\Gustavo Caro\.QtWebEngineProcess
2019-02-14 17:54 - 2019-02-14 17:54 - 000000000 ____D C:\Users\Gustavo Caro\.Origin
2019-02-13 14:41 - 2019-02-13 14:41 - 000000000 ____D C:\ProgramData\Tencent
2019-02-12 22:13 - 2019-02-06 00:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-12 22:12 - 2019-02-06 04:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-12 22:12 - 2019-02-06 04:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-12 22:12 - 2019-02-06 04:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-12 22:12 - 2019-02-06 04:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-12 22:12 - 2019-02-06 04:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-12 22:12 - 2019-02-06 04:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-12 22:12 - 2019-02-06 04:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-12 22:12 - 2019-02-06 04:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-12 22:12 - 2019-02-06 03:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-12 22:12 - 2019-02-06 03:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-12 22:12 - 2019-02-06 03:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-12 22:12 - 2019-02-06 03:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-12 22:12 - 2019-02-06 00:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-12 22:12 - 2019-02-06 00:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-12 22:12 - 2019-02-06 00:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-12 22:12 - 2019-02-06 00:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-12 22:12 - 2019-02-06 00:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-12 22:12 - 2019-02-06 00:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-12 22:12 - 2019-02-06 00:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-12 22:12 - 2019-02-06 00:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-12 22:12 - 2019-02-06 00:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-12 22:12 - 2019-02-06 00:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-12 22:12 - 2019-02-06 00:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-12 22:12 - 2019-02-06 00:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-12 22:12 - 2019-02-06 00:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-12 22:12 - 2019-02-06 00:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-12 22:12 - 2019-02-06 00:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-12 22:12 - 2019-02-06 00:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-12 22:12 - 2019-02-06 00:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-12 22:12 - 2019-02-06 00:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-12 22:12 - 2019-02-06 00:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-12 22:12 - 2019-02-06 00:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-12 22:12 - 2019-02-06 00:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-12 22:12 - 2019-02-06 00:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-12 22:12 - 2019-02-06 00:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-12 22:12 - 2019-02-05 23:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-12 22:12 - 2019-02-05 23:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-12 22:12 - 2019-02-05 23:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-12 22:12 - 2019-02-05 23:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-12 22:12 - 2019-02-05 23:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-12 22:12 - 2019-02-05 23:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-12 22:12 - 2019-02-05 23:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-12 22:12 - 2019-02-05 23:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-12 22:12 - 2019-02-05 23:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-12 22:12 - 2019-02-05 23:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-12 22:12 - 2019-02-05 23:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-12 22:12 - 2019-02-05 23:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-12 22:12 - 2019-02-05 23:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-12 22:12 - 2019-02-05 23:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-12 22:12 - 2019-02-05 23:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-12 22:12 - 2019-02-05 23:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-12 22:12 - 2019-02-05 23:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-12 22:12 - 2019-02-05 23:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-12 22:12 - 2019-02-05 23:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-12 22:12 - 2019-02-05 23:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-12 22:12 - 2019-02-05 23:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-12 22:12 - 2019-02-05 23:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-12 22:12 - 2019-02-05 23:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-12 22:12 - 2019-02-05 23:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-12 22:12 - 2019-02-05 23:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-12 22:12 - 2019-02-05 23:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-12 22:12 - 2019-02-05 23:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-12 22:12 - 2019-02-05 23:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-12 22:12 - 2019-02-05 23:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-12 22:12 - 2019-02-05 23:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-12 22:12 - 2019-02-05 23:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-12 22:12 - 2019-02-05 23:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-12 22:12 - 2019-02-05 23:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-12 22:12 - 2019-02-05 23:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-12 22:12 - 2019-02-05 23:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-12 22:12 - 2019-02-05 23:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-12 22:12 - 2019-02-05 22:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-12 22:12 - 2019-01-12 05:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-12 22:12 - 2019-01-11 23:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-12 22:12 - 2019-01-09 15:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-12 22:12 - 2019-01-09 14:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-12 22:12 - 2019-01-09 14:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-12 22:12 - 2019-01-09 14:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-12 22:12 - 2019-01-09 14:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-12 22:12 - 2019-01-09 14:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-12 22:12 - 2019-01-09 14:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-12 22:12 - 2019-01-09 14:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-12 22:12 - 2019-01-09 07:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-12 22:12 - 2019-01-09 06:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-12 22:12 - 2019-01-09 06:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-12 22:12 - 2019-01-09 05:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-12 22:12 - 2019-01-09 05:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-12 22:12 - 2019-01-09 02:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-12 22:12 - 2019-01-09 02:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-12 22:12 - 2019-01-09 02:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-12 22:12 - 2019-01-09 02:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-12 22:12 - 2019-01-09 02:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-12 22:12 - 2019-01-09 02:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-12 22:12 - 2019-01-09 02:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-12 22:12 - 2019-01-09 02:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-12 22:12 - 2019-01-09 02:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-12 22:12 - 2019-01-09 02:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-12 22:12 - 2019-01-09 02:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-12 22:12 - 2019-01-09 02:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-12 22:12 - 2019-01-09 02:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-12 22:12 - 2019-01-09 02:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-12 22:12 - 2019-01-09 02:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-12 22:12 - 2019-01-09 02:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-12 22:12 - 2019-01-09 02:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-12 22:12 - 2019-01-09 02:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-12 22:12 - 2019-01-09 02:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-12 22:12 - 2019-01-09 02:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-12 22:12 - 2019-01-09 02:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-12 22:12 - 2019-01-09 02:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-12 22:12 - 2019-01-09 02:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-12 22:12 - 2019-01-09 02:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-12 22:12 - 2019-01-09 02:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-12 22:12 - 2019-01-09 02:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-12 22:12 - 2019-01-09 02:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-12 22:12 - 2019-01-09 02:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-12 22:12 - 2019-01-09 02:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-12 22:12 - 2019-01-09 02:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-12 22:12 - 2019-01-09 02:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-12 22:12 - 2019-01-09 02:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-12 22:12 - 2019-01-09 02:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-12 22:12 - 2019-01-09 02:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-12 22:12 - 2019-01-09 02:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-12 22:12 - 2019-01-09 02:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-12 22:12 - 2019-01-09 02:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-12 22:12 - 2019-01-09 02:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-12 22:12 - 2019-01-09 02:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-12 22:12 - 2019-01-09 02:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-12 22:12 - 2019-01-09 02:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-12 22:12 - 2019-01-09 02:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-12 22:12 - 2019-01-09 02:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-12 22:12 - 2019-01-09 02:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-12 22:12 - 2019-01-09 02:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-12 22:12 - 2019-01-09 02:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-12 22:12 - 2019-01-09 02:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-12 22:12 - 2019-01-09 02:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-12 22:12 - 2019-01-09 02:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-12 22:12 - 2019-01-09 02:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-12 22:12 - 2019-01-09 02:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-12 22:12 - 2019-01-09 02:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-12 22:12 - 2019-01-09 02:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-12 22:12 - 2019-01-09 02:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-12 22:12 - 2019-01-09 02:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-12 22:12 - 2019-01-09 02:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-12 22:12 - 2019-01-09 02:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-12 22:12 - 2019-01-09 02:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-12 22:12 - 2019-01-09 02:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-12 22:12 - 2019-01-09 02:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-12 22:12 - 2019-01-09 02:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-12 22:12 - 2019-01-09 02:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-12 22:12 - 2019-01-09 02:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-12 22:12 - 2019-01-09 02:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-12 22:12 - 2019-01-09 02:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-12 22:12 - 2019-01-09 02:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-12 22:12 - 2019-01-09 02:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-12 22:12 - 2019-01-09 02:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-12 22:12 - 2019-01-09 02:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-12 22:12 - 2019-01-09 02:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-12 22:12 - 2019-01-09 02:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-12 22:12 - 2019-01-09 02:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-12 22:12 - 2019-01-09 02:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-12 22:12 - 2019-01-09 02:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-12 22:12 - 2019-01-09 01:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-12 22:12 - 2019-01-09 01:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-12 22:12 - 2019-01-08 06:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-12 22:12 - 2019-01-08 00:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-12 22:12 - 2019-01-08 00:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-12 22:12 - 2019-01-08 00:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-08 01:06 - 2019-02-08 01:06 - 000380872 _____ C:\Users\Gustavo Caro\Desktop\Contactos 2019.csv
2019-01-31 02:48 - 2019-02-24 18:00 - 000003366 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn
2019-01-31 02:48 - 2019-02-24 18:00 - 000003360 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime
2019-01-31 00:45 - 2019-01-31 00:45 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Local\ESET

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-28 13:31 - 2018-06-16 00:52 - 000000000 ____D C:\FRST
2019-02-28 13:30 - 2019-01-28 00:52 - 000000000 ____D C:\Users\Gustavo Caro\Desktop\FRST-OlderVersion
2019-02-28 13:30 - 2019-01-25 21:39 - 002434048 _____ (Farbar) C:\Users\Gustavo Caro\Desktop\FRST64.exe
2019-02-28 04:24 - 2018-05-25 18:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-28 04:24 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-28 03:54 - 2018-04-14 05:32 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Roaming\Spotify
2019-02-27 22:57 - 2018-05-20 23:56 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Roaming\Telegram Desktop
2019-02-27 17:54 - 2018-04-15 01:51 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Roaming\vlc
2019-02-27 16:35 - 2018-11-20 23:47 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Roaming\discord
2019-02-27 16:14 - 2018-05-25 18:59 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Local\D3DSCache
2019-02-27 16:12 - 2018-11-20 23:47 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-02-27 16:12 - 2018-11-20 23:47 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Local\Discord
2019-02-27 15:38 - 2018-05-05 21:31 - 000000000 ____D C:\Users\Public\Logi
2019-02-26 20:16 - 2018-04-14 05:34 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Local\Spotify
2019-02-26 15:18 - 2019-01-28 14:55 - 000002597 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-02-26 15:18 - 2019-01-28 14:55 - 000002548 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-02-26 15:18 - 2019-01-28 14:55 - 000002529 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-02-26 15:18 - 2019-01-28 14:55 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-02-26 15:18 - 2019-01-28 14:55 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-02-26 15:18 - 2019-01-28 14:55 - 000002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-02-26 15:18 - 2019-01-28 14:55 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-02-26 15:18 - 2019-01-28 14:55 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-02-26 15:18 - 2018-04-15 02:09 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-25 22:26 - 2018-04-15 01:29 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Local\PlaceholderTileLogoFolder
2019-02-25 20:41 - 2018-06-16 00:55 - 000002316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-25 20:19 - 2018-04-14 01:46 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Local\Packages
2019-02-25 20:19 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-25 20:19 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-23 21:23 - 2018-07-20 16:49 - 000000000 ____D C:\WINDOWS\Minidump
2019-02-23 17:16 - 2018-05-25 22:43 - 000781156 _____ C:\WINDOWS\system32\perfh00A.dat
2019-02-23 17:16 - 2018-05-25 22:43 - 000152016 _____ C:\WINDOWS\system32\perfc00A.dat
2019-02-23 17:16 - 2018-05-25 19:02 - 001762872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-23 17:16 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-23 17:10 - 2018-07-19 00:10 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2019-02-23 17:09 - 2018-05-25 18:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-23 17:09 - 2018-04-14 01:55 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-02-23 17:09 - 2018-04-11 18:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-23 00:04 - 2018-05-25 18:53 - 000000000 ____D C:\Users\Gustavo Caro
2019-02-22 20:09 - 2018-04-14 23:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-21 16:33 - 2018-04-14 05:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-20 15:07 - 2018-05-30 00:22 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Local\ElevatedDiagnostics
2019-02-20 11:55 - 2018-04-14 01:54 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-18 13:42 - 2018-09-25 00:48 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Roaming\Twitch
2019-02-15 23:24 - 2018-04-14 03:33 - 000000000 ____D C:\Program Files\rempl
2019-02-15 02:24 - 2018-05-25 18:58 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-02-15 00:02 - 2018-04-14 05:39 - 000000000 ____D C:\Program Files (x86)\Steam
2019-02-14 22:54 - 2018-06-27 00:53 - 000000000 ____D C:\Users\Gustavo Caro\AppData\Roaming\EasyAntiCheat
2019-02-13 13:16 - 2018-05-25 18:52 - 000405688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-13 13:15 - 2018-04-11 20:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-13 13:15 - 2018-04-11 20:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-13 13:15 - 2018-04-11 20:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-13 13:15 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-13 13:15 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-13 13:15 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-12 22:15 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-12 22:12 - 2018-04-14 03:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-12 22:10 - 2018-04-14 03:29 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-12 18:09 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-02-09 15:07 - 2018-06-12 15:27 - 000000000 ____D C:\ProgramData\Packages
2019-02-07 14:56 - 2018-06-13 00:13 - 000000000 ____D C:\Program Files\CCleaner
2019-02-02 19:53 - 2018-04-11 20:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-02 19:53 - 2018-04-11 20:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-01 19:55 - 2018-10-11 20:57 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-01-31 01:18 - 2018-04-14 23:44 - 000000000 ____D C:\Users\Gustavo Caro\Downloads\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]

==================== Files in the root of some directories =======

2018-04-14 05:26 - 2017-08-11 10:54 - 000097496 _____ () C:\Users\Gustavo Caro\Ace32Loader.exe
2018-04-14 05:26 - 2017-08-11 10:54 - 000596696 _____ (Alexander Roshal) C:\Users\Gustavo Caro\Rar.exe
2018-04-14 05:26 - 2017-08-11 10:54 - 000439000 _____ (Alexander Roshal) C:\Users\Gustavo Caro\RarExt.dll
2018-04-14 05:26 - 2017-08-11 10:54 - 000369368 _____ (Alexander Roshal) C:\Users\Gustavo Caro\RarExt32.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000060416 ____N (Microsoft Corporation) C:\Users\Gustavo Caro\uJiieh.exe
2018-04-14 05:26 - 2017-08-11 10:54 - 000397016 _____ (Alexander Roshal) C:\Users\Gustavo Caro\UnRAR.exe
2018-04-14 05:26 - 2017-08-14 11:56 - 001569736 _____ (Alexander Roshal) C:\Users\Gustavo Caro\WinRAR.exe
2018-04-11 20:34 - 2018-04-11 20:34 - 000060416 ____N (Microsoft Corporation) C:\Users\Gustavo Caro\wRGEy.exe
2019-01-14 14:02 - 2019-01-14 14:02 - 000000002 _____ () C:\Users\Gustavo Caro\AppData\Local\imw.ini
2018-09-30 02:43 - 2018-09-30 02:43 - 000000000 _____ () C:\Users\Gustavo Caro\AppData\Local\oobelibMkey.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-25 18:52

==================== End of FRST.txt ============================
0 me gusta

#29
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.02.2019 01
Ran by Gustavo Caro (28-02-2019 13:32:37)
Running from C:\Users\Gustavo Caro\Desktop
Windows 10 Pro Version 1803 17134.590 (X64) (2018-05-25 21:59:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-808367516-1742056278-3576212296-500 - Administrator - Disabled)
CDFAccount (S-1-5-21-808367516-1742056278-3576212296-1002 - Limited - Disabled) => C:\Users\CDFAccount
DefaultAccount (S-1-5-21-808367516-1742056278-3576212296-503 - Limited - Disabled)
Guest (S-1-5-21-808367516-1742056278-3576212296-501 - Limited - Disabled)
Gustavo Caro (S-1-5-21-808367516-1742056278-3576212296-1001 - Administrator - Enabled) => C:\Users\Gustavo Caro
WDAGUtilityAccount (S-1-5-21-808367516-1742056278-3576212296-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.1.298 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.3.4 - Advanced Micro Devices, Inc.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.0.3 - Electronic Arts, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.35.1 - Asmedia Technology)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Discord (HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Discord) (Version: 0.0.304 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{9B504F12-DA3B-4CEC-A6FD-B07D6C1FEA26}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Hotspot Shield 7.15.1 (HKLM-x32\...\{3e29a499-0bcd-49f6-aa46-3e9ff41419f3}) (Version: 7.15.1.11114 - AnchorFree Inc.)
Hotspot Shield 7.15.1 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C117BE8D}) (Version: 7.15.1.11114 - AnchorFree Inc.) Hidden
Hotspot Shield 7.15.1 (HKLM-x32\...\HotspotShield) (Version: 7.15.1 - AnchorFree Inc.) Hidden
IllustratorCs6 versión 16.0 (HKLM-x32\...\{B558D09D-AF45-4008-B73B-409706BC7FF8}_is1) (Version: 16.0 - Nws)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Logitech Gaming Software 8.98 (HKLM\...\Logitech Gaming Software) (Version: 8.98.218 - Logitech Inc.)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office Profesional 2016 - es-es (HKLM\...\ProfessionalRetail - es-es) (Version: 16.0.11328.20116 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11328.20116 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\OneDriveSetup.exe) (Version: 18.101.0520.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 es-CL) (HKLM\...\Mozilla Firefox 61.0.1 (x64 es-CL)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version:  - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version:  - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
NordVPN (HKLM-x32\...\{EF750CE9-E908-457F-8B07-456F39CE757A}) (Version: 6.20.12 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.20.12) (Version: 6.20.12 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.1.0.0 - Duodian Technology Co. Ltd.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11328.20116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11328.20116 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.34.21025 - Electronic Arts, Inc.)
Programa de instalacion QSS (HKLM-x32\...\{439A036F-7B1E-45A8-BE0F-8BFA3381F68C}) (Version: 7.0 - TP-LINK) Hidden
Programa de Instalación QSS (HKLM-x32\...\{523A600F-B521-42E5-A5F1-7867A3E0CDA5}) (Version:  - TP-LINK)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7848 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.7.5.235 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18124.4 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18124.4 - Samsung Electronics Co., Ltd.)
Spotify (HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Spotify) (Version: 1.1.0.237.g378f6f25 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Tencent Gaming Buddy (HKLM-x32\...\MobileGamePC) (Version: 1.0.0.1 - Tencent Technology Company)
TP-LINK Wireless Client Utility (HKLM-x32\...\{B3639A0D-D29C-4F6C-AB59-FCAA34E50589}) (Version: 7.0 - TP-LINK) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.2 - TrueCrypt Foundation)
TunnelBear (HKLM-x32\...\{a9a95925-15a8-4f14-91fa-69c681465077}) (Version: 3.4.0.3 - TunnelBear)
TunnelBear (HKLM-x32\...\{D27CAFDC-4BC2-43D5-869E-AE20CD65C593}) (Version: 3.4.0.3 - TunnelBear) Hidden
Twitch (HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F3874F6F-EA00-487D-BEAD-5FAA010E78F2}) (Version: 1.15.0.0 - Microsoft Corporation) Hidden
Utilidad de Cliente Inalámbrico TP-LINK  (HKLM-x32\...\{E9E37560-9D7F-4BD1-8D07-D747EC67F733}) (Version:  - TP-LINK)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-808367516-1742056278-3576212296-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-808367516-1742056278-3576212296-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  -> No File
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  -> No File
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Users\Gustavo Caro\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Users\Gustavo Caro\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-03-22] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Users\Gustavo Caro\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Users\Gustavo Caro\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DD83B3C-414A-4D26-B81F-9A28050A4896} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {0F9BF0DA-0632-41D0-AACF-BBF8BBD0A10D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {197B71B8-61A5-48FC-AB7C-C8016E5BA0F1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1DB433A4-B19C-457C-8BCC-DB79C29F70A8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1F072CD8-3370-4A7E-B066-EAD1A4218058} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2ACDE5A6-DFBF-4A0E-8C8F-3276EF1F548A} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe () [File not signed]
Task: {2EF2F45A-C0E3-4F62-861D-2C53E6296D75} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-808367516-1742056278-3576212296-1001 => C:\Users\Gustavo Caro\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {456FA780-3D95-4DD3-BF98-586F07C2B92A} - System32\Tasks\EOSv3 Scheduler onLogOn => E:\Downloads\ESETOnlineScanner_ESL.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {4BA431CA-93E2-4AD6-A6A8-BCAF038C7347} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {553BE55D-B223-4E4F-9EA5-277AB874B0BD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {56CBC759-97BD-44F4-8A2D-E9CEBDA164E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {613E3D2D-9BFA-4036-8A47-72390978E277} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {64D8C775-BE18-4E42-98BA-17C0795AAD0B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {652BBEC5-93F6-4291-B941-DCA66141A6BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {655C15B9-8452-4E4B-AAC7-B03F5BE84AD3} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-4O241NA-Gustavo Caro => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Task: {6597FEE0-9BAF-4D50-8095-97A2A5856AE2} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {67B3D984-03E8-4C6F-8B9D-D4A5C6D74463} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8265AD63-43AF-47BC-B35A-991258929FE7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {8732F02A-F8E9-4323-9A09-AFCD80D07C3C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {99C32BEA-5EA2-470B-9D7E-19753BB31A07} - System32\Tasks\Microsoft\Windows\Secondary Authentication Factor\BackgroundTaskDeployment => C:\WINDOWS\System32\DeviceCredentialDeployment.exe (Microsoft Windows -> Microsoft Corporation)
Task: {9F5B06A5-A582-48E7-A567-0A1A575EED13} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe () [File not signed]
Task: {B0A25DD8-8A44-45F9-92A9-7836ECD902BF} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {B8E5D8C6-382A-45CB-8710-9AFEBA4972C3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {BAB2B7D0-F7FA-46CB-936F-D8FD2FEB4CDA} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {C97A587E-C942-42FA-A93A-62612B93F0E0} - System32\Tasks\EOSv3 Scheduler onTime => E:\Downloads\ESETOnlineScanner_ESL.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {CCDFCF04-B326-4E35-B660-E1CF3D1D2D48} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CE53BB31-F682-4AE2-8EB6-357C929F78D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {D322902D-3607-4943-8DDD-5A3A50BD6C29} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {E0A1DD0B-CD53-41DD-8B42-9BAED35F5246} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F1F2DB87-CFB7-4FC3-9F46-CE70044FF1E7} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-808367516-1742056278-3576212296-1002 => C:\Users\Gustavo Caro\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {FEF3E0BA-1A11-4AAB-BEE7-C27B9EF3EAD1} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe (ASUSTeK Computer Inc. -> )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-14 02:42 - 2011-04-01 14:51 - 000499796 _____ (Atheros) [File not signed] C:\Windows\SysWOW64\acs.exe
2018-04-14 02:22 - 2018-04-14 02:21 - 001360016 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2018-04-14 02:08 - 2011-04-01 14:49 - 000265216 _____ (Wireless) [File not signed] C:\Program Files (x86)\TP-LINK\QSS\jswpbapi.exe
2011-04-07 12:37 - 2011-04-07 12:37 - 005352960 _____ (Native Instruments GmbH) [File not signed] C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
2018-04-14 02:04 - 2018-04-14 02:03 - 001632256 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
2018-03-22 22:50 - 2018-03-22 22:50 - 000155688 _____ (AMD PMP-PE CB Code Signer v20170331 -> Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\SYSTEM32\amdihk64.dll
2018-04-14 02:34 - 2009-03-30 03:32 - 000032768 _____ () [File not signed] C:\Windows\DAODx.exe
2017-12-16 01:17 - 2017-12-16 01:17 - 000325632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2017-12-16 01:17 - 2017-12-16 01:17 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2017-12-16 01:17 - 2017-12-16 01:17 - 068669952 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2017-12-16 01:17 - 2017-12-16 01:17 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2017-12-16 01:17 - 2017-12-16 01:17 - 000283136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2017-12-16 01:17 - 2017-12-16 01:17 - 006045696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2017-12-16 01:17 - 2017-12-16 01:17 - 003234304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2017-12-16 01:17 - 2017-12-16 01:17 - 001204736 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2017-12-16 01:17 - 2017-12-16 01:17 - 003281408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2017-12-16 01:17 - 2017-12-16 01:17 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-03-22 22:23 - 2018-03-22 22:23 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2017-12-16 01:17 - 2017-12-16 01:17 - 000110080 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2017-12-16 01:17 - 2017-12-16 01:17 - 000279552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 001336832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2017-12-16 01:17 - 2017-12-16 01:17 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-12-16 01:17 - 2017-12-16 01:17 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 000034816 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 000237568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2017-12-16 01:17 - 2017-12-16 01:17 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2017-12-16 01:18 - 2017-12-16 01:18 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-14 02:05 - 2013-08-19 21:21 - 001108992 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
2018-03-19 04:03 - 2018-03-19 04:03 - 000077824 _____ () [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll
2018-03-19 04:03 - 2018-03-19 04:03 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\LIBCURL.dll
2018-03-19 04:03 - 2018-03-19 04:03 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\SSLEAY32.dll
2018-03-19 04:03 - 2018-03-19 04:03 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\LIBEAY32.dll
2018-03-19 04:03 - 2018-03-19 04:03 - 000144896 _____ () [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll
2018-04-14 02:42 - 2011-03-28 14:22 - 000561263 _____ () [File not signed] C:\Program Files (x86)\TP-LINK\Utilidad de Cliente Inalambrico TP-LINK\TWCU.exe
2018-04-19 18:15 - 2017-05-23 14:59 - 000478208 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
2018-06-19 20:21 - 2018-06-19 20:21 - 000166912 _____ () [File not signed] C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll
2018-04-14 02:03 - 2018-04-14 02:02 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\ASACPI.DLL
2018-04-14 02:03 - 2018-04-14 02:02 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\asacpiEx.dll
2019-01-21 08:55 - 2019-01-21 08:55 - 000251392 _____ () [File not signed] C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
2018-04-14 02:04 - 2018-04-14 02:02 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsAcpi.dll
2018-04-14 02:04 - 2018-04-14 02:02 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\asacpiEx.dll
2019-02-14 18:01 - 2019-02-14 18:01 - 001177600 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Network.dll
2019-02-14 18:01 - 2019-02-14 18:01 - 000184832 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Xml.dll
2019-02-14 18:01 - 2019-02-14 18:01 - 005089792 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Widgets.dll
2019-02-14 18:01 - 2019-02-14 18:01 - 005487104 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Core.dll
2019-02-14 18:01 - 2019-02-14 18:01 - 005841920 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Gui.dll
2019-02-14 18:01 - 2019-02-14 18:01 - 001548288 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] E:\Origin\LIBEAY32.dll
2019-02-14 18:01 - 2019-02-14 18:01 - 001611264 _____ (The Qt Company Ltd) [File not signed] E:\Origin\platforms\qwindows.dll
2019-02-14 18:01 - 2019-02-14 18:01 - 000395776 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] E:\Origin\ssleay32.dll
2018-04-14 02:22 - 2019-02-23 17:10 - 000033792 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2018-04-14 02:22 - 2018-04-14 02:21 - 000104448 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2018-04-14 02:04 - 2013-10-18 22:04 - 005777616 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzULIB.dll
2018-04-14 02:04 - 2013-05-08 20:22 - 000208896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll
2018-04-14 02:05 - 2013-08-19 21:21 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\ASACPI.DLL
2018-04-14 02:05 - 2013-08-19 21:21 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\asacpiEx.dll
2018-04-14 02:05 - 2018-04-14 02:03 - 000043520 ____N () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2018-04-14 02:05 - 2013-08-19 21:21 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2018-04-14 02:05 - 2013-08-19 21:21 - 001876992 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\IccHelper_old.dll
2018-04-14 02:04 - 2012-05-03 16:17 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\EPU\asacpi.dll
2018-04-14 02:04 - 2012-05-03 16:17 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\EPU\asacpiEx.dll
2018-04-14 02:04 - 2011-07-12 23:14 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2018-04-14 02:04 - 2010-10-05 12:22 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2018-04-14 02:04 - 2010-10-05 12:22 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AsMultiLang.dll
2018-04-14 02:04 - 2010-08-10 01:33 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AsAcpi.dll
2018-04-14 02:04 - 2010-08-12 11:52 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\asacpiEx.dll
2018-04-14 02:04 - 2013-12-04 15:57 - 000870912 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2018-04-14 02:04 - 2013-01-15 14:52 - 001086464 _____ (ASUSTek Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2018-04-14 02:04 - 2013-01-15 14:52 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\AsMultiLang.dll
2018-04-14 02:04 - 2012-10-08 21:07 - 000972288 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2018-04-14 02:04 - 2013-08-26 18:00 - 001016320 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\CpuFrequency.dll
2018-04-14 02:04 - 2013-05-08 20:22 - 001040896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2018-04-14 02:04 - 2012-05-03 16:21 - 001831424 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPU.dll
2018-04-14 02:04 - 2012-05-03 16:17 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\EPU\AsMultiLang.dll
2018-04-14 02:04 - 2012-11-12 18:56 - 001095680 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\FAN Xpert\FANXpert.dll
2018-04-14 02:05 - 2012-06-19 16:56 - 001305600 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2018-04-14 02:05 - 2013-06-24 19:59 - 001173504 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2018-04-14 02:05 - 2013-02-07 18:24 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\AsMultiLang.dll
2018-04-14 02:05 - 2012-07-20 13:39 - 001047040 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2018-04-14 02:04 - 2013-04-15 18:19 - 000883712 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2018-04-14 02:04 - 2012-05-29 01:27 - 001622528 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2018-04-14 02:04 - 2011-09-20 00:18 - 001243136 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2018-04-14 02:04 - 2011-07-21 13:06 - 000846848 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2018-04-14 02:05 - 2012-12-25 15:55 - 001236992 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\System Information\SystemInfo.dll
2018-04-14 02:04 - 2012-08-29 22:09 - 000875520 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2018-04-14 02:05 - 2013-08-19 21:21 - 001643008 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVEVO.dll
2018-04-14 02:05 - 2014-02-17 19:03 - 000886272 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\Express.dll
2018-04-14 02:05 - 2010-03-08 21:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\AsMultiLang.dll
2018-04-14 02:04 - 2010-09-09 01:25 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\AsMultiLang.dll
2018-04-14 02:04 - 2010-03-08 21:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\AsMultiLang.dll
2018-04-14 02:04 - 2010-03-08 21:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Splitter\AsMultiLang.dll
2018-04-14 02:03 - 2018-04-14 02:02 - 000662016 _____ () [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2018-04-14 02:04 - 2010-10-05 12:22 - 000208896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2018-04-14 02:42 - 2011-06-16 18:19 - 000282624 _____ () [File not signed] C:\Program Files (x86)\TP-LINK\Utilidad de Cliente Inalambrico TP-LINK\TWCUloc.dll
2018-04-14 02:42 - 2011-04-01 15:35 - 000163840 _____ () [File not signed] C:\Program Files (x86)\TP-LINK\Utilidad de Cliente Inalambrico TP-LINK\oemresloc.dll
2018-04-19 18:15 - 2017-05-23 14:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2018-04-19 18:15 - 2017-05-23 14:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
2018-04-14 02:04 - 2010-03-08 21:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AsMultiLang.dll
2018-04-14 02:04 - 2009-08-13 00:15 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot" is missing and should be manually restored.

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 04:24 - 2019-02-23 17:10 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-808367516-1742056278-3576212296-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gustavo Caro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "ASUS AiChargerPlus Execute"
HKLM\...\StartupApproved\Run32: => "jswtrayutil"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\StartupApproved\Run: => "SideSync"
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\StartupApproved\Run: => "NordVPN"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{DF7078A6-7DBD-4C90-A4D0-51877A6C684A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{DB81DF66-FD7F-44D9-A919-E159B8E88030}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{4E16BB04-39AC-447E-A12E-0002E9FCFDCE}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{1A46E3AE-F46F-455C-AF0C-830766624CBF}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [TCP Query User{0166E633-9FF4-480B-8B4E-EFE53FB12DC6}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.182\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.182\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{C34ABBA1-5FFC-4F7B-A3E5-1F8C9C1CFA10}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.182\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.182\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{087E3261-E8B6-4867-8CB8-072F36CB975C}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{3A8B58DC-4C0E-4A5E-80D5-1F0429E90EA2}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{AB2C3BA7-686F-4517-B992-81E56105F8E8}C:\users\gustavo caro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gustavo caro\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{25672354-2A60-4049-A615-7964DC5FE978}C:\users\gustavo caro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gustavo caro\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{06EF6213-B311-4EA7-A5EC-D1DE34B0E4F3}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{2D1D5098-EA42-4F13-8026-CF7425434596}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{257FD612-C509-4573-A549-BD87E5D4111C}C:\users\gustavo caro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gustavo caro\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{6262644D-505C-4163-B8BD-CDEBC705159B}C:\users\gustavo caro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gustavo caro\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{5BEE413B-0228-4AAC-B330-A8341F52B0F1}E:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) E:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [UDP Query User{262B2DB1-531E-4370-8978-226AD05B044F}E:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) E:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [{7F0658E0-E8C1-48C9-9DB0-34DB4683490D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{352EC02F-38C9-451A-B759-76F80D466BB0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1F86719C-FA48-444B-B2CD-55ADC6F1DF8A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{94E1DDE5-E09A-4155-8C2B-EDA9C9CDCA78}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{353D8167-83E8-41C6-837C-B41DA18E5EA4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D4922D7B-2606-4DD5-A47B-ABD04247D557}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0597DDAB-4209-4266-82F3-2C6E4EDBBDC3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F357738-D7F8-488A-BD6C-A63614C576D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{327B6FD6-1139-4BA8-BAFB-087780D29A6B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B8BD83CE-17A8-4DE5-B968-16DBDCDCD453}] => (Allow) E:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{58FBA297-FCB7-4CCA-9D8D-969C35B28587}] => (Allow) E:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{98393D6C-EA1D-4D85-A92A-9DFC09AAF96E}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{B4A45AFA-BDC9-4AF8-BBD4-BBAA8C2FF642}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{D4016514-B1A3-494A-A6FD-0C50CC92E6A3}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{F1631B21-8B98-43CE-A509-1131364B3F6C}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{DF960A05-3450-45DC-9771-2A665DA76D39}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{18E7DE7A-584A-4F73-85CF-C1E93D02AC57}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [TCP Query User{72AC5B42-7CC0-4F03-8931-AC31A62A0F79}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{0D8B03BE-CDE0-4C28-8C4E-09EAF60DDB4D}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [{404A4E7D-4350-463C-9A89-E409047BC83A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2019 02:48:02 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (02/23/2019 05:10:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Event-ID 8193

Error: (02/23/2019 02:37:41 AM) (Source: COM) (EventID: 10031) (User: )
Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {41FD88F7-F295-4D39-91AC-A85F3149A05B}

Error: (02/23/2019 02:37:41 AM) (Source: COM) (EventID: 10031) (User: )
Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {41FD88F7-F295-4D39-91AC-A85F3149A05B}

Error: (02/23/2019 02:37:41 AM) (Source: COM) (EventID: 10031) (User: )
Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {F6C29334-47DC-4397-9150-F549CF1D4861}

Error: (02/19/2019 03:04:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: bad_module_info, versión: 0.0.0.0, marca de tiempo: 0x00000000
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0x00000000
Desplazamiento de errores: 0x0000000000000000
Identificador del proceso con errores: 0x8520
Hora de inicio de la aplicación con errores: 0x01d4c878b8c99f54
Ruta de acceso de la aplicación con errores: bad_module_info
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 8867ddcc-0345-4760-b548-1eea692babf8
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (02/17/2019 05:16:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.

Error: (02/17/2019 05:16:05 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.


System errors:
=============
Error: (02/28/2019 01:27:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4O241NA)
Description: La configuración de permisos application-specific no concede el permiso Activation Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-4O241NA\Gustavo Caro con SID (S-1-5-21-808367516-1742056278-3576212296-1001) en la dirección LocalHost (Using LRPC) que se ejecuta en el contenedor de aplicaciones con SID Unavailable (Unavailable). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (02/28/2019 01:25:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos application-specific no concede el permiso Activation Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (Using LRPC) que se ejecuta en el contenedor de aplicaciones con SID Unavailable (Unavailable). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (02/28/2019 01:25:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos application-specific no concede el permiso Activation Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (Using LRPC) que se ejecuta en el contenedor de aplicaciones con SID Unavailable (Unavailable). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (02/28/2019 04:24:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4O241NA)
Description: El servidor microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca no se registró con DCOM dentro del tiempo de espera requerido.

Error: (02/28/2019 04:24:51 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4O241NA)
Description: El servidor Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca no se registró con DCOM dentro del tiempo de espera requerido.

Error: (02/28/2019 04:24:51 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4O241NA)
Description: El servidor Microsoft.OneConnect_5.1901.311.0_x64__8wekyb3d8bbwe!App.AppXe8pdgw5syxe8pgccbk3mcn5hanwamr0e.mca no se registró con DCOM dentro del tiempo de espera requerido.

Error: (02/28/2019 04:07:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos application-specific no concede el permiso Activation Local para la aplicación de servidor COM con CLSID 
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
 y APPID 
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (Using LRPC) que se ejecuta en el contenedor de aplicaciones con SID Unavailable (Unavailable). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (02/28/2019 03:38:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos application-specific no concede el permiso Activation Local para la aplicación de servidor COM con CLSID 
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
 y APPID 
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (Using LRPC) que se ejecuta en el contenedor de aplicaciones con SID Unavailable (Unavailable). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2019-02-23 17:09:26.192
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Zpevdo.B&threatid=2147729093&enterprise=0
Nombre: Trojan:Win32/Zpevdo.B
Id.: 2147729093
Gravedad: Severe
Categoría: Trojan
Ruta de acceso: file:_C:\Users\Gustavo Caro\AppData\Roaming\TMozillaMaintenanceService\TMozillaMaintenanceService.com; file:_E:\Downloads\update.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de firma: AV: 1.287.552.0, AS: 1.287.552.0, NIS: 1.287.552.0
Versión de motor: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-23 17:09:21.623
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Zpevdo.B&threatid=2147729093&enterprise=0
Nombre: Trojan:Win32/Zpevdo.B
Id.: 2147729093
Gravedad: Severe
Categoría: Trojan
Ruta de acceso: file:_C:\Users\Gustavo Caro\AppData\Roaming\TMozillaMaintenanceService\TMozillaMaintenanceService.com
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.287.552.0, AS: 1.287.552.0, NIS: 1.287.552.0
Versión de motor: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-15 22:17:31.332
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {E1D8ED70-1AE1-4614-8DA6-34833DE224DB}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-02-05 22:20:36.685
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {43353F99-0C51-40D7-8117-299E10165AA8}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-01-30 22:48:07.674
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {B9D19760-6CBB-407D-8897-A51C80E4A8A2}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-01-21 16:07:00.691
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.3388.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x8024402c
Descripción del error: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2019-01-18 15:17:13.584
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.3177.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80240016
Descripción del error: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===================================

Date: 2019-02-22 21:40:13.660
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-02-22 21:40:13.638
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-02-22 20:16:08.601
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-02-22 20:16:08.582
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-02-22 20:06:13.682
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-02-22 20:06:13.662
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-02-22 20:05:09.653
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-02-22 20:05:09.633
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: AMD FX(tm)-8350 Eight-Core Processor 
Percentage of memory in use: 64%
Total physical RAM: 8092.84 MB
Available physical RAM: 2885.66 MB
Total Virtual: 12188.84 MB
Available Virtual: 5007.13 MB

==================== Drives ================================

Drive c: (Disco Local SSD 1) (Fixed) (Total:110.01 GB) (Free:40.9 GB) NTFS
Drive d: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HDD Softwares) (Fixed) (Total:616.08 GB) (Free:151.57 GB) NTFS
Drive f: (Juegos) (Fixed) (Total:314.9 GB) (Free:41.57 GB) NTFS

\\?\Volume{6670f945-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{6670f945-0000-0000-0000-20a01b000000}\ () (Fixed) (Total:0.46 GB) (Free:0.09 GB) NTFS
\\?\Volume{6670f945-0000-0000-0000-c0bd1b000000}\ () (Fixed) (Total:0.82 GB) (Free:0.46 GB) NTFS
\\?\Volume{3bac0390-0000-0000-0000-400b9a000000}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS
\\?\Volume{296af808-c15a-11e8-bc2a-00198600268e}\ () () (Total:0 GB) (Free:0 GB) 
0 me gusta

#30

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 6670F945)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=473 MB) - (Type=27)
Partition 4: (Not Active) - (Size=843 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3BAC0390)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=616.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=314.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
0 me gusta

#31

Hola

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
(Tencent Technology(Shenzhen) Company Limited -> Tencent) E:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe
HKLM\...\Run: [AvastUI.exe] => AvastUI.exe
HKLM-x32\...\Run: [jswtrayutil] => C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe [32871 2011-04-01] () [File not signed]
HKLM-x32\...\Run: [TWCU] => C:\Program Files (x86)\TP-LINK\Utilidad de Cliente Inalambrico TP-LINK\TWCU.exe [561263 2011-03-28] () [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [TMozillaMaintenanceService] => C:\Users\Gustavo Caro\AppData\Roaming\TMozillaMaintenanceService\TMozillaMaintenanceService.com [678400 2019-02-23] (U.S. Bancorp) [File not signed]
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [AvastUI.exe] => AvastUI.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR StartupUrls: Default -> "hxxps://boards.4chan.org/w/","hxxps://www.youtube.com/watch?v=EvazDsAWAno","hxxps://www.reddit.com/r/leagueoflegends","hxxp://www.lolskill.net/game/LAS/panconmoco","hxxp://www.probuilds.net/guide/EUW/2310884659/18995872","hxxps://www.facebook.com/groups/SDLG14/?fref=nf","hxxp://boards.4chan.org/wg/","hxxp://boards.4chan.org/wg/thread/6312763/startpage-and-new-tab-thread-3#p6312811","file:///C:/Users/Cherno/Documents/startpage/index.html"
CHR Extension: (MyJSCript) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpabpfikknflecblchhfkpkcpilbkfcd [2019-01-14]
CHR Extension: (InstaG Downloader) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkdcmgmnegofdddphijckfagibepdlb [2018-07-11]
CHR Extension: (Messenger Cleaner) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhfajmpgiahjmnbhemaehbgadnhnhbd [2019-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15]
CHR Extension: (MyJSCript) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpabpfikknflecblchhfkpkcpilbkfcd [2019-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15]
R2 QMEmulatorService; E:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [342776 2018-06-21] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
U4 diagnosticshub.standardcollector.service; no ImagePath
S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
2019-02-13 14:41 - 2019-02-13 14:41 - 000000000 ____D C:\ProgramData\Tencent
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  -> No File
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  -> No File
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-03-22] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
Task: {2ACDE5A6-DFBF-4A0E-8C8F-3276EF1F548A} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe () [File not signed]
Task: {9F5B06A5-A582-48E7-A567-0A1A575EED13} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe () [File not signed]
FirewallRules: [TCP Query User{98393D6C-EA1D-4D85-A92A-9DFC09AAF96E}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{B4A45AFA-BDC9-4AF8-BBD4-BBAA8C2FF642}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{D4016514-B1A3-494A-A6FD-0C50CC92E6A3}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{F1631B21-8B98-43CE-A509-1131364B3F6C}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe No File

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

0 me gusta

#32
Fix result of Farbar Recovery Scan Tool (x64) Version: 03.03.2019 01
Ran by Gustavo Caro (04-03-2019 02:39:56) Run:5
Running from C:\Users\Gustavo Caro\Desktop
Loaded Profiles: Gustavo Caro (Available Profiles: Gustavo Caro & CDFAccount)
Boot Mode: Normal
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
(Tencent Technology(Shenzhen) Company Limited -> Tencent) E:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe
HKLM\...\Run: [AvastUI.exe] => AvastUI.exe
HKLM-x32\...\Run: [jswtrayutil] => C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe [32871 2011-04-01] () [File not signed]
HKLM-x32\...\Run: [TWCU] => C:\Program Files (x86)\TP-LINK\Utilidad de Cliente Inalambrico TP-LINK\TWCU.exe [561263 2011-03-28] () [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [TMozillaMaintenanceService] => C:\Users\Gustavo Caro\AppData\Roaming\TMozillaMaintenanceService\TMozillaMaintenanceService.com [678400 2019-02-23] (U.S. Bancorp) [File not signed]
HKU\S-1-5-21-808367516-1742056278-3576212296-1001\...\Run: [AvastUI.exe] => AvastUI.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR StartupUrls: Default -> "hxxps://boards.4chan.org/w/","hxxps://www.youtube.com/watch?v=EvazDsAWAno","hxxps://www.reddit.com/r/leagueoflegends","hxxp://www.lolskill.net/game/LAS/panconmoco","hxxp://www.probuilds.net/guide/EUW/2310884659/18995872","hxxps://www.facebook.com/groups/SDLG14/?fref=nf","hxxp://boards.4chan.org/wg/","hxxp://boards.4chan.org/wg/thread/6312763/startpage-and-new-tab-thread-3#p6312811","file:///C:/Users/Cherno/Documents/startpage/index.html"
CHR Extension: (MyJSCript) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpabpfikknflecblchhfkpkcpilbkfcd [2019-01-14]
CHR Extension: (InstaG Downloader) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkdcmgmnegofdddphijckfagibepdlb [2018-07-11]
CHR Extension: (Messenger Cleaner) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhfajmpgiahjmnbhemaehbgadnhnhbd [2019-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15]
CHR Extension: (MyJSCript) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpabpfikknflecblchhfkpkcpilbkfcd [2019-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15]
R2 QMEmulatorService; E:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [342776 2018-06-21] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
U4 diagnosticshub.standardcollector.service; no ImagePath
S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
2019-02-13 14:41 - 2019-02-13 14:41 - 000000000 ____D C:\ProgramData\Tencent
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  -> No File
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  -> No File
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-03-22] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
Task: {2ACDE5A6-DFBF-4A0E-8C8F-3276EF1F548A} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe () [File not signed]
Task: {9F5B06A5-A582-48E7-A567-0A1A575EED13} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe () [File not signed]
FirewallRules: [TCP Query User{98393D6C-EA1D-4D85-A92A-9DFC09AAF96E}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{B4A45AFA-BDC9-4AF8-BBD4-BBAA8C2FF642}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{D4016514-B1A3-494A-A6FD-0C50CC92E6A3}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{F1631B21-8B98-43CE-A509-1131364B3F6C}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe] => (Allow) F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe No File

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
(Tencent Technology(Shenzhen) Company Limited -> Tencent) E:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\jswtrayutil" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TWCU" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\S-1-5-21-808367516-1742056278-3576212296-1001\Software\Microsoft\Windows\CurrentVersion\Run\\TMozillaMaintenanceService" => removed successfully
"HKU\S-1-5-21-808367516-1742056278-3576212296-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"Chrome StartupUrls" => removed successfully
CHR Extension: (MyJSCript) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpabpfikknflecblchhfkpkcpilbkfcd [2019-01-14] => Error: No automatic fix found for this entry.
CHR Extension: (InstaG Downloader) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkdcmgmnegofdddphijckfagibepdlb [2018-07-11] => Error: No automatic fix found for this entry.
CHR Extension: (Messenger Cleaner) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhfajmpgiahjmnbhemaehbgadnhnhbd [2019-02-07] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15] => Error: No automatic fix found for this entry.
CHR Extension: (MyJSCript) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpabpfikknflecblchhfkpkcpilbkfcd [2019-01-14] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Gustavo Caro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\QMEmulatorService => removed successfully
QMEmulatorService => service removed successfully
HKLM\System\CurrentControlSet\Services\diagnosticshub.standardcollector.service => removed successfully
diagnosticshub.standardcollector.service => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMSwissArmy => removed successfully
MBAMSwissArmy => service removed successfully
C:\ProgramData\Tencent => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\   AccExtIco1 => removed successfully
HKLM\Software\Classes\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\   AccExtIco2 => removed successfully
HKLM\Software\Classes\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\   AccExtIco3 => removed successfully
HKLM\Software\Classes\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AccExt => removed successfully
HKLM\Software\Classes\CLSID\{2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\FAExt => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => removed successfully
HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2ACDE5A6-DFBF-4A0E-8C8F-3276EF1F548A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ACDE5A6-DFBF-4A0E-8C8F-3276EF1F548A}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS\RunDAOD => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\RunDAOD" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F5B06A5-A582-48E7-A567-0A1A575EED13}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F5B06A5-A582-48E7-A567-0A1A575EED13}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS\USB 3.0 Boost Service => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\USB 3.0 Boost Service" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{98393D6C-EA1D-4D85-A92A-9DFC09AAF96E}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B4A45AFA-BDC9-4AF8-BBD4-BBAA8C2FF642}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D4016514-B1A3-494A-A6FD-0C50CC92E6A3}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F1631B21-8B98-43CE-A509-1131364B3F6C}F:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-808367516-1742056278-3576212296-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-808367516-1742056278-3576212296-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Ethernet 3 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Ethernet 4 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Local Area Connection* 12 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Ethernet 2 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Bluetooth Network Connection mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Ethernet 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Ethernet 4:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Local Area Connection* 12:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Ethernet 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi:

   Sufijo DNS espec¡fico para la conexi¢n. . : Home
   V¡nculo: direcci¢n IPv6 local. . . : fe80::5414:aa0b:9cd6:e94b%16
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.7
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de Ethernet Bluetooth Network Connection:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to cancel {2B29A9B6-4870-4675-904D-9584920C2EA7}.
0 out of 1 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 194803929 B
Java, Flash, Steam htmlcache => 42867459 B
Windows/system/drivers => 16127474 B
Edge => 0 B
Chrome => 677830513 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 27316 B
NetworkService => 0 B
Gustavo Caro => 95709482 B
CDFAccount => 0 B

RecycleBin => 0 B
EmptyTemp: => 990.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 02:40:45 ====
0 me gusta

#33

Otra cosa que he notado es que Windows Defender esta desahibilitado y no lo puedo activar de ninguna manera D:

0 me gusta

#34

Hola

El problema por el que iniciaste el tema como sigue.

Descarga Malwarebytes Anti-Rootkit (Beta) y descomprimes el contenido en tu escritorio.

  • Abre la carpeta Mbar, haces doble clic en el archivo Mbar.exe
  • En la ventana que saldrá pulsas en "Next".
  • Pulsar en "Update", y cuando termine en "Next"
  • Ahora inicias el análisis pulsando en el botón "Scan"
  • Al terminar, si existe infección pulsamos en "CleanUp" y si no hay infección pulsamos en ""Exit"

Al terminar busca en la carpeta Mbar, y abres los archivos mbar-log.txt y system-log.txt, nos copias el contenido en la siguiente respuesta y comentas resultados.

Un saludo :bye:

0 me gusta

#35

Todo sigue igual, se siguen abriendo paginas solas

0 me gusta

#36
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.10.25.11
  rootkit: v2017.10.14.01

Windows 10 x64 NTFS
Internet Explorer 11.590.17134.0
Gustavo Caro :: DESKTOP-4O241NA [administrator]

3/5/2019 3:45:39 PM
mbar-log-2019-03-05 (15-45-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 315175
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
0 me gusta

#37
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.590.17134.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 4.013000 GHz
Memory total: 8485961728, free: 4373549056

=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     03/05/2019 15:45:32
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\WppRecorder.sys
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\system32\drivers\mssecflt.sys
\SystemRoot\system32\drivers\SgrmAgent.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\wd\WdFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afunix.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\ndisrd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\bam.sys
\SystemRoot\SysWow64\drivers\AsUpIO.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\tap-tb-0901.sys
\SystemRoot\System32\drivers\tap0901.sys
\SystemRoot\System32\drivers\tapnordvpn.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atikmpag.sys
\SystemRoot\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\SysWow64\drivers\AiChargerPlus.sys
\SystemRoot\System32\drivers\asmtxhci.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\LGJoyXlCore.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\AtihdWT6.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\asmthub3.sys
\SystemRoot\System32\drivers\xusb22.sys
\SystemRoot\System32\drivers\athurx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\drivers\bthmodem.sys
\SystemRoot\system32\drivers\BthA2DP.sys
\SystemRoot\system32\drivers\btampm.sys
\SystemRoot\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys
\SystemRoot\System32\drivers\bthhfenum.sys
\SystemRoot\System32\drivers\BthHfAud.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\cldflt.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\564631FA.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.10.25.11
  rootkit: v2017.10.14.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff9500f0f26060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffff9500f0dda9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9500f0f26060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffff9500f0b99060, DeviceName: \Device\00000033\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6670F945

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1024000
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1026048  Numsec = 230712584
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 231739392  Numsec = 968704
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 232710144  Numsec = 1726464
    Partition is not bootable
    Partition file system is NTFS

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffff9500f0f25060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffff9500f0ddb9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9500f0f25060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffff9500f0b93060, DeviceName: \Device\00000034\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3BAC0390

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1292007424
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1292214272  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1293136112  Numsec = 660383953
    Partition is not bootable
    Partition file system is NTFS

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.590_none_4104efa8450cecff\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfc42u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinSCard.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcirt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcp60.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfc42.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e8980cc30db74aebb06ed60c8b93c295\MSCORLIB.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f2c85d2a8f53f15afc5e985b8b190206\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5abf8ea05a6eb63a39c7a3e1b5061c40\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d7b03e122e55e041f365b954e5e1426f\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\39adf25ce65321df36437a80dc65a82e\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\89bb8e00981eb2218c7bac2cc38e0c19\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rtutils.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef635c79420373072d18b80c9d1b2b3d\SMDiagnostics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\962eff7f090bc7d972228fd5768e8197\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\0225092daee2eeb3f85af8fb15e42311\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\df80705dc8cb883d893ae75fff5a847c\System.Transactions.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\4cfd9639807344839fa81ad26e408425\System.IdentityModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6482cd2b6054ce6a769b2248e99c79ad\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\b48ea4d2d542e6cb81c6899a554e77ec\System.ServiceModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\2ccafc1be2551b15150dcd02474fa657\System.Net.Http.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\npmproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.590_none_73d5c5bb9f78835c\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\WWAHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ninput.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINUI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\daxexec.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wldp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rmclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\perfproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COMPPKGSUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\Wldap32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SensApi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winbrand.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bindflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthA2DP.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HYPERVIDEO.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bttflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\csc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cldflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssecflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ramdisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Spectrum.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BCASTDVRUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BTAGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BTHAVCTPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CAPABILITYACCESSMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dusmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lpasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PUSHTOINSTALL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHAREDREALITYSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WAASMEDICSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WFDSCONMGRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPCDESKTOPMONSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
<<<2>>>
<<<3>>>
Volume: E:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File "C:\Users\Gustavo Caro\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Users\Gustavo Caro\AppData\Local\D3DSCache\d1045fa42060dcaf\52264C4C-172F-41B9-91B8-7F0C3B1E9021_VEN_1002&DEV_6658&SUBSYS_E258&REV_0.val" is compressed (flags = 1)
File "C:\Users\Gustavo Caro\AppData\Local\D3DSCache\643ef9f3b699fd42\52264C4C-172F-41B9-91B8-7F0C3B1E9021_VEN_1002&DEV_6658&SUBSYS_E258&REV_0.val" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-1026048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-231739392-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-232710144-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-2-1292214272-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-3-1293136112-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
0 me gusta

#38

Se siguen abriendo paginas solas , por ejemplo cuando clickeo un video en youtube es lo que mas pasa, quiero abrir un video, o adelantar un video que estoy viendo, hago click y se abre una nueva pestaña de publicidad o pagina de noticias

0 me gusta

#39

Saludos yo no soy un experto pero creo que el problema está aquí:

Tcpip\Parameters: [DhcpNameServer] 200.75.0.4 200.75.0.5
Tcpip\..\Interfaces\{069fc00c-315a-48a2-a7a5-dd23c1fa2864}: [DhcpNameServer] 200.75.0.4 200.75.0.5
Tcpip\..\Interfaces\{52eef787-8ae4-49f1-876d-b7e6ea6e0245}: [DhcpNameServer] 200.75.0.4 200.75.0.5
Tcpip\..\Interfaces\{7663b9b6-89e2-4d11-8252-6f263ed2028c}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7663b9b6-89e2-4d11-8252-6f263ed2028c}: [DhcpNameServer] 200.75.0.4 200.75.0.5
Tcpip\..\Interfaces\{7a0ebada-2f15-4da7-9b60-a91c87b58c7a}: [DhcpNameServer] 200.75.0.4 200.75.0.5
Tcpip\..\Interfaces\{8ca87710-03b6-448d-aa63-8b3e7aec149c}: [DhcpNameServer] 200.75.0.4 200.75.0.5
0 me gusta

#40

Que es lo siguiente que puedo hacer?

0 me gusta

#41

Hola

Ya puedes personar, no me llegó el aviso de respuesta.

Trae un nuevo reporte de FRST hay alguna entrada que no acaba de eliminar e incluiremos alguna más.

Un saludo

0 me gusta

#42

No entendí bien, que debo hacer ahora ?

0 me gusta

#43

Hola

Realiza de nuevo las indicaciones de este post >> Frst

Un saludo

0 me gusta