Www.thenewtrampo.inf Navegador lento

#1

Hola a todos, el laptop de mi novia tiene infecciones que no puedo eliminar siguiendo la guía de detecci{on y eliminación de malwares 2019.

Los síntomas es el navegador muy lento y mwb avisa muchas veces web bloqueada troyano www.thenewtrampo.inf

Adjunto los reportes

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2019 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/04/2019 02:57:36 PM in x64 mode.
Windows Version: Windows 8.1 Single Language 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 04/04/2019 03:03:03 PM
Execution time: 0 hours(s), 5 minute(s), and 27 seconds(s)

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 4/4/19
Hora del análisis: 14:38
Archivo de registro: 6e3116f8-5700-11e9-ba65-1008b11e2872.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10006
Licencia: Prueba

-Información del sistema-
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: KATERIN\katerinelizabeth

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 266770
Amenazas detectadas: 93
Amenazas en cuarentena: 93
Tiempo transcurrido: 9 min, 8 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 2
PUP.Optional.MindSpark, HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|mabloidgodmbnmnhoenmhlcjkfelomgp, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|gkbadihnboaejkjjafglpofoifgnfkkb, En cuarentena, [1738], [443122],1.0.10006

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 17
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\_locales\en, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\_metadata, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\_locales, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\config, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\icons, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\USERS\KATERINELIZABETH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MABLOIDGODMBNMNHOENMHLCJKFELOMGP, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\_locales\en, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\_metadata, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\_locales, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\config, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\icons, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\libs, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\USERS\KATERINELIZABETH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GKBADIHNBOAEJKJJAFGLPOFOIFGNFKKB, En cuarentena, [1738], [443122],1.0.10006

Archivo: 74
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\config\config.json, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\icons\icon128.png, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\icons\icon16.png, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\icons\icon19disabled.png, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\icons\icon19on.png, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\icons\icon48.png, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\meta.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\ajax.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\babAPI.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\babClickHandler.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\babContentScript.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\babContentScriptAPI.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\background.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\browserUtils.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\chrome.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\contentScriptConnectionManager.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\dateTimeUtils.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\dlp.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\dlpHelper.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\extensionDetect.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\index.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\localStorageContentScript.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\logger.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\offerService.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\pageUtils.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\PartnerId.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\polyfill.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\product.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\remoteConfigLoader.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\splashPageLocalStorageSetter.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\splashPageRedirectHandler.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\storageUtils.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\TemplateParser.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\ul.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\urlFragmentActions.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\urlUtils.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\util.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\webtooltabAPI.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\js\webTooltabAPIProxy.js, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\_locales\en\messages.json, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\_metadata\verified_contents.json, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\manifest.json, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp\13.855.14.50688_0\newtabproduct.html, En cuarentena, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\USERS\KATERINELIZABETH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [620], [182487],1.0.10006
PUP.Optional.MindSpark, C:\USERS\KATERINELIZABETH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Sustituido, [620], [182487],1.0.10006
PUP.Optional.MindSpark.Generic, C:\USERS\KATERINELIZABETH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\USERS\KATERINELIZABETH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Sustituido, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\USERS\KATERINELIZABETH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GKBADIHNBOAEJKJJAFGLPOFOIFGNFKKB\50.158.14.57311_0\MANIFEST.JSON, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\config\config.json, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\icons\icon128.png, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\icons\icon16.png, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\icons\icon19disabled.png, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\icons\icon19on.png, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\icons\icon48.png, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\ajax.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\background.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\chrome.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\content_script.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\dlp.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\dlpHelper.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\extension_detect.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\index.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\internationalSearchUtils.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\logger.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\settingsOverridesUtils.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\splashPageLocalStorageSetter.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\storageUtils.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\templateParser.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\ul.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\urlUtils.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\util.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\libs\PartnerId.js, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\_locales\en\messages.json, En cuarentena, [1738], [443122],1.0.10006
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\_metadata\verified_contents.json, En cuarentena, [1738], [443122],1.0.10006

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Saludos

#2

Hola

Si has ejecutado Adwcleaner pega el log y si no , realizalo

[/B] Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward:Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.

  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • Si no encuentra nada, pulsamos “Omitir Reparación

  • El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

Ademas:

  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

#3

Hola, gracias por tu pronta respuesta. ahí va lo solicitado

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-04.3 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-04-2019
# Duration: 00:00:10
# OS:       Windows 8.1 Single Language
# Cleaned:  14
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Not Deleted   C:\Users\katerinelizabeth\AppData\Local\SweetLabs App Platform

***** [ Files ] *****

Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
Deleted       C:\Users\katerinelizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\SWEETLABS APP PLATFORM

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Deleted       HKCU\Software\Classes\Directory\shell\pokki
Deleted       HKCU\Software\Classes\Drive\shell\pokki
Deleted       HKCU\Software\Classes\lnkfile\shell\pokki
Deleted       HKCU\Software\Classes\pokki
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Deleted       HKCU\Software\SweetLabs App Platform
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B07E536B-D6F0-46FC-886E-6AE94884217B}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform

***** [ Chromium (and derivatives) ] *****

Deleted       EasyDocMerge

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2496 octets] - [04/04/2019 15:36:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by katerinelizabeth (04-04-2019 16:55:52)
Running from C:\Users\katerinelizabeth\Desktop
Windows 8.1 Single Language (Update) (X64) (2017-03-12 22:32:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3873176162-2479699386-2927219615-500 - Administrator - Disabled) => C:\Users\Administrator
HomeGroupUser$ (S-1-5-21-3873176162-2479699386-2927219615-1004 - Limited - Enabled)
Invitado (S-1-5-21-3873176162-2479699386-2927219615-501 - Limited - Disabled)
katerinelizabeth (S-1-5-21-3873176162-2479699386-2927219615-1002 - Administrator - Enabled) => C:\Users\katerinelizabeth

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1202.1711.104 - Alps Electric)
AMD Catalyst Install Manager (HKLM\...\{C3E5B3AF-12F2-9E42-B493-9490DC745953}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3906 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes es-US (HKLM-x32\...\{C438C1D0-A46C-4BFA-AF03-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{DC2B9A7C-E152-4BA2-B6CB-11AAC9894B63}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.08 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.7.50.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{7759F11B-DF54-4726-9A01-61701580D786}) (Version: 12.10.49.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{E9FA2CA2-B7B2-43E6-8449-A1618B042EAE}) (Version: 1.1.3 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM\...\{B7B82520-8ECE-4743-BFD7-93B16C64B277}) (Version: 2.4.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IBM SPSS Statistics 22 (HKLM-x32\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.08 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.08 - Softex Inc.) Hidden
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Nombre de su organización)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.6 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] () [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-03-14] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] () [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03829BAC-CC22-415E-A001-526ECB6AC8F8} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp. -> CyberLink Corp.)
Task: {0695C4C3-568A-49D3-B2B8-930DA8ECA325} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {0ADDEE57-00EB-4F6B-BBC2-C8A9666394C4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3873176162-2479699386-2927219615-1002UA => C:\Users\katerinelizabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {18B58FE3-92AE-4E33-AA39-215AB339AA75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {1E959E90-60D6-4219-A9AD-C5C65487183E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {4946CE88-7BFE-4198-94F5-AF0E3F09CE85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {52832781-BA45-41C7-ABD3-B10AA1E11180} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> )
Task: {572A9C84-D82A-44A3-BD3C-97CF0DABA0B7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {59A04EAD-1DD4-4F1A-B221-D2333219FCB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {74D57311-B236-4D32-BE30-ED6977C6C6B6} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
Task: {7B171590-17DC-4A89-9C2A-73007D254503} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3873176162-2479699386-2927219615-1002Core => C:\Users\katerinelizabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {804F4945-352B-456E-A037-316BC26AB11E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
Task: {E2505B0D-92FB-4A35-AF0D-C61697F8895D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F5DA7527-FE77-4555-A69B-78A39852A159} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {F72CDCE8-1D46-43D5-B19A-988BD7238551} - System32\Tasks\HPCeeScheduleForkaterinelizabeth => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> HP Development Company, L.P.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForkaterinelizabeth.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-03-01 13:43 - 2014-03-01 13:43 - 000088064 _____ (Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
2014-03-01 13:38 - 2014-03-01 13:38 - 001107968 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\userdata.dll
2014-03-01 13:36 - 2014-03-01 13:36 - 000692224 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll
2014-03-01 13:38 - 2014-03-01 13:38 - 002110464 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-01 13:34 - 2014-03-01 13:34 - 000021504 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-01 13:34 - 2014-03-01 13:34 - 000035328 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-01 13:34 - 2014-03-01 13:34 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-01 13:52 - 2014-03-01 13:52 - 000602512 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\hdddrv.dll
2014-03-01 13:52 - 2014-03-01 13:52 - 000367504 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-01 13:52 - 2014-03-01 13:52 - 000712592 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-03-01 13:52 - 2014-03-01 13:52 - 001202576 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\Wbf.dll
2014-08-18 06:11 - 2013-04-01 18:19 - 000574464 _____ (Realtek Semiconductor Corp. ) [File not signed] C:\WINDOWS\system32\Rtlihvs.dll
2014-03-14 21:21 - 2014-03-14 21:21 - 000140288 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-03-14 21:20 - 2014-03-14 21:20 - 000344064 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2014-03-14 21:20 - 2014-03-14 21:20 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-08-18 06:12 - 2014-03-05 13:09 - 000088064 _____ () [File not signed] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-03-14 21:10 - 2014-03-14 21:10 - 000898048 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2014-03-14 21:10 - 2014-03-14 21:10 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamesp.dll
2019-04-03 19:47 - 2012-02-17 20:55 - 000193536 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2014-03-01 13:41 - 2014-03-01 13:41 - 000065024 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-08-18 06:39 - 2012-03-27 09:15 - 001043456 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\icuuc48.dll
2014-08-18 06:39 - 2012-03-27 09:15 - 005024256 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\icudt48.dll
2014-08-18 06:39 - 2012-03-27 09:15 - 001888256 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\xerces-c_3_1.dll
2014-08-18 06:39 - 2013-02-01 06:15 - 000027136 _____ () [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
2014-08-18 06:21 - 2014-08-18 06:21 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2013-08-22 10:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\katerinelizabeth\AppData\Roaming\Microsoft\Windows Photo Viewer\Papel tapiz de Visualizador de fotos de Windows.jpg
DNS Servers: 200.30.192.15 - 190.160.0.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "Apoint"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "SimplePass"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "AccelerometerSysTrayApplet"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\StartupApproved\StartupFolder: => "Enviar a OneNote.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{05B6297E-00EA-4D98-83A2-CA07637328CE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{A04E3C48-A10B-4749-92F9-8D9A07D4BE1D}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\22\stats.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{B2D2D992-5E2F-4CE0-BCEF-89F587793BBD}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\22\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{4B171497-3051-469A-AA6E-76A8CABE3DE8}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\22\stats.com (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{5D41573B-E1B0-4488-B622-D0A70BC4BC85}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\22\stats.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{011F2EFA-16AE-45BD-937D-23BC3F4E3540}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\22\stats.com (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{7DE8BC27-6E0B-43A3-A71B-83AEA47363F8}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\22\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [TCP Query User{DE555D82-D6F3-4ADE-9347-4E1485A5ABF0}C:\program files (x86)\ibm\spss\statistics\22\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\22\jre\bin\javaw.exe
FirewallRules: [UDP Query User{B0C4E349-CDEC-47CD-BC90-76C48E6BF10C}C:\program files (x86)\ibm\spss\statistics\22\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\22\jre\bin\javaw.exe
FirewallRules: [TCP Query User{9F4777CC-586F-4D31-8B93-069D8A7DA0EC}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{F3F72F5D-9C37-4647-AF1D-4A8BD68FA3AB}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1904232C-8038-4065-B229-0E8D6068D11A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

26-03-2019 03:41:09 Windows Update
03-04-2019 14:01:24 Removed 7-Zip 9.20 (x64 edition)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2019 01:56:22 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80040d07, "ONEINDEX16://{S-1-5-21-3873176162-2479699386-2927219615-1002}/">.

Error: (04/04/2019 01:53:49 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.

Detalles:
	No se encuentra el objeto especificado. Indique el nombre de un objeto existente.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/04/2019 01:53:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.

Contexto: aplicación Windows

Detalles:
	No se encuentra el objeto especificado. Indique el nombre de un objeto existente.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/04/2019 01:53:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: No se puede inicializar el objeto Recopilador.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	No se encuentra el objeto especificado. Indique el nombre de un objeto existente.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/04/2019 01:53:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.TripoliIndexer>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	No se encuentra el objeto especificado. Indique el nombre de un objeto existente.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/04/2019 01:53:48 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: No se puede inicializar el administrador de complementos <Search.TripoliIndexer>.

Contexto: aplicación Windows

Detalles:
	(HRESULT : 0x8e5e0210) (0x8e5e0210)

Error: (04/04/2019 01:53:48 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.

Detalles:
	El catálogo del índice de contenido está dañado.   0xc0041801 (0xc0041801)

Error: (04/04/2019 01:53:48 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: El servicio de búsqueda detectó archivos de datos dañados en el índice {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. Este servicio intentará corregir este problema automáticamente mediante la nueva generación del índice.

Detalles:
	 0x8e5e0210 (0x8e5e0210)


System errors:
=============
Error: (04/04/2019 03:38:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

Ruta de acceso del módulo: C:\WINDOWS\system32\Rtlihvs.dll

Error: (04/04/2019 03:38:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

Ruta de acceso del módulo: C:\WINDOWS\system32\Rtlihvs.dll

Error: (04/04/2019 03:37:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

Ruta de acceso del módulo: C:\WINDOWS\system32\Rtlihvs.dll

Error: (04/04/2019 03:37:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Dragon Notes Core terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 1000 milisegundos: Reiniciar el servicio.

Error: (04/04/2019 03:37:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio HP Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/04/2019 03:37:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio BTDevManager se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/04/2019 03:37:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio  HP SimplePass Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/04/2019 03:37:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio AMD External Events Utility se terminó de manera inesperada. Esto ha sucedido 1 veces.


Windows Defender:
===================================
Date: 2019-04-03 19:24:52.497
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {08B0CE91-1AF0-4B35-BFB0-B5F94A0A5DC9}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-01 17:23:32.416
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {31FF04D3-461B-40A8-BB12-760E177D5678}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-01 16:32:51.991
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {D6C650F3-7F6B-4F0E-83C1-F9C95EEBD03E}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-01 10:45:33.111
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {60C3DDE8-14B0-49B0-8977-E9BC0E98B00C}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-26 14:05:48.032
Description: 
Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Diplugem&threatid=213571&enterprise=0
Nombre: BrowserModifier:Win32/Diplugem
Id.: 213571
Gravedad: Alta
Categoría: Modificador de explorador
Ruta de acceso: file:_C:\Users\katerinelizabeth\Downloads\Sin confirmar 118717.crdownload;file:_C:\Users\katerinelizabeth\Downloads\Sin confirmar 240504.crdownload;file:_C:\Users\katerinelizabeth\Downloads\Sin confirmar 699627.crdownload;file:_C:\Users\katerinelizabeth\Downloads\Sin confirmar 823806.crdownload
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: katerin\katerinelizabeth
Nombre de proceso: C:\Windows\explorer.exe
Versión de firma: AV: 1.253.140.0, AS: 1.253.140.0, NIS: 118.0.0.0
Versión de motor: AM: 1.1.14202.0, NIS: 2.1.14202.0

Date: 2017-09-11 21:10:31.884
Description: 
La característica Protección en tiempo real de Windows Defender encontró un error:
Característica: Sistema de inspección de red
Código de error: 0x8007045b
Descripción del error: Se está cerrando el sistema. 
Motivo: El sistema no tiene las actualizaciones necesarias para ejecutar el Sistema de inspección de red. Instale las actualizaciones requeridas y reinicie el equipo.

CodeIntegrity:
===================================

Date: 2019-03-26 00:36:54.463
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-07 10:06:46.849
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-20 09:20:16.813
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-03 05:12:38.997
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-10-30 17:31:22.372
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-10-30 11:17:18.735
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-10-30 11:17:18.083
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-10-30 11:12:24.913
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 60%
Total physical RAM: 3519.49 MB
Available physical RAM: 1407.36 MB
Total Virtual: 4799.49 MB
Available Virtual: 2158.49 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:440.56 GB) (Free:371.87 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:24.18 GB) (Free:2.39 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{bc6e97a4-00d2-433f-89a4-f8844513742a}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: EDF17F1A)

Partition: GPT.

==================== End of Addition.txt ============================
#4
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by katerinelizabeth (administrator) on KATERIN (04-04-2019 16:54:10)
Running from C:\Users\katerinelizabeth\Desktop
Loaded Profiles: katerinelizabeth (Available Profiles: katerinelizabeth & Administrador)
Platform: Windows 8.1 Single Language (Update) (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
() [File not signed] C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [725320 2017-10-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-03-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-03-01] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-01] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-01] (Softex Incorporated -> Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-04] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\RunOnce: [Application Restart #5] => C:\Users\katerinelizabeth\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-09-18] (Pokki -> Pokki)
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\RunOnce: [Application Restart #0] => C:\Users\katerinelizabeth\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-09-18] (Pokki -> Pokki)
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\MountPoints2: {1074a90a-a720-11e7-827b-1008b11e2872} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\MountPoints2: {42a3e937-41a5-11e9-82c2-1008b11e2872} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\MountPoints2: {8aaa0d99-f994-11e7-8291-1008b11e2872} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\MountPoints2: {9133e1f1-769f-11e8-82a3-1008b11e2872} - "F:\HiSuiteDownLoader.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-04-03] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2014-03-07] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2014-03-01] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2014-03-01] (Softex Inc..) [File not signed]
Startup: C:\Users\katerinelizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2018-12-03]
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3873176162-2479699386-2927219615-1002] => hxxp://www.thenewtrampo.info/ecocl.dat
Tcpip\Parameters: [DhcpNameServer] 200.30.192.15 190.160.0.11 190.160.0.14
Tcpip\..\Interfaces\{287359E5-5C0E-4D3D-8A26-EF99F58E3952}: [DhcpNameServer] 200.30.192.15 190.160.0.11 190.160.0.14
Tcpip\..\Interfaces\{DE671856-FED0-4964-9BC6-35C56F20D922}: [DhcpNameServer] 200.30.192.15 190.160.0.11 190.160.0.14
ManualProxies: 0hxxp://www.thenewtrampo.info/ecocl.dat

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL14/20
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL14/20
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL14/20
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL14/20
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL14/20
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL14/20
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc. -> HP Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) [File not signed]
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc. -> HP Inc.)

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-29] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-29] (Google Inc -> Google LLC)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.cl/
CHR StartupUrls: Default -> "hxxps://www.google.cl/"
CHR Profile: C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default [2019-04-04]
CHR Extension: (Presentaciones) - C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documentos) - C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Ask Web Search) - C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb [2019-04-04]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-03-14] () [File not signed]
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [240128 2014-03-15] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-14] (Advanced Micro Devices, Inc.) [File not signed]
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [96112 2017-10-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed]
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-23] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-04] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-01] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [43320 2013-07-23] (Hewlett-Packard Company -> Hewlett-Packard)
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [13936640 2014-03-15] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [628224 2014-03-15] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [30520 2013-07-23] (Hewlett-Packard Company -> Hewlett-Packard)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [3379416 2014-03-22] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pft1F98.tmp\amifldrv64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-04 16:54 - 2019-04-04 16:55 - 000019534 _____ C:\Users\katerinelizabeth\Desktop\FRST.txt
2019-04-04 16:53 - 2019-04-04 16:54 - 000000000 ____D C:\FRST
2019-04-04 16:53 - 2019-04-04 16:53 - 002434048 _____ (Farbar) C:\Users\katerinelizabeth\Desktop\FRST64.exe
2019-04-04 15:42 - 2019-04-04 15:42 - 000002402 _____ C:\Users\katerinelizabeth\Desktop\AdwCleaner[C00].txt
2019-04-04 15:35 - 2019-04-04 15:37 - 000000000 ____D C:\AdwCleaner
2019-04-04 15:35 - 2019-04-04 15:35 - 007025360 _____ (Malwarebytes) C:\Users\katerinelizabeth\Downloads\adwcleaner_7.3.exe
2019-04-04 14:51 - 2019-04-04 14:51 - 000021705 _____ C:\Users\katerinelizabeth\Desktop\reporte mwb.txt
2019-04-04 14:04 - 2019-04-04 15:03 - 000002096 _____ C:\Users\katerinelizabeth\Desktop\Rkill.txt
2019-04-04 14:03 - 2019-04-04 14:03 - 000000000 ____D C:\Users\katerinelizabeth\AppData\Local\mbamtray
2019-04-04 14:03 - 2019-04-04 14:03 - 000000000 ____D C:\Users\katerinelizabeth\AppData\Local\mbam
2019-04-04 14:01 - 2019-04-04 14:01 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-04 14:01 - 2019-04-04 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-04 14:01 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-04 14:00 - 2019-04-04 14:00 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-04 14:00 - 2019-04-04 14:00 - 000000000 ____D C:\Program Files\Malwarebytes
2019-04-04 13:59 - 2019-04-04 13:59 - 062591336 _____ (Malwarebytes ) C:\Users\katerinelizabeth\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.9988.exe
2019-04-04 13:58 - 2019-04-04 13:58 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\katerinelizabeth\Downloads\rkill.exe
2019-04-04 13:39 - 2019-04-04 13:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-04-04 13:36 - 2019-04-04 13:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Works
2019-04-04 13:34 - 2019-04-04 13:34 - 000000000 ____D C:\WINDOWS\PCHEALTH
2019-04-04 13:32 - 2019-04-04 13:33 - 000000000 ____D C:\Program Files\CCleaner
2019-04-04 13:32 - 2019-04-04 13:32 - 000003870 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-04-04 13:32 - 2019-04-04 13:32 - 000002828 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-04-04 13:32 - 2019-04-04 13:32 - 000000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-04-04 13:32 - 2019-04-04 13:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-04-04 13:30 - 2019-04-04 13:30 - 021205512 _____ (Piriform Software Ltd) C:\Users\katerinelizabeth\Downloads\ccsetup555.exe
2019-04-04 13:29 - 2019-04-04 13:29 - 000000000 ____D C:\Program Files\Microsoft Office
2019-04-04 13:28 - 2019-04-04 13:29 - 000000000 ____D C:\WINDOWS\SHELLNEW
2019-04-04 13:26 - 2019-04-04 13:26 - 000000000 ____D C:\Users\katerinelizabeth\AppData\Local\Microsoft Help
2019-04-03 19:47 - 2019-04-03 20:19 - 000000000 ____D C:\Users\katerinelizabeth\AppData\Roaming\WinRAR
2019-04-03 19:47 - 2019-04-03 19:47 - 000000000 ____D C:\Users\katerinelizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-04-03 19:47 - 2019-04-03 19:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-04-03 19:47 - 2019-04-03 19:47 - 000000000 ____D C:\Program Files\WinRAR
2019-04-03 15:20 - 2019-04-03 15:20 - 000002244 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-03 15:07 - 2019-04-03 15:07 - 000002592 _____ C:\Users\katerinelizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk
2019-04-03 14:45 - 2019-03-02 12:01 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-03 14:45 - 2019-03-02 12:01 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-03 14:11 - 2019-04-03 14:11 - 000000000 ____D C:\Users\katerinelizabeth\AppData\Roaming\WildTangent
2019-04-02 11:01 - 2019-04-04 15:42 - 000000000 ____D C:\Users\katerinelizabeth\Documents\Youcam
2019-03-29 20:40 - 2019-03-29 20:40 - 000000000 ____D C:\Users\katerinelizabeth\AppData\Local\HP
2019-03-26 14:23 - 2018-03-26 20:24 - 000029352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2019-03-26 14:23 - 2018-03-26 20:24 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2019-03-26 14:23 - 2018-03-26 20:17 - 000030888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2019-03-26 14:23 - 2018-03-26 20:17 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2019-03-26 13:49 - 2019-03-26 14:09 - 000000000 ____D C:\Users\katerinelizabeth\Desktop\Respaldo}
2019-03-26 03:40 - 2019-02-26 04:25 - 020281856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-26 03:40 - 2019-02-26 04:07 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-26 03:40 - 2019-02-26 03:41 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2019-03-26 03:40 - 2019-02-26 03:31 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-03-26 03:40 - 2019-02-26 03:31 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-03-26 03:40 - 2019-02-26 03:09 - 001332224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-26 03:40 - 2019-02-20 17:17 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-26 03:40 - 2019-02-09 15:51 - 002014696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-26 03:40 - 2019-02-08 16:44 - 000513376 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-03-26 03:40 - 2019-02-08 16:44 - 000513376 _____ C:\WINDOWS\system32\locale.nls
2019-03-26 03:40 - 2019-01-11 22:18 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-03-26 03:40 - 2019-01-07 22:22 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-03-26 03:40 - 2018-12-27 19:48 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-03-26 03:40 - 2018-12-08 08:23 - 000121272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-03-26 03:40 - 2018-11-28 05:04 - 013322240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2019-03-26 03:40 - 2018-10-12 10:19 - 000998480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-26 03:40 - 2018-08-27 22:36 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-03-26 03:40 - 2018-08-14 16:04 - 004171264 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2019-03-26 03:40 - 2018-08-09 10:16 - 004876800 _____ (Gracenote, Inc.) C:\WINDOWS\system32\gnsdk_fp.dll
2019-03-26 03:40 - 2018-07-19 00:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2019-03-26 03:40 - 2018-06-24 12:04 - 000504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000918296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000065880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000021848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000018776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000017240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000017240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000015704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000015192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000013656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000013152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:19 - 000063832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:19 - 000020824 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:19 - 000019288 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:19 - 000017752 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:19 - 000017752 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:19 - 000016216 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:19 - 000015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:19 - 000014168 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:19 - 000013656 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:19 - 000012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:19 - 000012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-03-26 03:40 - 2018-04-26 10:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-03-26 03:40 - 2018-02-16 11:37 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2019-03-26 03:39 - 2019-03-06 04:23 - 001737712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-03-26 03:39 - 2019-03-06 04:23 - 001501056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-26 03:39 - 2019-03-06 04:23 - 001371464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-26 03:39 - 2019-03-06 04:22 - 001677232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-26 03:39 - 2019-03-06 04:22 - 001537768 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-26 03:39 - 2019-03-06 04:18 - 007368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-26 03:39 - 2019-03-06 03:27 - 004167680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-03-26 03:39 - 2019-03-06 03:26 - 000032896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-26 03:39 - 2019-03-06 03:03 - 003324416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-26 03:39 - 2019-03-06 02:37 - 003617280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-26 03:39 - 2019-03-06 01:50 - 002780160 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2019-03-26 03:39 - 2019-03-06 01:39 - 002464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2019-03-26 03:39 - 2019-02-26 04:57 - 025737216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-26 03:39 - 2019-02-26 04:33 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-26 03:39 - 2019-02-26 04:31 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-26 03:39 - 2019-02-26 04:31 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2019-03-26 03:39 - 2019-02-26 04:31 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2019-03-26 03:39 - 2019-02-26 04:22 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-26 03:39 - 2019-02-26 04:20 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-26 03:39 - 2019-02-26 04:04 - 002295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-26 03:39 - 2019-02-26 03:57 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-26 03:39 - 2019-02-26 03:56 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2019-03-26 03:39 - 2019-02-26 03:56 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2019-03-26 03:39 - 2019-02-26 03:51 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2019-03-26 03:39 - 2019-02-26 03:46 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2019-03-26 03:39 - 2019-02-26 03:44 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-03-26 03:39 - 2019-02-26 03:43 - 015284224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-26 03:39 - 2019-02-26 03:43 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-03-26 03:39 - 2019-02-26 03:41 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-03-26 03:39 - 2019-02-26 03:39 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2019-03-26 03:39 - 2019-02-26 03:39 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2019-03-26 03:39 - 2019-02-26 03:36 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2019-03-26 03:39 - 2019-02-26 03:35 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-26 03:39 - 2019-02-26 03:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2019-03-26 03:39 - 2019-02-26 03:31 - 002059776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-03-26 03:39 - 2019-02-26 03:29 - 013681664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-26 03:39 - 2019-02-26 03:29 - 004858880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-26 03:39 - 2019-02-26 03:25 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2019-03-26 03:39 - 2019-02-26 03:20 - 001049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2019-03-26 03:39 - 2019-02-26 03:18 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-26 03:39 - 2019-02-26 03:12 - 004386304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-26 03:39 - 2019-02-26 03:07 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-03-26 03:39 - 2019-02-26 03:06 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-03-26 03:39 - 2019-02-09 16:36 - 000444392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-26 03:39 - 2019-02-09 15:53 - 000923384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-26 03:39 - 2019-02-09 15:26 - 000333560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-26 03:39 - 2019-02-09 14:46 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2019-03-26 03:39 - 2019-02-09 13:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-26 03:39 - 2019-02-09 13:16 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-26 03:39 - 2019-02-09 13:15 - 001095680 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-26 03:39 - 2019-02-08 21:38 - 002534936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-26 03:39 - 2019-02-08 21:33 - 001901888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-26 03:39 - 2019-02-08 20:40 - 001137776 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-03-26 03:39 - 2019-02-08 20:40 - 000805168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-03-26 03:39 - 2019-02-08 20:07 - 000614040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-03-26 03:39 - 2019-02-08 19:18 - 000862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-03-26 03:39 - 2019-02-08 18:39 - 001197056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-03-26 03:39 - 2019-02-08 18:29 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-03-26 03:39 - 2019-02-08 16:55 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-26 03:39 - 2019-02-08 15:54 - 001755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-26 03:39 - 2019-02-08 15:51 - 002348032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-26 03:39 - 2019-02-08 15:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-26 03:39 - 2019-02-08 14:50 - 001493504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-26 03:39 - 2019-02-08 14:45 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-26 03:39 - 2019-02-06 21:40 - 001308240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-26 03:39 - 2019-02-06 16:31 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-26 03:39 - 2019-02-06 16:30 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2019-03-26 03:39 - 2019-02-06 16:30 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-26 03:39 - 2019-02-06 14:52 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-26 03:39 - 2019-02-01 01:27 - 002447600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-26 03:39 - 2019-01-08 03:02 - 001764504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2019-03-26 03:39 - 2019-01-08 02:12 - 001489704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2019-03-26 03:39 - 2019-01-05 04:35 - 000152128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-26 03:39 - 2019-01-04 11:15 - 001635328 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-26 03:39 - 2019-01-04 11:15 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-26 03:39 - 2019-01-04 11:15 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-26 03:39 - 2019-01-04 11:15 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-26 03:39 - 2019-01-04 11:15 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2019-03-26 03:39 - 2019-01-04 11:15 - 000451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-26 03:39 - 2019-01-04 11:15 - 000313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-26 03:39 - 2019-01-04 11:15 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-26 03:39 - 2018-12-27 23:12 - 000178128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-03-26 03:39 - 2018-12-27 19:47 - 001441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-03-26 03:39 - 2018-12-27 19:41 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-03-26 03:39 - 2018-12-27 19:24 - 000780800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-03-26 03:39 - 2018-12-27 19:11 - 000785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-03-26 03:39 - 2018-12-27 19:05 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-03-26 03:39 - 2018-12-27 14:57 - 000805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-03-26 03:39 - 2018-12-27 13:30 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-03-26 03:39 - 2018-12-08 03:25 - 002173040 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-26 03:39 - 2018-12-08 02:32 - 001563376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-26 03:39 - 2018-12-08 00:49 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-03-26 03:39 - 2018-11-28 05:34 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-03-26 03:39 - 2018-11-28 05:17 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-03-26 03:39 - 2018-11-28 05:08 - 015441408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2019-03-26 03:39 - 2018-11-10 16:42 - 001368584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2019-03-26 03:39 - 2018-11-10 13:25 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2019-03-26 03:39 - 2018-10-16 00:39 - 001662504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-03-26 03:39 - 2018-10-16 00:39 - 001063368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-03-26 03:39 - 2018-10-16 00:02 - 001214920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-03-26 03:39 - 2018-10-12 16:51 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-03-26 03:39 - 2018-10-11 23:01 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2019-03-26 03:39 - 2018-10-06 15:14 - 001547192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-26 03:39 - 2018-10-06 15:14 - 000388536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-26 03:39 - 2018-10-06 13:43 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-03-26 03:39 - 2018-10-06 13:13 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-03-26 03:39 - 2018-09-23 13:24 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-03-26 03:39 - 2018-09-23 13:20 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-03-26 03:39 - 2018-09-23 12:56 - 002551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-03-26 03:39 - 2018-09-23 12:51 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-03-26 03:39 - 2018-09-12 15:30 - 000137008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2019-03-26 03:39 - 2018-09-11 12:30 - 003718144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-03-26 03:39 - 2018-09-01 13:43 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-03-26 03:39 - 2018-08-21 10:39 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-03-26 03:39 - 2018-08-21 10:35 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-03-26 03:39 - 2018-08-13 22:22 - 022374608 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-03-26 03:39 - 2018-08-13 22:19 - 019790752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-03-26 03:39 - 2018-08-12 11:21 - 001633008 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-03-26 03:39 - 2018-08-09 14:40 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-03-26 03:39 - 2018-08-09 13:59 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-03-26 03:39 - 2018-08-09 13:41 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-03-26 03:39 - 2018-08-09 13:41 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2019-03-26 03:39 - 2018-07-29 10:44 - 001265664 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-03-26 03:39 - 2018-07-24 14:50 - 006522344 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-03-26 03:39 - 2018-07-24 14:50 - 001488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-26 03:39 - 2018-07-19 01:22 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2019-03-26 03:39 - 2018-07-19 01:21 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-26 03:39 - 2018-07-19 01:03 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2019-03-26 03:39 - 2018-07-19 00:54 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-26 03:39 - 2018-07-05 20:17 - 001115648 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-03-26 03:39 - 2018-06-24 12:11 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2019-03-26 03:39 - 2018-06-19 10:31 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2019-03-26 03:39 - 2018-06-19 10:29 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2019-03-26 03:39 - 2018-06-14 22:22 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2019-03-26 03:39 - 2018-06-11 13:36 - 003119616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-03-26 03:39 - 2018-06-08 15:47 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-26 03:39 - 2018-06-08 15:26 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2019-03-26 03:39 - 2018-06-08 14:54 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-03-26 03:39 - 2018-06-08 14:53 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-03-26 03:39 - 2018-06-08 14:07 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2019-03-26 03:39 - 2018-06-08 13:44 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-03-26 03:39 - 2018-05-24 18:29 - 000428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-03-26 03:39 - 2018-05-23 01:13 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2019-03-26 03:39 - 2018-05-15 05:42 - 000590680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2019-03-26 03:39 - 2018-05-15 02:47 - 002334624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-03-26 03:39 - 2018-05-15 01:57 - 002324752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-03-26 03:39 - 2018-05-12 18:11 - 000532664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-03-26 03:39 - 2018-05-12 18:06 - 000567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-03-26 03:39 - 2018-05-05 13:38 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-03-26 03:39 - 2018-05-05 13:23 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-03-26 03:39 - 2018-05-03 20:02 - 000439640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2019-03-26 03:39 - 2018-04-07 13:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2019-03-26 03:39 - 2018-04-07 13:09 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2019-03-26 03:39 - 2018-04-07 12:41 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2019-03-26 03:39 - 2018-04-07 12:34 - 002255360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-03-26 03:39 - 2018-04-07 12:23 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2019-03-26 03:39 - 2018-04-07 12:15 - 001942016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-03-26 03:39 - 2018-04-06 18:27 - 000376656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-03-26 03:39 - 2018-03-28 22:06 - 002608640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
#5

2019-03-26 03:39 - 2018-03-28 22:05 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2019-03-26 03:39 - 2018-03-28 21:26 - 002170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2019-03-26 03:39 - 2018-03-28 21:24 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2019-03-26 03:39 - 2018-03-24 11:56 - 007033344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-03-26 03:39 - 2018-03-24 11:54 - 006214144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-03-26 03:39 - 2018-03-10 17:55 - 000137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2019-03-26 03:39 - 2018-03-10 16:04 - 000120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2019-03-26 03:39 - 2018-03-10 13:46 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-03-26 03:39 - 2018-03-10 13:35 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-03-26 03:39 - 2018-03-09 18:20 - 000418640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-26 03:39 - 2018-03-09 15:57 - 000276816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-03-26 03:39 - 2018-02-10 14:09 - 003757056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2019-03-26 03:39 - 2018-02-10 13:46 - 002412544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2019-03-26 03:39 - 2018-02-10 13:30 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2019-03-26 03:39 - 2018-02-08 15:53 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2019-03-26 03:39 - 2018-02-08 14:49 - 000289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2019-03-26 03:39 - 2018-02-01 15:51 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2019-03-26 03:39 - 2018-01-12 15:31 - 004690944 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-03-26 03:39 - 2018-01-12 14:35 - 003553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-03-26 03:39 - 2018-01-11 15:19 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2019-03-26 03:39 - 2018-01-11 14:55 - 002003456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2019-03-26 03:39 - 2018-01-11 14:42 - 002923520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2019-03-26 03:39 - 2018-01-11 14:13 - 001695744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-03-26 03:39 - 2018-01-10 11:48 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-26 03:39 - 2018-01-02 04:56 - 000397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-03-26 03:39 - 2018-01-02 03:37 - 000685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2019-03-26 03:39 - 2018-01-02 03:35 - 000989528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-26 03:39 - 2018-01-02 03:03 - 000341384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-03-26 03:39 - 2018-01-02 02:58 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-03-26 03:39 - 2018-01-02 02:48 - 000507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2019-03-26 03:39 - 2018-01-02 02:40 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2019-03-26 03:39 - 2018-01-02 02:06 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2019-03-26 03:39 - 2018-01-02 01:56 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2019-03-26 03:39 - 2018-01-02 01:51 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2019-03-26 03:39 - 2018-01-02 01:44 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2019-03-26 03:39 - 2018-01-02 01:34 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2019-03-26 03:39 - 2018-01-02 01:33 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2019-03-26 03:39 - 2018-01-02 01:29 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-03-26 03:39 - 2018-01-02 01:27 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2019-03-26 03:39 - 2018-01-02 01:16 - 000881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-03-26 03:39 - 2018-01-02 01:09 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-03-26 03:39 - 2018-01-02 00:56 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-03-26 03:39 - 2018-01-02 00:55 - 003548160 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-03-26 03:39 - 2017-12-14 20:26 - 000374096 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-03-26 03:39 - 2017-12-14 18:39 - 000315736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2019-03-26 03:39 - 2017-12-14 07:17 - 000044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2019-03-26 03:39 - 2017-12-10 10:58 - 000035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2019-03-26 03:39 - 2017-12-10 10:46 - 007079424 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2019-03-26 03:39 - 2017-12-10 10:24 - 005275136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2019-03-26 03:39 - 2017-12-10 10:06 - 007797760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-26 03:39 - 2017-12-10 09:59 - 005270528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-26 03:39 - 2017-09-09 12:47 - 014466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-03-26 03:39 - 2017-09-09 12:21 - 012879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-03-26 03:39 - 2017-09-08 14:14 - 003084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2019-03-26 03:39 - 2017-09-08 13:50 - 002471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2019-03-26 03:39 - 2017-09-07 16:54 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-03-26 03:39 - 2017-09-06 18:17 - 000461144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2019-03-26 03:39 - 2014-11-08 00:56 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2019-03-26 03:39 - 2014-11-08 00:13 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2019-03-26 03:38 - 2019-02-26 03:58 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2019-03-26 03:38 - 2019-02-15 16:58 - 000536584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-26 03:38 - 2019-02-15 16:58 - 000466272 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-26 03:38 - 2019-02-15 16:58 - 000413176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-26 03:38 - 2019-02-15 16:54 - 000038184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-26 03:38 - 2019-02-15 16:51 - 000449744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-26 03:38 - 2019-02-15 16:51 - 000413576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-26 03:38 - 2019-02-15 16:51 - 000033504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-26 03:38 - 2019-02-15 16:50 - 000372328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-03-26 03:38 - 2019-02-09 16:36 - 000218056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-26 03:38 - 2019-02-09 14:49 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-26 03:38 - 2019-02-09 14:49 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-26 03:38 - 2019-02-09 14:49 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-26 03:38 - 2019-02-09 14:18 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2019-03-26 03:38 - 2019-02-09 14:03 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2019-03-26 03:38 - 2019-02-09 13:56 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2019-03-26 03:38 - 2019-02-09 13:45 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2019-03-26 03:38 - 2019-02-07 16:38 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-26 03:38 - 2019-02-06 21:40 - 001311240 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-26 03:38 - 2019-02-06 16:32 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-26 03:38 - 2019-02-06 16:32 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-26 03:38 - 2019-02-06 15:27 - 001040384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-26 03:38 - 2019-01-09 01:20 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hcproviders.dll
2019-03-26 03:38 - 2019-01-09 01:10 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2019-03-26 03:38 - 2019-01-09 01:06 - 000894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2019-03-26 03:38 - 2019-01-09 00:52 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hcproviders.dll
2019-03-26 03:38 - 2019-01-09 00:45 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2019-03-26 03:38 - 2019-01-09 00:40 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2019-03-26 03:38 - 2019-01-09 00:34 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-03-26 03:38 - 2019-01-09 00:21 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-03-26 03:38 - 2018-12-08 16:00 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-03-26 03:38 - 2018-12-02 07:08 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-03-26 03:38 - 2018-12-01 13:44 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-03-26 03:38 - 2018-11-10 15:53 - 000356088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-26 03:38 - 2018-10-24 21:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2019-03-26 03:38 - 2018-10-24 21:51 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2019-03-26 03:38 - 2018-10-24 21:46 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2019-03-26 03:38 - 2018-10-24 21:45 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2019-03-26 03:38 - 2018-10-12 17:25 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2019-03-26 03:38 - 2018-10-12 17:16 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2019-03-26 03:38 - 2018-10-12 17:16 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2019-03-26 03:38 - 2018-10-11 23:16 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dispex.dll
2019-03-26 03:38 - 2018-10-11 23:10 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2019-03-26 03:38 - 2018-10-11 22:58 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2019-03-26 03:38 - 2018-10-11 22:58 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2019-03-26 03:38 - 2018-10-06 12:41 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-26 03:38 - 2018-10-06 12:34 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-26 03:38 - 2018-09-28 10:38 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2019-03-26 03:38 - 2018-09-28 10:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2019-03-26 03:38 - 2018-09-23 13:47 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-03-26 03:38 - 2018-09-23 13:45 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-03-26 03:38 - 2018-09-23 13:45 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2019-03-26 03:38 - 2018-09-23 13:37 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-03-26 03:38 - 2018-09-23 13:23 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-03-26 03:38 - 2018-09-23 13:23 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-03-26 03:38 - 2018-09-23 13:17 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-03-26 03:38 - 2018-09-23 13:00 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-03-26 03:38 - 2018-09-23 13:00 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-03-26 03:38 - 2018-09-23 12:58 - 000904192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-03-26 03:38 - 2018-09-23 12:53 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2019-03-26 03:38 - 2018-09-23 12:50 - 000709632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-03-26 03:38 - 2018-09-07 14:39 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2019-03-26 03:38 - 2018-09-07 13:51 - 002849280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2019-03-26 03:38 - 2018-08-26 01:07 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2019-03-26 03:38 - 2018-08-26 01:07 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2019-03-26 03:38 - 2018-08-23 19:54 - 000289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2019-03-26 03:38 - 2018-07-24 14:50 - 000261408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-03-26 03:38 - 2018-07-18 10:34 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2019-03-26 03:38 - 2018-07-06 14:14 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2019-03-26 03:38 - 2018-07-06 13:22 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2019-03-26 03:38 - 2018-06-30 15:00 - 001113952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-26 03:38 - 2018-06-26 12:25 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2019-03-26 03:38 - 2018-06-26 12:14 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2019-03-26 03:38 - 2018-06-20 15:48 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-03-26 03:38 - 2018-06-20 15:48 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fxppm.sys
2019-03-26 03:38 - 2018-06-20 13:58 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-03-26 03:38 - 2018-06-20 13:58 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-03-26 03:38 - 2018-06-20 13:58 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-03-26 03:38 - 2018-06-14 22:55 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2019-03-26 03:38 - 2018-06-14 22:43 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2019-03-26 03:38 - 2018-06-09 13:26 - 002712064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-03-26 03:38 - 2018-05-23 02:45 - 000027480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-03-26 03:38 - 2018-05-15 02:47 - 000244304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-03-26 03:38 - 2018-05-15 01:04 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-03-26 03:38 - 2018-05-15 00:05 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-26 03:38 - 2018-05-14 23:57 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-26 03:38 - 2018-05-14 23:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-26 03:38 - 2018-05-05 16:05 - 001543800 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2019-03-26 03:38 - 2018-05-05 15:15 - 001178136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2019-03-26 03:38 - 2018-05-03 20:02 - 000325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2019-03-26 03:38 - 2018-05-03 20:02 - 000187728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2019-03-26 03:38 - 2018-04-26 10:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-03-26 03:38 - 2018-04-26 10:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-03-26 03:38 - 2018-04-15 13:55 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2019-03-26 03:38 - 2018-04-15 13:16 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2019-03-26 03:38 - 2018-04-10 15:27 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2019-03-26 03:38 - 2018-04-10 14:01 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll
2019-03-26 03:38 - 2018-04-07 12:20 - 001707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2019-03-26 03:38 - 2018-04-07 12:10 - 001344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2019-03-26 03:38 - 2018-04-07 12:06 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2019-03-26 03:38 - 2018-04-07 12:01 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2019-03-26 03:38 - 2018-04-05 14:47 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc63.sys
2019-03-26 03:38 - 2018-04-05 14:38 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetVscCoinstall.dll
2019-03-26 03:38 - 2018-03-28 22:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2019-03-26 03:38 - 2018-03-28 22:21 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2019-03-26 03:38 - 2018-03-24 12:57 - 001101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2019-03-26 03:38 - 2018-03-24 12:40 - 001171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2019-03-26 03:38 - 2018-03-24 12:34 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2019-03-26 03:38 - 2018-03-24 12:22 - 001086976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2019-03-26 03:38 - 2018-03-10 14:47 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-03-26 03:38 - 2018-03-10 14:47 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-03-26 03:38 - 2018-03-10 14:43 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2019-03-26 03:38 - 2018-03-10 13:22 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2019-03-26 03:38 - 2018-03-10 13:21 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2019-03-26 03:38 - 2018-03-10 13:21 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2019-03-26 03:38 - 2018-03-10 13:20 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2019-03-26 03:38 - 2018-03-10 13:18 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-03-26 03:38 - 2018-03-10 13:18 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2019-03-26 03:38 - 2018-03-10 13:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2019-03-26 03:38 - 2018-03-10 13:18 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2019-03-26 03:38 - 2018-03-10 13:17 - 002240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2019-03-26 03:38 - 2018-03-10 13:17 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-03-26 03:38 - 2018-03-08 15:15 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2019-03-26 03:38 - 2018-03-08 15:14 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2019-03-26 03:38 - 2018-03-07 20:46 - 000202576 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2019-03-26 03:38 - 2018-03-07 20:42 - 000174928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2019-03-26 03:38 - 2018-03-07 16:28 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2019-03-26 03:38 - 2018-03-07 15:26 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2019-03-26 03:38 - 2018-03-03 14:44 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2019-03-26 03:38 - 2018-03-03 14:04 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2019-03-26 03:38 - 2018-03-03 13:24 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2019-03-26 03:38 - 2018-03-03 13:18 - 000894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2019-03-26 03:38 - 2018-03-03 13:18 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2019-03-26 03:38 - 2018-03-03 13:15 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2019-03-26 03:38 - 2018-03-03 13:04 - 000741888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2019-03-26 03:38 - 2018-03-03 13:04 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2019-03-26 03:38 - 2018-02-10 16:29 - 000274272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-03-26 03:38 - 2018-02-10 16:29 - 000124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NV_AGP.SYS
2019-03-26 03:38 - 2018-02-10 16:29 - 000065888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ULIAGPKX.SYS
2019-03-26 03:38 - 2018-02-10 16:29 - 000062304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AGP440.sys
2019-03-26 03:38 - 2018-02-10 16:29 - 000021856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2019-03-26 03:38 - 2018-02-10 16:29 - 000017240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msisadrv.sys
2019-03-26 03:38 - 2018-02-10 16:25 - 000533856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2019-03-26 03:38 - 2018-02-10 14:01 - 000617472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2019-03-26 03:38 - 2018-02-10 13:44 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2019-03-26 03:38 - 2018-02-08 15:18 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2019-03-26 03:38 - 2018-02-08 15:03 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-03-26 03:38 - 2018-02-08 14:42 - 001001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2019-03-26 03:38 - 2018-02-08 14:42 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2019-03-26 03:38 - 2018-02-08 14:24 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2019-03-26 03:38 - 2018-02-08 14:03 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2019-03-26 03:38 - 2018-02-08 14:03 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2019-03-26 03:38 - 2018-01-12 15:18 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2019-03-26 03:38 - 2018-01-12 14:26 - 000393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2019-03-26 03:38 - 2018-01-11 15:39 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cic.dll
2019-03-26 03:38 - 2018-01-11 15:39 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcshext.dll
2019-03-26 03:38 - 2018-01-11 15:34 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcbase.dll
2019-03-26 03:38 - 2018-01-11 15:28 - 001562624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2019-03-26 03:38 - 2018-01-11 15:10 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cic.dll
2019-03-26 03:38 - 2018-01-11 15:10 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcshext.dll
2019-03-26 03:38 - 2018-01-11 15:04 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2019-03-26 03:38 - 2018-01-09 03:06 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\certenc.dll
2019-03-26 03:38 - 2018-01-09 02:32 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certenc.dll
2019-03-26 03:38 - 2018-01-09 02:19 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2019-03-26 03:38 - 2018-01-09 01:59 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2019-03-26 03:38 - 2018-01-02 05:00 - 000242520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2019-03-26 03:38 - 2018-01-02 05:00 - 000214392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-03-26 03:38 - 2018-01-02 04:56 - 000136536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-03-26 03:38 - 2018-01-02 03:39 - 000354648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2019-03-26 03:38 - 2018-01-02 03:05 - 000164296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-03-26 03:38 - 2018-01-02 02:39 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-26 03:38 - 2018-01-02 02:39 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2019-03-26 03:38 - 2018-01-02 02:39 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2019-03-26 03:38 - 2018-01-02 02:38 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-03-26 03:38 - 2018-01-02 02:38 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2019-03-26 03:38 - 2018-01-02 02:38 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2019-03-26 03:38 - 2018-01-02 02:37 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2019-03-26 03:38 - 2018-01-02 02:34 - 000360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2019-03-26 03:38 - 2018-01-02 02:31 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2019-03-26 03:38 - 2018-01-02 02:28 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2019-03-26 03:38 - 2018-01-02 02:28 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2019-03-26 03:38 - 2018-01-02 02:19 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2019-03-26 03:38 - 2018-01-02 02:17 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2019-03-26 03:38 - 2018-01-02 01:57 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2019-03-26 03:38 - 2018-01-02 01:45 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2019-03-26 03:38 - 2018-01-02 01:34 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-03-26 03:38 - 2018-01-02 01:33 - 000845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-03-26 03:38 - 2018-01-02 01:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2019-03-26 03:38 - 2018-01-02 01:32 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-03-26 03:38 - 2018-01-02 01:22 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2019-03-26 03:38 - 2018-01-02 01:21 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-03-26 03:38 - 2018-01-02 01:18 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-03-26 03:38 - 2018-01-02 01:17 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-26 03:38 - 2018-01-02 01:17 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2019-03-26 03:38 - 2018-01-02 01:16 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-26 03:38 - 2018-01-02 01:13 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-03-26 03:38 - 2018-01-02 01:11 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2019-03-26 03:38 - 2018-01-02 01:11 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2019-03-26 03:38 - 2018-01-02 01:09 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-03-26 03:38 - 2018-01-02 01:08 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2019-03-26 03:38 - 2018-01-02 01:07 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-03-26 03:38 - 2018-01-02 01:05 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2019-03-26 03:38 - 2018-01-02 00:59 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-03-26 03:38 - 2018-01-02 00:57 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2019-03-26 03:38 - 2017-12-05 13:56 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2019-03-26 03:38 - 2017-12-05 13:45 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2019-03-26 03:38 - 2017-12-05 13:42 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2019-03-26 03:38 - 2017-12-05 13:10 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-03-26 03:38 - 2017-12-05 13:02 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2019-03-26 03:38 - 2017-12-05 12:58 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
2019-03-26 03:38 - 2017-12-05 12:24 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2019-03-26 03:38 - 2017-11-08 12:55 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2019-03-26 03:38 - 2017-11-07 18:15 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2019-03-26 03:38 - 2017-11-07 17:46 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2019-03-26 03:38 - 2017-10-10 13:39 - 001192960 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2019-03-26 03:38 - 2017-10-10 13:36 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-03-26 03:38 - 2017-10-10 13:29 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2019-03-26 03:38 - 2017-10-10 12:42 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2019-03-26 03:38 - 2017-10-10 11:58 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2019-03-26 03:38 - 2017-10-05 04:17 - 000380248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2019-03-26 03:38 - 2017-09-13 22:18 - 001384216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-26 03:38 - 2017-09-13 22:14 - 001124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-26 03:38 - 2017-09-13 10:31 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2019-03-26 03:38 - 2017-09-13 10:27 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2019-03-26 03:38 - 2017-09-09 14:38 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2019-03-26 03:38 - 2017-09-09 10:13 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2019-03-26 03:38 - 2017-09-09 10:13 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2019-03-26 03:38 - 2017-09-07 18:31 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2019-03-26 03:38 - 2017-09-07 16:20 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2019-03-26 03:38 - 2017-09-06 20:07 - 000158552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2019-03-26 03:38 - 2017-09-06 11:14 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2019-03-26 03:38 - 2017-08-10 23:16 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2019-03-26 03:38 - 2017-08-10 22:57 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2019-03-26 03:38 - 2017-08-06 18:20 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-26 03:38 - 2014-11-08 01:00 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2019-03-26 03:38 - 2014-11-08 00:56 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2019-03-26 03:38 - 2014-11-08 00:56 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2019-03-26 03:38 - 2014-11-08 00:24 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2019-03-26 03:38 - 2014-11-08 00:13 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2019-03-26 03:38 - 2014-11-08 00:13 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2019-03-26 03:38 - 2014-11-07 23:48 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2019-03-26 03:38 - 2014-11-04 03:27 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-03-26 03:34 - 2018-06-08 10:15 - 002860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-25 21:01 - 2019-03-25 21:01 - 000003642 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3873176162-2479699386-2927219615-1002UA
2019-03-25 21:01 - 2019-03-25 21:01 - 000003370 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3873176162-2479699386-2927219615-1002Core
2019-03-25 21:00 - 2019-03-25 21:01 - 000000000 ____D C:\Users\katerinelizabeth\AppData\Roaming\Chrome

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-04 16:17 - 2017-03-12 19:48 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3873176162-2479699386-2927219615-1002
2019-04-04 15:45 - 2014-04-30 00:35 - 000839286 _____ C:\WINDOWS\system32\perfh00A.dat
2019-04-04 15:45 - 2014-04-30 00:35 - 000180680 _____ C:\WINDOWS\system32\perfc00A.dat
2019-04-04 15:45 - 2014-03-18 06:53 - 001966784 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-04 15:45 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\Inf
2019-04-04 15:40 - 2015-04-07 11:26 - 000000000 __RDO C:\Users\katerinelizabeth\OneDrive
2019-04-04 15:39 - 2013-08-22 11:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-04 15:38 - 2014-08-18 06:05 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-04-04 15:26 - 2017-03-12 19:27 - 000000000 ____D C:\Users\katerinelizabeth\AppData\Local\SweetLabs App Platform
2019-04-04 13:51 - 2013-08-22 11:44 - 000504272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-04 13:49 - 2015-04-07 11:17 - 000000000 ____D C:\Users\katerinelizabeth\AppData\Local\Packages
2019-04-04 13:49 - 2013-08-22 12:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-04 13:49 - 2013-08-22 12:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-04 13:42 - 2017-05-28 19:13 - 000000000 ____D C:\WINDOWS\Minidump
2019-04-04 13:42 - 2014-04-02 07:25 - 000000000 ___DC C:\WINDOWS\Panther
2019-04-04 13:42 - 2013-08-22 12:36 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-04-04 13:36 - 2014-04-29 15:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-04-04 13:32 - 2013-08-22 12:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-04-03 19:38 - 2013-08-22 12:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-03 15:20 - 2017-03-12 21:33 - 000002285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-03 15:02 - 2013-08-22 12:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-03 14:56 - 2017-03-12 21:28 - 000000000 ____D C:\Users\katerinelizabeth\AppData\Local\Google
2019-04-03 14:52 - 2014-08-18 06:22 - 000000000 ____D C:\ProgramData\CyberLink
2019-04-03 14:52 - 2014-08-18 06:21 - 000000000 ____D C:\Program Files (x86)\CyberLink
2019-04-03 14:52 - 2014-08-18 06:09 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2019-04-03 14:52 - 2014-04-29 15:11 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-04-03 14:43 - 2014-08-18 06:33 - 000000000 ____D C:\ProgramData\McAfee
2019-04-03 14:43 - 2014-08-18 06:33 - 000000000 ____D C:\Program Files (x86)\McAfee
2019-04-03 14:30 - 2013-08-22 12:36 - 000000000 ___RD C:\WINDOWS\ToastData
2019-04-03 14:29 - 2017-09-11 21:05 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-04-03 14:29 - 2017-09-08 22:27 - 000000000 ___SD C:\WINDOWS\system32\CompatTel
2019-04-03 14:24 - 2017-03-13 03:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-04-03 14:23 - 2013-08-22 12:36 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-03 14:23 - 2013-08-22 10:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2019-04-03 14:21 - 2018-05-01 00:59 - 000003228 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForkaterinelizabeth
2019-04-03 14:21 - 2017-11-02 00:08 - 000000392 _____ C:\WINDOWS\Tasks\HPCeeScheduleForkaterinelizabeth.job
2019-04-03 14:13 - 2014-08-18 06:24 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-04-03 14:11 - 2014-08-18 06:24 - 000000000 ____D C:\ProgramData\WildTangent
2019-04-03 14:11 - 2014-08-18 06:24 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2019-04-03 14:09 - 2014-04-29 15:10 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2019-04-01 10:24 - 2017-07-27 00:38 - 000003194 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3873176162-2479699386-2927219615-1002
2019-04-01 10:22 - 2018-02-14 21:33 - 000002376 _____ C:\Users\katerinelizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive para la Empresa.lnk
2019-03-29 22:10 - 2017-04-27 01:08 - 000000000 ____D C:\Users\katerinelizabeth\AppData\Roaming\Google
2019-03-29 20:19 - 2017-03-12 21:28 - 000003468 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-29 20:19 - 2017-03-12 21:28 - 000003340 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-26 14:23 - 2017-08-29 02:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-26 14:09 - 2017-08-29 02:18 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-03-06 11:18 - 2013-08-22 10:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-03-29 22:09

==================== End of FRST.txt ============================

Saludos

#6

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\RunOnce: [Application Restart #5] => C:\Users\katerinelizabeth\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-09-18] (Pokki -> Pokki)
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\RunOnce: [Application Restart #0] => C:\Users\katerinelizabeth\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-09-18] (Pokki -> Pokki)
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\MountPoints2: {1074a90a-a720-11e7-827b-1008b11e2872} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\MountPoints2: {42a3e937-41a5-11e9-82c2-1008b11e2872} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\MountPoints2: {8aaa0d99-f994-11e7-8291-1008b11e2872} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\MountPoints2: {9133e1f1-769f-11e8-82a3-1008b11e2872} - "F:\HiSuiteDownLoader.exe"
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
AutoConfigURL: [S-1-5-21-3873176162-2479699386-2927219615-1002] => hxxp://www.thenewtrampo.info/ecocl.dat
ManualProxies: 0hxxp://www.thenewtrampo.info/ecocl.dat
CHR Extension: (Ask Web Search) - C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb [2019-04-04]
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pft1F98.tmp\amifldrv64.sys [X] <==== ATTENTION
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8 :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

#7

Hola nuevamente… adjunto el reporte

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by katerinelizabeth (05-04-2019 21:04:59) Run:1
Running from C:\Users\katerinelizabeth\Desktop
Loaded Profiles: katerinelizabeth (Available Profiles: katerinelizabeth & Administrador)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\RunOnce: [Application Restart #5] => C:\Users\katerinelizabeth\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-09-18] (Pokki -> Pokki)
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\RunOnce: [Application Restart #0] => C:\Users\katerinelizabeth\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-09-18] (Pokki -> Pokki)
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\MountPoints2: {1074a90a-a720-11e7-827b-1008b11e2872} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\MountPoints2: {42a3e937-41a5-11e9-82c2-1008b11e2872} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\MountPoints2: {8aaa0d99-f994-11e7-8291-1008b11e2872} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\...\MountPoints2: {9133e1f1-769f-11e8-82a3-1008b11e2872} - "F:\HiSuiteDownLoader.exe"
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
AutoConfigURL: [S-1-5-21-3873176162-2479699386-2927219615-1002] => hxxp://www.thenewtrampo.info/ecocl.dat
ManualProxies: 0hxxp://www.thenewtrampo.info/ecocl.dat
CHR Extension: (Ask Web Search) - C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb [2019-04-04]
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pft1F98.tmp\amifldrv64.sys [X] <==== ATTENTION
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #5" => removed successfully
"HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0" => removed successfully
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1074a90a-a720-11e7-827b-1008b11e2872} => removed successfully
HKLM\Software\Classes\CLSID\{1074a90a-a720-11e7-827b-1008b11e2872} => not found
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42a3e937-41a5-11e9-82c2-1008b11e2872} => removed successfully
HKLM\Software\Classes\CLSID\{42a3e937-41a5-11e9-82c2-1008b11e2872} => not found
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8aaa0d99-f994-11e7-8291-1008b11e2872} => removed successfully
HKLM\Software\Classes\CLSID\{8aaa0d99-f994-11e7-8291-1008b11e2872} => not found
HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9133e1f1-769f-11e8-82a3-1008b11e2872} => removed successfully
HKLM\Software\Classes\CLSID\{9133e1f1-769f-11e8-82a3-1008b11e2872} => not found
"C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE" => not found
"HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\" => removed successfully
CHR Extension: (Ask Web Search) - C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb [2019-04-04] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\GENERICDRV => removed successfully
GENERICDRV => service removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 13 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 2 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Wi-Fi mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22052185 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 151560 B
Edge => 0 B
Chrome => 381353796 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1889416 B
systemprofile32 => 128 B
LocalService => 3322 B
NetworkService => 0 B
katerinelizabeth => 5035814 B
Administrator => 24094 B

RecycleBin => 0 B
EmptyTemp: => 391.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:05:46 ====

verificaré como va todo y aviso dentro de la semana

sl2

#8

Estimado Javier, le comento que acabo de encender el computador nuevamente para revisar cosas y nuevamente salió Mwb con avisos de bloqueos… automáticamente comenzó a escanear y encontró 39 infecciones, de las cuales adjunto reporte

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 5/4/19
Hora del análisis: 21:21
Archivo de registro: ea5a78f8-5801-11e9-9a6f-1008b11e2872.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10020
Licencia: Prueba

-Información del sistema-
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: KATERIN\katerinelizabeth

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 266851
Amenazas detectadas: 39
Amenazas en cuarentena: 39
Tiempo transcurrido: 8 min, 41 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 1
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-3873176162-2479699386-2927219615-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|gkbadihnboaejkjjafglpofoifgnfkkb, En cuarentena, [1738], [443122],1.0.10020

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 9
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\_locales\en, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\_metadata, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\_locales, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\config, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\icons, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\libs, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\USERS\KATERINELIZABETH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GKBADIHNBOAEJKJJAFGLPOFOIFGNFKKB, En cuarentena, [1738], [443122],1.0.10020

Archivo: 29
PUP.Optional.MindSpark.Generic, C:\USERS\KATERINELIZABETH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\USERS\KATERINELIZABETH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Sustituido, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\USERS\KATERINELIZABETH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GKBADIHNBOAEJKJJAFGLPOFOIFGNFKKB\50.158.14.57311_0\MANIFEST.JSON, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\config\config.json, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\icons\icon128.png, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\icons\icon16.png, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\icons\icon19disabled.png, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\icons\icon19on.png, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\icons\icon48.png, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\ajax.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\background.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\chrome.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\content_script.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\dlp.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\dlpHelper.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\extension_detect.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\index.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\internationalSearchUtils.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\logger.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\settingsOverridesUtils.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\splashPageLocalStorageSetter.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\storageUtils.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\templateParser.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\ul.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\urlUtils.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\js\util.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\libs\PartnerId.js, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\_locales\en\messages.json, En cuarentena, [1738], [443122],1.0.10020
PUP.Optional.MindSpark.Generic, C:\Users\katerinelizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbadihnboaejkjjafglpofoifgnfkkb\50.158.14.57311_0\_metadata\verified_contents.json, En cuarentena, [1738], [443122],1.0.10020

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

saludos cordiales

#9

Prueba esto:

  • Realiza copia marcadores de Chrome &gt;&gt; https://support.google.com/chrome/answer/96816?hl=es

  • Desinstalas Chrome con Revo.

  • Descarga e instalas &gt;&gt; Revo Uninstaller | InfoSpyware

  • Luego, segun Indico, desinstalas el / los programas indicados, seleccionando cuando lo indique Revo, el Modo Avanzado

  • Marcas NOMBRE PROGRAMA y pulsas desinstalar en el menu de Revo, en Modo Avanzado

  • Cuando lo hagas, se iniciara el desinstalador de NOMBRE DE PROGRAMA y al finalizar (si alguno te pide reiniciar, pulsas en NO o Cancelar y continuas con Revo), realizas:

  1. Pulsas Analizar en Revo, para que analice los restos del programa

  2. Pulsas seleccionar todo, para eliminar restos del registro

  3. Pulsas borrar todo

  4. Pulsas siguiente

  5. Pulsas seleccionar todo, para eliminar, si hay, carpetas

  6. Pulsas borrar todo

  7. Pulsas finalizar

Eliminas estas carpetas si estan:

  1. C:\ProgramData\Google/Chrome

  2. C:\Users\All Users\Google\Chrome

  3. C:\Users\TU NOMBRE DE USUARIO\AppData\Local\Google\Chrome

  4. C:\Users\TU NOMBRE DE USUARIO\AppData\Roaming\Google\Chrome

Reinstalas &gt;&gt; https://www.google.es/chrome/browser/desktop/

Reinicias el pc y analiza de nuevo con Malwarebytes

#10

Estimado Miguel, luego de varios días de uso de la laptop de mi novia, ya no tengo errores de mwb y noto que está en perfectas condiciones.

Nuevamente muchas gracias por vuestro tiempo

sl2

#11

Para eliminar las herramientas usadas en la desinfección, realizas:

  • Descargas y Ejecutas >> Delfix, en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)

  • Marca solamente la casilla Remove disinfection tools

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.


Me alegro de haberte podido ayudar! :+1:


TEMA SOLUCIONADO

cerrado #12

Este tema se cerró automáticamente 2 días después del último post. No se permiten nuevas respuestas.