• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 12

    Luckysites, zoohair y demases. No paran de regenerarse (Solucionado)

    Hola Infospyware Bueno, como dice el titulo: tengo esas basuras de buscadores y no me puedo deshacer de ellos. Intenté adwcleaner, malwarebytes, ccleaner y JRT en modo seguro pero nada. Bueno, como leí por ahi ...

          
    1. #1
      Usuario Avatar de WolFran
      Registrado
      may 2017
      Ubicación
      Argentina
      Mensajes
      7

      Luckysites, zoohair y demases. No paran de regenerarse (Solucionado)

      Hola Infospyware

      Bueno, como dice el titulo: tengo esas basuras de buscadores y no me puedo deshacer de ellos. Intenté adwcleaner, malwarebytes, ccleaner y JRT en modo seguro pero nada.
      Bueno, como leí por ahi voy a publicar los informes, primero de malwarebytes, adwcleaner segundo y jrt ultimo.

      Malwarebytes:

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 18/5/17
      Hora del análisis: 9:16
      Archivo de registro: malwarebytes.txt
      Administrador: Sí

      -Información del software-
      Versión: 3.1.2.1733
      Versión de los componentes: 1.0.122
      Versión del paquete de actualización: 1.0.1964
      Licencia: Gratis

      -Información del sistema-
      SO: Windows 10
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: DESKTOP-I75C32L\DELL

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 372580
      Amenazas detectadas: 891
      Amenazas en cuarentena: 0
      (No hay elementos maliciosos detectados)
      Tiempo transcurrido: 3 min, 18 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Activado
      PUM: Activado

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 2
      Adware.Ghokswa, HKU\S-1-5-21-1725805020-1347050944-845805920-1001\SOFTWARE\Hotleaf, Sin acciones por parte del usuario, [321], [399771],1.0.1964
      Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\swpvr, Sin acciones por parte del usuario, [2], [399784],1.0.1964

      Valor del registro: 1
      Adware.Ghokswa, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{31551085-FF70-413E-AD7A-FB224EF4A917}, Sin acciones por parte del usuario, [321], [399769],1.0.1964

      ----------------------------------------

      # AdwCleaner v6.046 - Archivo de registro creado 18/05/2017 en 09:13:42
      # Actualizado en 24/04/2017 por Malwarebytes
      # Base de datos : 2017-05-17.1 [Servidor]
      # Sistema Operativo : Windows 10 Pro (X64)
      # Nombre de usuario : DELL - DESKTOP-I75C32L
      # Ejecutado desde : C:\Users\DELL\Desktop\AdwCleaner.exe
      # Modo: Escanear
      # Soporte : https://www.malwarebytes.com/support



      ***** [ Servicios ] *****

      Servicio Encontrado: BIT


      ***** [ Carpetas ] *****

      Carpeta Encontrada: C:\ProgramData\BIT


      ***** [ Archivos ] *****

      No se encontraron archivos maliciosos.


      ***** [ DLL ] *****

      No se han encontrado DLLs maliciosas.


      ***** [ WMI ] *****

      No se han encontrado claves maliciosas.


      ***** [ Accesos directos ] *****

      No se ha encontrado ningún acceso directo infectado.


      ***** [ Tareas programadas ] *****

      No se ha encontrado ninguna tarea maliciosa.


      ***** [ Registro ] *****

      Llave Encontrada HKU\S-1-5-21-1725805020-1347050944-845805920-1001\Software\Zoohair
      Llave Encontrada HKCU\Software\Zoohair
      Llave Encontrada [x64] HKCU\Software\Zoohair
      Valor encontrado: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty]
      Valor encontrado: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]


      ***** [ Navegadores Web ] *****

      No se han encontrado elementos de navegador maliciosos basados en Firefox.
      No se han encontrado elementos de navegador maliciosos basados en Chromium.

      *************************

      C:\AdwCleaner\AdwCleaner[C0].txt - [3101 Bytes] - [17/05/2017 11:53:18]
      C:\AdwCleaner\AdwCleaner[C2].txt - [1216 Bytes] - [17/05/2017 11:57:21]
      C:\AdwCleaner\AdwCleaner[C3].txt - [1464 Bytes] - [17/05/2017 13:38:38]
      C:\AdwCleaner\AdwCleaner[C4].txt - [1670 Bytes] - [17/05/2017 15:39:33]
      C:\AdwCleaner\AdwCleaner[S0].txt - [2964 Bytes] - [17/05/2017 11:51:38]
      C:\AdwCleaner\AdwCleaner[S1].txt - [1503 Bytes] - [17/05/2017 11:57:12]
      C:\AdwCleaner\AdwCleaner[S2].txt - [1667 Bytes] - [17/05/2017 1200]
      C:\AdwCleaner\AdwCleaner[S3].txt - [1756 Bytes] - [17/05/2017 13:38:27]
      C:\AdwCleaner\AdwCleaner[S4].txt - [1919 Bytes] - [17/05/2017 15:29:21]
      C:\AdwCleaner\AdwCleaner[S5].txt - [2032 Bytes] - [17/05/2017 15:54:31]
      C:\AdwCleaner\AdwCleaner[S6].txt - [2105 Bytes] - [17/05/2017 16:03:48]
      C:\AdwCleaner\AdwCleaner[S7].txt - [2294 Bytes] - [18/05/2017 09:13:42]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2367 Bytes] ##########



      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.3 (04.10.2017)
      Operating System: Windows 10 Pro x64
      Ran by DELL (Administrator) on 18/05/2017 at 9:27:04,78
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 0




      Registry: 0





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 18/05/2017 at 9:28:01,09
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Última edición por @Daniela fecha: 19/05/17 a las 05:19:06 Razón: Reducir reporte

    2. #2
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.832

      Re: Luckysites, zoohair y demases. No paran de regenerarse aun en modo seguro.

      Hola WolFran


      En el reporte de Malwarebytes dice que no se tomaron acciones por parte del usuario, vuelve a ejecutarlo y elimina todo lo que detecte.

      El reporte de AdwCleaner es del escaneo, le diste después en limpiar?

      Pon los reportes después de limpiar y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de WolFran
      Registrado
      may 2017
      Ubicación
      Argentina
      Mensajes
      7
      Hola Daniela, gracias por responder.

      Ahi va el de malwarebytes de nuevo pero ya habiendo eliminado:

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 18/5/17
      Hora del análisis: 11:23
      Archivo de registro: malware.txt
      Administrador: Sí

      -Información del software-
      Versión: 3.1.2.1733
      Versión de los componentes: 1.0.122
      Versión del paquete de actualización: 1.0.1964
      Licencia: Gratis

      -Información del sistema-
      SO: Windows 10
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: DESKTOP-I75C32L\DELL

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 372538
      Amenazas detectadas: 904
      Amenazas en cuarentena: 904
      Tiempo transcurrido: 2 min, 53 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Activado
      PUM: Activado

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 5
      Adware.Ghokswa, HKU\S-1-5-21-1725805020-1347050944-845805920-1001\SOFTWARE\Hotleaf, Se eliminará al reiniciar, [321], [399771],1.0.1964
      Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\swpvr, Se eliminará al reiniciar, [2], [399784],1.0.1964
      PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinSAPSvc, Se eliminará al reiniciar, [8], [339887],1.0.1964
      Adware.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Milimili, Se eliminará al reiniciar, [2], [364096],1.0.1964
      Adware.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B9C1178E-94FE-497E-A3CC-D57492045798}, Se eliminará al reiniciar, [2], [364093],1.0.1964

      Valor del registro: 2
      Adware.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B9C1178E-94FE-497E-A3CC-D57492045798}|PATH, Se eliminará al reiniciar, [2], [364093],1.0.1964
      Adware.Ghokswa, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{31551085-FF70-413E-AD7A-FB224EF4A917}, Se eliminará al reiniciar, [321], [399769],1.0.1964

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 247
      Adware.Elex, C:\USERS\DELL\APPDATA\ROAMING\WinSAPSvc, Se eliminará al reiniciar, [2], [375592],1.0.1964
      Adware.Elex, C:\Program Files (x86)\Ckudalycotaied\_ALLOWDEL_257a0e, Se eliminará al reiniciar, [2], [395411],1.0.1964
      Adware.Elex, C:\PROGRAM FILES (X86)\Ckudalycotaied, Se eliminará al reiniciar, [2], [395411],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Service Worker\CacheStorage\8badad2e6790a6b70e3a0cda3f5e40a8d0306fd8\e3a92322-0222-42df-805d-a77649d41643\index-dir, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Service Worker\CacheStorage\8badad2e6790a6b70e3a0cda3f5e40a8d0306fd8\e3a92322-0222-42df-805d-a77649d41643, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QTV334YG\macromedia.com\support\flashplayer\sys, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QTV334YG\macromedia.com\support\flashplayer, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QTV334YG\macromedia.com\support, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QTV334YG\macromedia.com, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt_PT, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt_BR, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\zh_TW, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fil, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\th, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\bn, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\bg, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ar, Se eliminará al reiniciar, [321], [399768],1.0.1964

      .........................//..............................

      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\CertificateTransparency\389\_platform_specific, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\data_reduction_proxy_leveldb, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Service Worker\CacheStorage, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Pepper Data\Shockwave Flash, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Service Worker\ScriptCache, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Storage\ext\chrome-signin, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Local Extension Settings, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Service Worker\Database, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Sync Extension Settings, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\File System\000\t\Paths, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Subresource Filter\Indexed Rules\11\7.54, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Platform Notifications, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Subresource Filter\Unindexed Rules\7.54, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\pnacl\0.57.44.2492\_platform_specific, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\File System\Origins, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\EVWhitelist\7\_platform_specific\all, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Application Cache, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Subresource Filter\Indexed Rules\11, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\File System\000\t, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Web Applications, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\JumpListIconsOld, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Subresource Filter\Unindexed Rules, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\File System\000, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Extension Rules, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Session Storage, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Extension State, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Service Worker, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Subresource Filter\Indexed Rules, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\EVWhitelist\7\_platform_specific, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Local Storage, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\JumpListIcons, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\blob_storage, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Media Cache, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\File System, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Storage\ext, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Pepper Data, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Extensions, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\pnacl\0.57.44.2492\_metadata, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\IndexedDB, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\CertificateTransparency\389, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\databases, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\GPUCache, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Storage, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\EVWhitelist\7\_metadata, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\CertificateTransparency, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ChromeDefaultData\Cache, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\PepperFlash\25.0.0.171, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\PnaclTranslationCache, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\ShaderCache\GPUCache, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\FileTypePolicies\11, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\SSLErrorAssistant\3, Se eliminará al reiniciar, [321], [399768],1.0.1964


      .........................//..............................


      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\EVWhitelist, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Crashpad, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\pnacl, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Elex.Generic, C:\USERS\DELL\APPDATA\LOCAL\CSHMDR, Se eliminará al reiniciar, [1091], [396974],1.0.1964
      Adware.Elex, C:\WINDOWS\PSGO, Se eliminará al reiniciar, [2], [399762],1.0.1964

      Archivo: 650
      Adware.Elex, C:\USERS\DELL\APPDATA\ROAMING\WINSAPSVC\WINSAP.DLL, Se eliminará al reiniciar, [2], [375592],1.0.1964
      Adware.Elex, C:\PROGRAMDATA\BIT\BIT.DLL, Se eliminará al reiniciar, [2], [399758],1.0.1964
      Adware.Elex, C:\Program Files (x86)\Ckudalycotaied\_ALLOWDEL_257a0e\44, Se eliminará al reiniciar, [2], [395411],1.0.1964
      Adware.Elex, C:\Program Files (x86)\Ckudalycotaied\_ALLOWDEL_257a0e\55, Se eliminará al reiniciar, [2], [395411],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\CertificateTransparency\389\_platform_specific\all\sths\03019df3fd85a69a8ebd1facc6da9ba73e469774fe77f579fc5a08b8328c1d6b.sth, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\CertificateTransparency\389\_platform_specific\all\sths\293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478.sth, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\CertificateTransparency\389\_platform_specific\all\sths\34bb6ad6c3df9c03eea8a499ff7891486c9d5e5cac92d01f7bfd1bce19db48ef.sth, Se eliminará al reiniciar, [321], [399768],1.0.1964

      .............//................

      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Safe Browsing Download, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Safe Browsing Download Whitelist, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Safe Browsing Extension Blacklist, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Safe Browsing IP Blacklist, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Safe Browsing Module Whitelist, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Safe Browsing Resource Blacklist, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Safe Browsing UwS List, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Safe Browsing UwS List Prefix Set, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Local State, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Ghokswa, C:\Users\DELL\AppData\Local\Hotleaf\User Data\Safe Browsing Bloom, Se eliminará al reiniciar, [321], [399768],1.0.1964
      Adware.Elex, C:\USERS\DELL\APPDATA\LOCAL\TEMP\~BK8383.TMP, Se eliminará al reiniciar, [2], [399758],1.0.1964
      Adware.Elex, C:\WINDOWS\SYSTEM32\TASKS\MILIMILI, Se eliminará al reiniciar, [2], [364099],1.0.1964
      Adware.Elex.Generic, C:\USERS\DELL\APPDATA\LOCAL\CSHMDR\Snare.dll, Se eliminará al reiniciar, [1091], [396974],1.0.1964
      Adware.Elex, C:\PROGRAMDATA\MICROSOFT\SOFTWARE\SHADOW\PROVIDER.DLL, Se eliminará al reiniciar, [2], [399783],1.0.1964
      Adware.Elex, C:\WINDOWS\PSGO\PSGO.PS1, Se eliminará al reiniciar, [2], [399762],1.0.1964

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)


      adcleaner despues de borrar

      # AdwCleaner v6.046 - Archivo de registro creado 18/05/2017 en 11:30:13
      # Actualizado en 24/04/2017 por Malwarebytes
      # Base de datos : 2017-05-17.1 [Local]
      # Sistema Operativo : Windows 10 Pro (X64)
      # Nombre de usuario : DELL - DESKTOP-I75C32L
      # Ejecutado desde : C:\Users\DELL\Desktop\AdwCleaner.exe
      # Modo: Limpiar
      # Soporte : https://www.malwarebytes.com/support



      ***** [ Servicios ] *****

      [-] Servicio eliminado: WinSAPSvc
      [-] Servicio eliminado: BIT


      ***** [ Carpetas ] *****

      [-] Carpeta eliminada: C:\ProgramData\BIT


      ***** [ Archivos ] *****



      ***** [ DLL ] *****



      ***** [ WMI ] *****



      ***** [ Accesos directos ] *****



      ***** [ Tareas programadas ] *****



      ***** [ Registro ] *****

      [-] Llave eliminada: HKLM\SOFTWARE\ScreenShot
      [-] Llave eliminada: [x64] HKLM\SOFTWARE\InterSect Alliance
      [-] Valor borrado: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
      [-] Valor borrado: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]


      ***** [ Navegadores ] *****

      [-] [C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Eliminado: mystarting123


      *************************

      :: Llaves "Tracing" eliminadas
      :: Se han borrado los ajustes de Winsock

      *************************

      C:\AdwCleaner\AdwCleaner[C0].txt - [3101 Bytes] - [17/05/2017 11:53:18]
      C:\AdwCleaner\AdwCleaner[C2].txt - [1216 Bytes] - [17/05/2017 11:57:21]
      C:\AdwCleaner\AdwCleaner[C3].txt - [1464 Bytes] - [17/05/2017 13:38:38]
      C:\AdwCleaner\AdwCleaner[C4].txt - [1670 Bytes] - [17/05/2017 15:39:33]
      C:\AdwCleaner\AdwCleaner[C5].txt - [2297 Bytes] - [18/05/2017 09:14:07]
      C:\AdwCleaner\AdwCleaner[C6].txt - [1694 Bytes] - [18/05/2017 11:30:13]
      C:\AdwCleaner\AdwCleaner[S0].txt - [2964 Bytes] - [17/05/2017 11:51:38]
      C:\AdwCleaner\AdwCleaner[S1].txt - [1503 Bytes] - [17/05/2017 11:57:12]
      C:\AdwCleaner\AdwCleaner[S2].txt - [1667 Bytes] - [17/05/2017 1200]
      C:\AdwCleaner\AdwCleaner[S3].txt - [1756 Bytes] - [17/05/2017 13:38:27]
      C:\AdwCleaner\AdwCleaner[S4].txt - [1919 Bytes] - [17/05/2017 15:29:21]
      C:\AdwCleaner\AdwCleaner[S5].txt - [2032 Bytes] - [17/05/2017 15:54:31]
      C:\AdwCleaner\AdwCleaner[S6].txt - [2105 Bytes] - [17/05/2017 16:03:48]
      C:\AdwCleaner\AdwCleaner[S7].txt - [2450 Bytes] - [18/05/2017 09:13:42]
      C:\AdwCleaner\AdwCleaner[S8].txt - [2324 Bytes] - [18/05/2017 09:42:25]
      C:\AdwCleaner\AdwCleaner[S9].txt - [2678 Bytes] - [18/05/2017 11:29:57]

      ########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [2497 Bytes] ##########
      Última edición por @Javier_HF fecha: 18/05/17 a las 11:38:19 Razón: Reduciendo....... para NO saturar.

    4. #4
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.832

      Re: Luckysites, zoohair y demases. No paran de regenerarse aun en modo seguro.

      Hola

      Descarga Farbar Recovery Scan Tool segun la arquitectura de tu sistema (32 o 64 bits)

      • La guardas en el escritorio >> Esto es muy importante..
      • Doble clic para ejecutar Frst.exe. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • En la ventana del Disclaimer, presiona Yes.

      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.


      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de WolFran
      Registrado
      may 2017
      Ubicación
      Argentina
      Mensajes
      7
      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
      Ran by DELL (18-05-2017 12:51:11)
      Running from C:\Users\DELL\Desktop
      Windows 10 Pro (X64) (2017-04-17 14:07:45)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-1725805020-1347050944-845805920-500 - Administrator - Disabled)
      DefaultAccount (S-1-5-21-1725805020-1347050944-845805920-503 - Limited - Disabled)
      DELL (S-1-5-21-1725805020-1347050944-845805920-1001 - Administrator - Enabled) => C:\Users\DELL
      Invitado (S-1-5-21-1725805020-1347050944-845805920-501 - Limited - Disabled)

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
      AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
      FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      .NET Core SDK 1.0.3 (x64) (HKLM-x32\...\{e7cceb0a-317e-4e02-a41f-207fbf9bf632}) (Version: 1.0.3 - Microsoft Corporation)
      .NET Core SDK 1.0.3 (x64) (Version: 4.0.54117 - Microsoft Corporation) Hidden
      Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
      Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
      AlphaGo (HKLM-x32\...\{2C652C0A-EC71-4797-8077-F67649177AB0}) (Version: 1.0.2 - Default Company Name)
      AlphaGo (HKLM-x32\...\{9CDB618D-4F02-4CAD-B743-89677FE7ADE9}) (Version: 1.2.3 - AlphaGo)
      Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
      Application Verifier x64 External Package (Version: 10.1.15063.137 - Microsoft) Hidden
      Aseprite (HKLM\...\Steam App 431730) (Version: - David Capello)
      Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
      Biblioteca de autenticación de AD para SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
      Blender 2.78 (HKLM\...\Steam App 365670) (Version: - Blender Foundation)
      CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
      ClickOnce Bootstrapper Package for Microsoft .NET Framework (x32 Version: 4.6.01590 - Microsoft Corporation) Hidden
      DiagnosticsHub_CollectionService (Version: 15.0.26208 - Microsoft Corporation) Hidden
      Entity Framework 6.1.3 Tools for Visual Studio 15 (x32 Version: 6.1.60104.0 - Microsoft Corporation) Hidden
      GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
      Git version 2.10.2 (HKLM\...\Git_is1) (Version: 2.10.2 - The Git Development Community)
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
      Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
      Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
      icecap_collection_neutral (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      icecap_collection_x64 (Version: 15.0.26208 - Microsoft Corporation) Hidden
      icecap_collectionresources (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      icecap_collectionresourcesx64 (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      IIS 10.0 Express (HKLM\...\{0148E8AA-4A50-4673-B532-DB9F30F804BE}) (Version: 10.0.1737 - Microsoft Corporation)
      IIS Express Application Compatibility Database for x64 (Version: - ) Hidden
      IIS Express Application Compatibility Database for x86 (Version: - ) Hidden
      Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
      Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      IntelliTraceProfilerProxy (x32 Version: 15.0.24.0 - Microsoft Corporation) Hidden
      Java SE Development Kit 8 Update 112 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180112}) (Version: 8.0.1120.15 - Oracle Corporation)
      Java SE Development Kit 8 Update 112 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180112}) (Version: 8.0.1120.15 - Oracle Corporation)
      Kits Configuration Installer (x32 Version: 10.1.15063.137 - Microsoft) Hidden
      Malwarebytes versión 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
      Maxx Audio Installer (x64) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
      Microsoft Azure Authoring Tools - v2.9.5.2 (HKLM\...\{8EDF1CB5-F95D-4D6F-916F-5F7D52216221}) (Version: 2.9.8599.18 - Microsoft Corporation)
      Microsoft Azure Compute Emulator - v2.9.5.2 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.2) (Version: 2.9.8599.18 - Microsoft Corporation)
      Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
      Microsoft Azure Mobile App SDK V2.0 (HKLM-x32\...\{829D812B-3F25-4E8B-B1DF-1AD09164684C}) (Version: 2.0.50130.0 - Microsoft Corporation)
      Microsoft Azure PowerShell - September 2016 (HKLM-x32\...\{CB3F8A12-1570-4964-8206-17274AB9EF4D}) (Version: 2.1.0 - Microsoft Corporation)
      Microsoft Azure Storage Emulator - v5.0 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.0) (Version: 5.0.1717.1622 - Microsoft Corporation)
      Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
      Microsoft OneDrive (HKU\S-1-5-21-1725805020-1347050944-845805920-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
      Microsoft SQL Server 2012 Native Client (HKLM\...\{15A835D2-48C4-4C13-8D7F-C2742104D2D1}) (Version: 11.3.6518.0 - Microsoft Corporation)
      Microsoft SQL Server 2016 LocalDB (HKLM\...\{B23A260A-2259-4D41-B6D4-7D621A697A5E}) (Version: 13.0.1601.5 - Microsoft Corporation)
      Microsoft System CLR Types para SQL Server 2016 (HKLM\...\{1F750C2E-35AA-4B52-866E-08943C5E8361}) (Version: 13.0.1601.5 - Microsoft Corporation)
      Microsoft System CLR Types para SQL Server 2016 (HKLM-x32\...\{D3B9EAC7-D4D3-4897-8252-F4BBFA51B724}) (Version: 13.0.1601.5 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
      Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
      Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
      Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.9.30413.1 - Microsoft Corporation)
      Microsoft Web Deploy 3.6 (HKLM\...\{5CB4DD27-6252-4C08-BFCF-22F6A110CBFA}) (Version: 10.0.1972 - Microsoft Corporation)
      MSI Development Tools (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
      Paquete acumulativo de Intellisense de Microsoft .NET Framework para Visual Studio (español) (x32 Version: 4.6.01604 - Microsoft Corporation) Hidden
      Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6105 - Realtek Semiconductor Corp.)
      REAPER (x64) (HKLM\...\REAPER) (Version: - )
      SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
      SDK de Microsoft .NET Framework 4.6.1 (español) (x32 Version: 4.6.01055 - Microsoft Corporation) Hidden
      Spotify (HKU\S-1-5-21-1725805020-1347050944-845805920-1001\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
      sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (x32 Version: 15.0.26112 - Microsoft Corporation) Hidden
      sptools_Microsoft.VisualStudio.Vsto.Msi (x32 Version: 15.0.26112 - Microsoft Corporation) Hidden
      sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (x32 Version: 15.0.26112 - Microsoft Corporation) Hidden
      sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (x32 Version: 15.0.26112 - Microsoft Corporation) Hidden
      Starbound (HKLM\...\Steam App 211820) (Version: - )
      Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
      TypeScript Power Tool (x32 Version: 2.1.5.0 - Microsoft Corporation) Hidden
      Unity (HKLM-x32\...\Unity) (Version: 5.4.0f3 - Unity Technologies ApS)
      Universal CRT Extension SDK (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      Universal CRT Headers Libraries and Sources (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      Universal CRT Redistributable (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      Universal CRT Tools x64 (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      Universal CRT Tools x86 (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      Universal General MIDI DLS Extension SDK (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
      vcpp_crt.redist.clickonce (x32 Version: 14.10.25008 - Microsoft Corporation) Hidden
      VS Immersive Activate Helper (x32 Version: 16.0.59.0 - Microsoft Corporation) Hidden
      VS JIT Debugger (Version: 16.0.59.0 - Microsoft Corporation) Hidden
      VS Script Debugging Common (Version: 16.0.59.0 - Microsoft Corporation) Hidden
      VS WCF Debugging (Version: 16.0.59.0 - Microsoft Corporation) Hidden
      vs_BlendMsi (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_clickoncebootstrappermsi (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_clickoncebootstrappermsires (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_clickoncesigntoolmsi (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_codecoveragemsi (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_codeduitestframeworkmsi (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_communitymsi (x32 Version: 15.0.26323 - Microsoft Corporation) Hidden
      vs_communitymsires (x32 Version: 15.0.26228 - Microsoft Corporation) Hidden
      vs_cuitcommoncoremsi (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_cuitextensionmsi (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_cuitextensionmsi_x64 (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_devenvmsi (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_enterprisemsi (x32 Version: 15.0.26228 - Microsoft Corporation) Hidden
      vs_filehandler_amd64 (x32 Version: 15.0.26228 - Microsoft Corporation) Hidden
      vs_filehandler_x86 (x32 Version: 15.0.26228 - Microsoft Corporation) Hidden
      vs_FileTracker_Singleton (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_Graphics_Singletonx64 (Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_Graphics_Singletonx86 (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_minshellinteropmsi (x32 Version: 15.0.26301 - Microsoft Corporation) Hidden
      vs_minshellmsi (x32 Version: 15.0.26315 - Microsoft Corporation) Hidden
      vs_minshellmsires (x32 Version: 15.0.26228 - Microsoft Corporation) Hidden
      vs_networkemulationmsi_x64 (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_professionalmsi (x32 Version: 15.0.26228 - Microsoft Corporation) Hidden
      vs_SQLClickOnceBootstrappermsi (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      vs_tipsmsi (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
      WinAppDeploy (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      Windows SDK AddOn (HKLM-x32\...\{30DCCFB4-068F-4C5C-BC10-5ECDCAEE55D4}) (Version: 10.1.0.0 - Microsoft Corporation)
      Windows Software Development Kit - Windows 10.0.15063.137 (HKLM-x32\...\{a07b4a01-ca27-4e28-9353-f325a308f128}) (Version: 10.1.15063.137 - Microsoft Corporation)
      WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
      WinRT Intellisense Desktop - en-us (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      WinRT Intellisense IoT - en-us (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      WinRT Intellisense PPI - en-us (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      WinRT Intellisense UAP - en-us (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.15063.137 - Microsoft Corporation) Hidden
      Workflow Manager Client 1.0 (Version: 2.0.50408.1 - Microsoft Corporation) Hidden
      Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.61026.0 - Microsoft Corporation) Hidden

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {30940015-FEF1-4307-93AB-AB1F07AAFE66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-21] (Google Inc.)
      Task: {32CD6C55-B9B4-412D-91E2-2E0D062E66E9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-06] (AVAST Software)
      Task: {398D4BC4-8F1C-4C85-91D7-2512D26B96F0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-05-02] ()
      Task: {3B4D07B9-EB8E-4EEA-A7CE-9D7700A5CB7F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-05-06] (AVAST Software)
      Task: {46E419FE-6038-4392-9A01-93AFA2FE729E} - \Jmuchcagash -> No File <==== ATTENTION
      Task: {478FE3CD-8009-442C-9338-FB0E39FEEF60} - System32\Tasks\Cpiphnequk Update => C:\Program Files (x86)\Ckudalycotaied\pokech.exe
      Task: {722272C3-8CA1-447D-99C4-47F20D8B9959} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-21] (Google Inc.)
      Task: {7376E0FC-0834-4C19-ACF7-BADBC084AEBC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
      Task: {7A8CDD0D-B563-46F4-9D6E-55411C560CA8} - System32\Tasks\{659BD3DC-F5B8-4F91-95BB-C720E85BA22A} => pcalua.exe -a C:\Users\DELL\Downloads\REAPER_KeyGen.exe -d C:\Users\DELL\Downloads
      Task: {8E4E2590-7F77-485C-8E27-BDBCD2A500A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-10] (Piriform Ltd)
      Task: {924C6533-8570-4BEC-9FE5-29728B98FA60} - System32\Tasks\SafeZone scheduled Autoupdate 1494118766 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

      ==================== Shortcuts =============================

      (The entries could be listed to be restored or removed.)

      ==================== Loaded Modules (Whitelisted) ==============

      2015-07-10 08:00 - 2015-07-10 08:00 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
      2015-07-10 07:59 - 2015-07-10 07:59 - 00403968 _____ () C:\Windows\System32\diagtrack_wininternal.dll
      2015-07-10 08:00 - 2015-07-10 08:00 - 02498296 _____ () C:\Windows\system32\CoreUIComponents.dll
      2015-07-10 08:00 - 2015-07-10 08:00 - 02498296 _____ () C:\Windows\System32\CoreUIComponents.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00401912 _____ () C:\Windows\system32\igfxTray.exe
      2015-07-10 07:59 - 2015-07-10 07:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
      2015-07-10 08:00 - 2015-07-10 13:34 - 06579712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
      2015-07-10 08:00 - 2015-07-10 13:34 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
      2015-07-10 08:00 - 2015-07-10 13:34 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
      2017-05-03 01:11 - 2017-05-01 22:03 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\libglesv2.dll
      2017-05-03 01:11 - 2017-05-01 22:03 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\libegl.dll
      2015-07-10 08:00 - 2015-07-10 13:34 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
      2015-07-10 08:00 - 2015-07-10 13:34 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
      2017-05-06 22:07 - 2017-05-06 22:07 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
      2017-05-06 22:07 - 2017-05-06 22:07 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
      2017-05-06 22:07 - 2017-05-06 22:07 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
      2017-05-06 22:07 - 2017-05-06 22:07 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
      2017-05-06 22:07 - 2017-05-06 22:07 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
      2017-05-06 22:07 - 2017-05-06 22:07 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
      2017-05-06 22:07 - 2017-05-06 22:07 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
      2017-05-04 01:24 - 2017-03-09 21:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
      2017-05-04 01:24 - 2016-08-31 22:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
      2017-05-04 01:24 - 2017-04-25 20:55 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
      2017-05-04 01:24 - 2016-01-27 04:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
      2017-05-04 01:24 - 2016-01-27 04:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
      2017-05-04 01:24 - 2016-01-27 04:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
      2017-05-04 01:24 - 2016-01-27 04:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
      2017-05-04 01:24 - 2016-01-27 04:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
      2017-05-04 01:24 - 2016-08-31 22:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
      2017-05-04 01:24 - 2016-08-31 22:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
      2017-05-04 01:24 - 2017-04-25 20:55 - 00848672 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
      2017-05-04 01:24 - 2016-07-04 19:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
      2017-05-04 01:25 - 2017-01-30 18:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
      2017-05-04 01:24 - 2017-04-25 20:55 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
      2017-05-04 01:24 - 2015-09-24 20:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2015-07-10 08:04 - 2015-07-10 08:02 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-1725805020-1347050944-845805920-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
      DNS Servers: 200.42.4.198 - 200.49.130.41
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      HKLM\...\StartupApproved\Run: => "WavesSvc"
      HKU\S-1-5-21-1725805020-1347050944-845805920-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [TCP Query User{B6650937-1207-4288-8968-D98EF6A70299}C:\users\dell\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dell\appdata\roaming\spotify\spotify.exe
      FirewallRules: [UDP Query User{631445A2-5078-482A-BACB-033E34E2E7E3}C:\users\dell\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dell\appdata\roaming\spotify\spotify.exe
      FirewallRules: [TCP Query User{15FA757C-C6A6-4D47-9C55-7775A4F063A5}C:\users\dell\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dell\appdata\roaming\spotify\spotify.exe
      FirewallRules: [UDP Query User{6FC0D157-B51F-4EC0-9235-3DCB13A1F437}C:\users\dell\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dell\appdata\roaming\spotify\spotify.exe
      FirewallRules: [{EA134837-50CD-41D3-81BD-0016407281BD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      FirewallRules: [{41E63C7B-6A74-4A21-8E4D-094A118523CD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{F97AF4C7-3470-4676-906A-85B45185ED27}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{28474A2A-2CB0-4815-B5EE-799CAC31144A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{39580924-D7C3-46D4-BC5A-E82640D05313}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{AB29E95A-85A1-4236-8661-4CF8A5062FBD}] => (Allow) LPort=12292
      FirewallRules: [TCP Query User{D0283C42-C97C-4A27-821F-BB4D40893F0D}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
      FirewallRules: [UDP Query User{86729A3A-38E4-4ADB-9120-F6C0F6516B66}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
      FirewallRules: [{363F2E5A-4233-462B-AF49-D24BCCD24EFB}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
      FirewallRules: [{6A58C6F9-823A-40CD-97FB-FA202C2E9A94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aseprite\Aseprite.exe
      FirewallRules: [{5D18D918-8FC9-4802-BF68-2822ACC53D2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aseprite\Aseprite.exe
      FirewallRules: [{C6E252F5-EE3E-4E75-98BD-72EDFB99C90C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blender\blender.exe
      FirewallRules: [{12CCB748-3664-40F4-A60B-832A4F6726B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blender\blender.exe
      FirewallRules: [{5B2D95CB-80D2-476C-A0AC-5F688BD9EF66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
      FirewallRules: [{B50B4A7F-580D-43FB-8107-7EA8FA3143C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
      FirewallRules: [{6816F121-6D89-4044-B436-A61EC25E718B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
      FirewallRules: [{F449744E-1EBB-470E-8A18-DC7AF1BF9703}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
      FirewallRules: [{477606E8-101B-4983-8C91-EEE7CBC0DF36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
      FirewallRules: [{5EC02A24-2A9D-4A34-AA00-B45276DBDF38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
      FirewallRules: [{11CFB511-3EAA-458B-AEC3-DF862556F5AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
      FirewallRules: [{8392C254-1DF0-4AB8-99DD-17624518E733}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe

      ==================== Restore Points =========================

      04-05-2017 08:44:45 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
      06-05-2017 23:04:15 Avast Cleanup
      16-05-2017 09:30:21 Removed AlphaGo
      18-05-2017 09:27:05 JRT Pre-Junkware Removal

      ==================== Faulty Device Manager Devices =============

      Name: Broadcom USH
      Description: Broadcom USH
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      Name:
      Description:
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      Name: Controladora de bus SM
      Description: Controladora de bus SM
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      Name:
      Description:
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      Name:
      Description:
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (05/18/2017 11:23:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-I75C32L)
      Description: No se pudo activar la aplicación Microsoft.Getstarted_2.1.9.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca debido al error: -2144927149. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

      Error: (05/18/2017 11:22:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-I75C32L)
      Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

      Error: (05/18/2017 09:27:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
      Description: El programa SearchUI.exe, versión 10.0.10240.16384, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

      Identificador de proceso: 141c

      Hora de inicio: 01d2cfd06664c9d0

      Hora de finalización: 4294967295

      Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

      Identificador de informe: 54603ace-3bc5-11e7-9be9-34e6d752ea74

      Nombre completo de paquete con errores: Microsoft.Windows.Cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewy

      Identificador de aplicación relativa del paquete con errores: CortanaUI

      Error: (05/18/2017 09:27:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
      Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

      Details:
      AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

      System Error:
      Acceso denegado.
      .

      Error: (05/17/2017 07:02:14 PM) (Source: ESENT) (EventID: 413) (User: )
      Description: SettingSyncHost (4288) No se puede crear un nuevo archivo de registro, la base de datos no puede escribir en la unidad de registro. Puede que la unidad sea de sólo lectura, no tenga espacio disponible, esté incorrectamente configurada o esté dañada. Error -1032.

      Error: (05/17/2017 07:02:14 PM) (Source: ESENT) (EventID: 488) (User: )
      Description: SettingSyncHost (4288) Al intentar crear el archivo "C:\Windows\system32\edbtmp.log" se produjo el error de sistema 5 (0x00000005): "Acceso denegado. ". La operación de creación del archivo se cerrará con el error -1032 (0xfffffbf8).

      Error: (05/17/2017 07:02:04 PM) (Source: ESENT) (EventID: 413) (User: )
      Description: SettingSyncHost (4288) No se puede crear un nuevo archivo de registro, la base de datos no puede escribir en la unidad de registro. Puede que la unidad sea de sólo lectura, no tenga espacio disponible, esté incorrectamente configurada o esté dañada. Error -1032.

      Error: (05/17/2017 07:02:04 PM) (Source: ESENT) (EventID: 488) (User: )
      Description: SettingSyncHost (4288) Al intentar crear el archivo "C:\Windows\system32\edbtmp.log" se produjo el error de sistema 5 (0x00000005): "Acceso denegado. ". La operación de creación del archivo se cerrará con el error -1032 (0xfffffbf8).

      Error: (05/17/2017 07:01:53 PM) (Source: ESENT) (EventID: 413) (User: )
      Description: SettingSyncHost (4288) No se puede crear un nuevo archivo de registro, la base de datos no puede escribir en la unidad de registro. Puede que la unidad sea de sólo lectura, no tenga espacio disponible, esté incorrectamente configurada o esté dañada. Error -1032.

      Error: (05/17/2017 07:01:53 PM) (Source: ESENT) (EventID: 488) (User: )
      Description: SettingSyncHost (4288) Al intentar crear el archivo "C:\Windows\system32\edbtmp.log" se produjo el error de sistema 5 (0x00000005): "Acceso denegado. ". La operación de creación del archivo se cerrará con el error -1032 (0xfffffbf8).


      System errors:
      =============
      Error: (05/18/2017 11:32:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Servicio de Google Update (gupdate) no pudo iniciarse debido al siguiente error:
      El sistema no puede encontrar el archivo especificado.

      Error: (05/18/2017 11:30:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
      Description: El servicio CSHMDR se cerró con el siguiente error:
      No se puede encontrar el módulo especificado.

      Error: (05/18/2017 11:30:35 AM) (Source: sptd) (EventID: 4) (User: )
      Description: El controlador detectó un error interno en la estructura de datos de .

      Error: (05/18/2017 11:30:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Malwarebytes Service depende del servicio Instrumental de administración de Windows, el cual no pudo iniciarse debido al siguiente error:
      Se está cerrando el sistema.

      Error: (05/18/2017 11:30:17 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
      Description: Error de DCOM "1084" al intentar iniciar el servicio dps con argumentos "No disponible" para ejecutar el servidor:
      {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

      Error: (05/18/2017 11:30:17 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
      Description: Error de DCOM "1084" al intentar iniciar el servicio dps con argumentos "No disponible" para ejecutar el servidor:
      {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

      Error: (05/18/2017 11:30:16 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-I75C32L)
      Description: Error de DCOM "1084" al intentar iniciar el servicio BITS con argumentos "No disponible" para ejecutar el servidor:
      {4991D34B-80A1-4291-83B6-3328366B9097}

      Error: (05/18/2017 11:30:16 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-I75C32L)
      Description: Error de DCOM "1084" al intentar iniciar el servicio BITS con argumentos "No disponible" para ejecutar el servidor:
      {4991D34B-80A1-4291-83B6-3328366B9097}

      Error: (05/18/2017 11:30:16 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-I75C32L)
      Description: Error de DCOM "1084" al intentar iniciar el servicio BITS con argumentos "No disponible" para ejecutar el servidor:
      {4991D34B-80A1-4291-83B6-3328366B9097}

      Error: (05/18/2017 11:30:16 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-I75C32L)
      Description: Error de DCOM "1084" al intentar iniciar el servicio BITS con argumentos "No disponible" para ejecutar el servidor:
      {4991D34B-80A1-4291-83B6-3328366B9097}


      CodeIntegrity:
      ===================================
      Date: 2017-05-14 17:01:24.617
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-05-10 10:41:44.240
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-05-07 15:00:31.339
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-05-07 14:56:34.562
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-05-07 14:55:37.043
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-05-07 14:55:32.569
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-05-07 14:50:11.859
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-05-07 14:28:19.372
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-05-07 14:23:45.902
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-05-07 14:03:06.144
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz
      Percentage of memory in use: 30%
      Total physical RAM: 8080.52 MB
      Available physical RAM: 5655.95 MB
      Total Virtual: 9360.52 MB
      Available Virtual: 7020.7 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:237.98 GB) (Free:179.19 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: BBB5CFCD)
      Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

    6. #6
      Usuario Avatar de WolFran
      Registrado
      may 2017
      Ubicación
      Argentina
      Mensajes
      7
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
      Ran by DELL (administrator) on DESKTOP-I75C32L (18-05-2017 12:50:48)
      Running from C:\Users\DELL\Desktop
      Loaded Profiles: DELL (Available Profiles: DELL)
      Platform: Windows 10 Pro (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
      (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
      (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
      (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      () C:\Windows\System32\igfxTray.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Spotify Ltd) C:\Users\DELL\AppData\Roaming\Spotify\SpotifyWebHelper.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
      (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Registry (Whitelisted) ====================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8861944 2017-04-21] (Realtek Semiconductor)
      HKLM\...\Run: [WavesSvc] => c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-06] (AVAST Software)
      HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
      HKU\S-1-5-21-1725805020-1347050944-845805920-1001\...\Run: [Spotify Web Helper] => C:\Users\DELL\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-22] (Spotify Ltd)
      HKU\S-1-5-21-1725805020-1347050944-845805920-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation)
      HKU\S-1-5-21-1725805020-1347050944-845805920-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
      HKU\S-1-5-21-1725805020-1347050944-845805920-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
      HKU\S-1-5-21-1725805020-1347050944-845805920-1001\...\MountPoints2: {f7e47276-2b40-11e7-9bc6-34e6d752ea74} - "D:\setup.exe"
      IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
      IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
      ShellExecuteHooks: No Name - {800BE1C8-294B-11E7-BDA5-64006A5CFC35} - -> No File
      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-06] (AVAST Software)
      GroupPolicyScripts: Restriction <======= ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 200.42.4.198 200.49.130.41
      Tcpip\..\Interfaces\{08aabd51-fc36-407e-a4f2-bd6668a52b26}: [DhcpNameServer] 200.42.4.198 200.49.130.41

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
      SearchScopes: HKU\S-1-5-21-1725805020-1347050944-845805920-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =

      Edge:
      ======
      Edge HomeButtonPage: HKU\S-1-5-21-1725805020-1347050944-845805920-1001 -> hxxp://www.google.com

      FireFox:
      ========
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-05-06] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-05-06] ()
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

      Chrome:
      =======
      CHR DefaultProfile: ChromeDefaultData
      CHR DefaultSearchURL: ChromeDefaultData -> hxxps://www.google.com.ar/?gfe_rd=cr&ei=sgYJWZXvHovX8gfqwr2YBg&gws_rd=ssl
      CHR Profile: C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-18] <==== ATTENTION
      CHR Extension: (Google Docs) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-21]
      CHR Extension: (Adobe Acrobat) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-12]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-21]
      CHR Extension: (Chrome Media Router) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-06] (AVAST Software s.r.o.)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-06] (AVAST Software)
      R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-05-06] (AVAST Software)
      S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-05-05] (Microsoft Corporation)
      R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1392792 2017-04-21] (Intel Corporation)
      R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373760 2017-04-21] (Intel Corporation)
      R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-03-30] (Microsoft Corporation)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
      S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-13] (Microsoft Corporation) [File not signed]
      S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation)
      R2 WavesSysSvc; c:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
      S2 CSHMDR; C:\Users\DELL\AppData\Local\CSHMDR\Snare.dll [X]

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-06] (AVAST Software s.r.o.)
      R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-06] (AVAST Software s.r.o.)
      R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-06] (AVAST Software s.r.o.)
      R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-06] (AVAST Software s.r.o.)
      S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-06] (AVAST Software)
      R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-06] (AVAST Software)
      R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-06] (AVAST Software)
      R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [507928 2017-05-06] (AVAST Software)
      R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-06] (AVAST Software)
      R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-06] (AVAST Software)
      R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-06] (AVAST Software)
      R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-06] (AVAST Software)
      R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
      R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-06] (AVAST Software)
      R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2017-04-21] (OSR Open Systems Resources, Inc.)
      R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55784 2017-04-21] (Intel Corporation)
      R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [52200 2017-04-21] (Intel Corporation)
      S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-04-27] (Disc Soft Ltd)
      R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [547840 2017-04-21] (Intel Corporation)
      R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [260072 2017-04-21] (Intel Corporation)
      R3 IntcAzAudAddService; C:\Windows\system32\drivers\RTDVHD64.sys [2686200 2017-04-21] (Realtek Semiconductor Corp.)
      R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [88256 2017-04-21] (Intel Corporation)
      R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-18] (Malwarebytes)
      R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)
      S0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2017-04-27] (Duplex Secure Ltd.)
      S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
      S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
      S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
      S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
      S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

      ========================== Drivers MD5 =======================

      C:\Windows\System32\drivers\1394ohci.sys 22CE801AD25C51E2553F41A076BB0CB2
      C:\Windows\System32\drivers\3ware.sys 2C49A2441EBB24C6ACFB524C1459115F
      C:\Windows\System32\drivers\ACPI.sys 862C26ABD7140AF3963B3B9905EE6440
      C:\Windows\System32\Drivers\acpiex.sys 1E3C4EDBB7F3F668B7205E351010BB79
      C:\Windows\System32\drivers\acpipagr.sys 13B1C26AEDCB40082CDD97506F968129
      C:\Windows\System32\drivers\acpipmi.sys B3D64FF927D611721DA73A61BF3A18B3
      C:\Windows\System32\drivers\acpitime.sys 19F793B2203D94AC1F8AEDB08B494E2E
      C:\Windows\System32\drivers\ADP80XX.SYS 2A24E10C1A1DE0E0035E353EED494A1C
      C:\Windows\system32\drivers\afd.sys 6C12C7E01A4F64E0AA9C88AF66955CC9
      C:\Windows\System32\drivers\agp440.sys EF09D07626820F7F89519514C17FE768
      C:\Windows\System32\DRIVERS\ahcache.sys 8A289EF0721F95267BF2404BABEE146D
      C:\Windows\System32\drivers\amdk8.sys 6763084E8322A4876D1613854640F914
      C:\Windows\System32\drivers\amdppm.sys DE29D8AB57AD67D4940CAB4A48B3E230
      C:\Windows\System32\drivers\amdsata.sys 4C1F9BBAF5CCD76D4642F3B92B97B454
      C:\Windows\System32\drivers\amdsbs.sys F8195C1A15955180DD663E7FF4C2F6DD
      C:\Windows\System32\drivers\amdxata.sys DD2F5BBCFAC4D8E48DB1A95A7EEBFF08
      C:\Windows\system32\drivers\appid.sys 46AAF119090573A80D603745582229ED
      C:\Windows\System32\drivers\arcsas.sys 0756EECAC010BE449D07502DF27E7701
      C:\Windows\system32\drivers\aswbidsdrivera.sys 0C19C91ED99964925FF8B05C23743AB1
      C:\Windows\system32\drivers\aswbidsha.sys 670839F4BA6D82F3035AADFE8274F02E
      C:\Windows\system32\drivers\aswbloga.sys 5C561968CF601D76A98692DCC8CF74ED
      C:\Windows\system32\drivers\aswbuniva.sys 335E5F19E7397A283B7ED20FE7B369EB
      C:\Windows\system32\drivers\aswHwid.sys BA02CA77D989710F79FD662019C4DF94
      C:\Windows\system32\drivers\aswKbd.sys 5E6FD2CB74138C6AF591779D2619BD6C
      C:\Windows\system32\drivers\aswMonFlt.sys 2B1490F2F1CC76C9C9B61CE63D6E7973
      C:\Windows\system32\drivers\aswNetSec.sys DEC5206C45CBB8D8C7EDACFEAE0968B1
      C:\Windows\system32\drivers\aswRdr2.sys F26D1F761E14789743275FA5D258EAB8
      C:\Windows\system32\drivers\aswRvrt.sys C1007774450CFAB19D784D50C3410FC7
      C:\Windows\system32\drivers\aswSnx.sys EB1991686949400C51B8C21CE013621E
      C:\Windows\system32\drivers\aswSP.sys 7A17BD26C74F5329CB1DF029AE4DD357
      C:\Windows\system32\drivers\aswStm.sys 2933CBC7643168E4288D443B4125941C
      C:\Windows\system32\drivers\aswVmm.sys E76C21203E29F2DCC489EF585E0B1A38
      C:\Windows\System32\drivers\asyncmac.sys A5792F971EFE86B7F56EE7299ED1082B
      C:\Windows\System32\drivers\atapi.sys 8921DF6060DB5C7700AA48CB12E9EA08
      C:\Windows\System32\drivers\bxvbda.sys 00D64E82900E4EC9062805ED87C2D75A
      C:\Windows\System32\drivers\BasicDisplay.sys 5164A66EC1565711A7B4CF2F143B4979
      C:\Windows\System32\drivers\BasicRender.sys F4C58BBF2972BD84C73F6A14CA35AC4E
      C:\Windows\System32\drivers\bcmfn2.sys 25349D0B334E528667980948ED107D89
      C:\Windows\System32\Drivers\Beep.sys 1E8A9267F8886803AAE02982FC1B5BC4
      C:\Windows\System32\DRIVERS\bowser.sys C9FD65687EF89715999C582D3E568812
      C:\Windows\System32\drivers\BthAvrcpTg.sys F8DD3B0EAC1EF1D087AE47E5819540AC
      C:\Windows\System32\drivers\bthhfenum.sys 2FEDE143C0314A42DEB594DA9EB523CB
      C:\Windows\System32\drivers\BthHFHid.sys B95040CAD3434D9EE003065363A0FAFF
      C:\Windows\System32\drivers\bthmodem.sys 29AEE352AED4FCD2191436D263D75347
      C:\Windows\System32\drivers\buttonconverter.sys F34AD5A9F944D91BD285D1C29EEECB2B
      C:\Windows\System32\drivers\capimg.sys A10A1E05A943B10ECE5D57D131B7404D
      C:\Windows\System32\DRIVERS\cdfs.sys F2829DC6D292DCAC5029893BB2E9FEE3
      C:\Windows\System32\drivers\cdrom.sys CA160E02F35A61C6F5C681FB4669C519
      C:\Windows\System32\drivers\circlass.sys 60D7D304DF75DFF6A46CF633F583B592
      C:\Windows\System32\drivers\CLFS.sys FF9D4BCE19E5D36CB3A845A3286DA6C3
      C:\Windows\System32\drivers\CmBatt.sys 8EBA63416EC166EBA6EF6D34A505D8C8
      C:\Windows\System32\Drivers\cng.sys 0CC7CA2AC602F8B6BC93B57F63889235
      C:\Windows\System32\DRIVERS\cnghwassist.sys 5EEA0856000F81B3D709BC81B3AA1EF2
      C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys 74CD3BF688E2B408227FE012A2F2D8ED
      C:\Windows\System32\drivers\condrv.sys D38774D1D383A2CDB9A4F64B7206913B
      C:\Windows\System32\drivers\csc.sys 838755238B2BAE5A4802B038443B8A22
      C:\Windows\System32\drivers\dam.sys 4FBDC124FDFE5B51522ECD077D016623
      C:\Windows\System32\drivers\DellRbtn.sys 2F5EB7375FC3D9DBB81BDFFE2BCCB9D0
      C:\Windows\System32\Drivers\dfsc.sys 25435407D97419627F4B10653433BF2B
      C:\Windows\System32\drivers\disk.sys FDCD449AE9E75D7690593D16ADAF4DB4
      C:\Windows\System32\drivers\dmvsc.sys F10A8F6D036CEDD14A5471782C52F041
      C:\Windows\System32\drivers\dptf_acpi.sys 225C4E9280B2AE38DCAA5E2FEFC437C2
      C:\Windows\System32\drivers\dptf_cpu.sys 4DD17AA07FA0A75E79B47E5B7F18964D
      C:\Windows\system32\drivers\drmkaud.sys 45771610FF181434073B5A0A00F20F8D
      C:\Windows\System32\drivers\dtlitescsibus.sys 496C3C6BC3D930D0960C9E75AA30F4A7
      C:\Windows\System32\drivers\dxgkrnl.sys 3AE126D2F420D9B8838D19F81B6F7337
      C:\Windows\system32\DRIVERS\e1d65x64.sys ED4A39BCCFDF8EE6E55FF59EFA56A2C4
      C:\Windows\System32\drivers\e1i63x64.sys C413D1219AFF3005E1318CC8EA38DB4F
      C:\Windows\System32\drivers\evbda.sys 3070013B01EDA42C7EB67D731340C396
      C:\Windows\System32\drivers\EhStorClass.sys 59EE187E333EE9914DD9BEA5F4E0D85D
      C:\Windows\System32\drivers\EhStorTcgDrv.sys 9297F1CC486F24BDFD2874156AC5430F
      C:\Windows\System32\drivers\errdev.sys F7FCCA6300485EF60CEA6D991D6C8C78
      C:\Windows\system32\DRIVERS\esif_lf.sys A63C10A6A6B09FED00046DDD313C2CC1
      C:\Windows\System32\Drivers\exfat.sys DCCDC3F35F0618692117DF90800A4284
      C:\Windows\System32\Drivers\fastfat.sys 435FC0D25ADFD1A2FBA8C98BD4D79E23
      C:\Windows\System32\drivers\fcvsc.sys 4E4B7D935DBF522B2F23D3573596181D
      C:\Windows\System32\drivers\fdc.sys 583EB1C7690E361213BBD0472155128B
      C:\Windows\System32\drivers\filecrypt.sys CDFD81CACE0E11596A3BB61EC4CF6467
      C:\Windows\System32\drivers\fileinfo.sys 3F02FEDAE894CBF4BAADDF8C8E1D53A8
      C:\Windows\System32\drivers\filetrace.sys 2824933386E30DE5BA089DF539CE19A3
      C:\Windows\System32\drivers\flpydisk.sys 6A598249640F8BEDD79EC73917E1664F
      C:\Windows\System32\drivers\fltmgr.sys 44B6A6832134DF651E887E941478CA35
      C:\Windows\System32\drivers\FsDepends.sys 3F3B9E8CECD5604BC7746EF3A852EB67
      C:\Windows\System32\Drivers\Fs_Rec.sys A60583221C7BB7CEC35C63285A297BE1
      C:\Windows\System32\DRIVERS\fvevol.sys 58013A50225174EEF1410E37795D7908
      C:\Windows\System32\drivers\gagp30kx.sys 0DAAE3EFCE00133AB3E383A36C47CDAF
      C:\Windows\System32\drivers\vmgencounter.sys F59155B95D01C08F9ED774B626B504A1
      C:\Windows\System32\drivers\genericusbfn.sys AE24452F55C6F1784CBD7489D0CDDB02
      C:\Windows\System32\Drivers\msgpioclx.sys 96F0D3A583A91B634EE2AC2507356EDC
      C:\Windows\System32\drivers\gpuenergydrv.sys BA2455D93BD57989A04FE4094AA6F941
      C:\Windows\system32\DRIVERS\HdAudio.sys FE85E924C86D6D313D61C28A451EA4DE
      C:\Windows\System32\drivers\HDAudBus.sys C277A49F8A8295840DEBC9240B75A282
      C:\Windows\System32\drivers\HidBatt.sys D5A57EF4822A0388352FFF9F5CD53495
      C:\Windows\System32\drivers\hidbth.sys 39575B53EB80C77FF2A3F1449D00B7F5
      C:\Windows\System32\drivers\hidi2c.sys 35C3B602664116E737FF729F9A7156AD
      C:\Windows\System32\drivers\hidinterrupt.sys C4ABE526BBF2A18E8AF70177FBAD9C6E
      C:\Windows\System32\drivers\hidir.sys 348416C7D7EB05BC3099FE2F2B27985C
      C:\Windows\System32\drivers\hidusb.sys 01F732724AF6EFE69886DA95A4E51820
      C:\Windows\System32\drivers\HpSAMD.sys 3844CE7DD23530CAD59D8CABA57CCB05
      C:\Windows\System32\drivers\HTTP.sys CA6EADBB8731CA27BDA4037BF290AC14
      C:\Windows\System32\drivers\hwpolicy.sys 8841D927EB1F7FFC8B1805BC0CF190ED
      C:\Windows\System32\drivers\hyperkbd.sys 53436C3835E80F4421652A67F44D6313
      C:\Windows\system32\DRIVERS\HyperVideo.sys B2DC6C2F313EBB967B556B4E73A75451
      C:\Windows\System32\drivers\i8042prt.sys D4CDEE4A62BDFFF6E8558A9552148EA7
      C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
      C:\Windows\System32\drivers\iaLPSSi_I2C.sys F1DF87463AC308047B089E9F0456B4C8
      C:\Windows\System32\drivers\iaStorAV.sys 9FDD4763A115D04F565C38183DE4646F
      C:\Windows\System32\drivers\iaStorV.sys 4E69EE8F8E5DA036535D433C544AF9E2
      C:\Windows\System32\drivers\ibbus.sys 15C59DF20F74A0C2C764B991FED7F4A5
      C:\Windows\system32\DRIVERS\igdkmd64.sys 703B6B74DCA108B7F30B3594363BFD42
      C:\Windows\system32\drivers\RTDVHD64.sys 04F16974A8C6739CD6332EF5F7B0C505
      C:\Windows\system32\DRIVERS\IntcDAud.sys E300D1E37B737ED14F7A08CD5604E5D9
      C:\Windows\System32\drivers\IntelPcc.sys 72586E6D6DD4144D0C4CBD9D2653BBED
      C:\Windows\System32\drivers\intelide.sys 498759139F71142888CF7EFA1ABE18C8
      C:\Windows\System32\drivers\intelpep.sys DC270DDCDDC2EF65D484A65CC5166222
      C:\Windows\System32\drivers\intelppm.sys B4D9C777762B1F7356958B9C0AA93BEB
      C:\Windows\System32\drivers\ioqos.sys 22BD83268B80A8C89AAC0BDF46E4EB5D
      C:\Windows\System32\DRIVERS\ipfltdrv.sys A49E47A6E1429123F46A7CA9C05AEFC1
      C:\Windows\System32\drivers\IPMIDrv.sys E0C276985AF968CE295B8E09C121321F
      C:\Windows\System32\drivers\ipnat.sys 5D3744E6FDEC1A6FB3FA9B1DD4AF0694
      C:\Windows\System32\drivers\irenum.sys B18202D72C0EF4B53CEC6F59E3E1B955
      C:\Windows\System32\drivers\isapnp.sys CD04CBCCCB4C0E4BB06B98E0F45C888A
      C:\Windows\System32\drivers\msiscsi.sys 5D90E942C94B20E0F321015C0ABF3EEA
      C:\Windows\System32\drivers\kbdclass.sys 4192DFE6CA143C0AD8AF42C51A82BECA
      C:\Windows\System32\drivers\kbdhid.sys B63C0DB341DCB46CF7AA259333A737DD
      C:\Windows\System32\drivers\kdnic.sys 53C79A7FABDAAFD11EAB31963FB2CED7
      C:\Windows\System32\Drivers\ksecdd.sys 1E99B26BDB9B9C9BC775ED4543558560
      C:\Windows\System32\Drivers\ksecpkg.sys 6198A79011C67497B324798B3D4272CE
      C:\Windows\system32\drivers\ksthunk.sys 503597D9B72DBD9998F722F12A51ACFC
      C:\Windows\System32\drivers\lltdio.sys DB789F57CE94C827FBFF709CA5ABD29E
      C:\Windows\System32\drivers\lsi_sas.sys 3BB39166E446D456C277C17DFEA3DAC6
      C:\Windows\System32\drivers\lsi_sas2i.sys 25CF625E46307A5D6674C8DFA1A289AA
      C:\Windows\System32\drivers\lsi_sas3i.sys 722C52B12EA4C198D56994934C9DDAB6
      C:\Windows\System32\drivers\lsi_sss.sys 3371FF1D5D745C3306C6A2C4E99C25A9
      C:\Windows\system32\drivers\luafv.sys C692B9C0352315417CF49FFA664957A3
      C:\Windows\System32\drivers\MBAMSwissArmy.sys 53283EB9998AC9350E14C35A880989DB
      C:\Windows\System32\drivers\megasas.sys B2ED9A7A5587A128A0EFD0DBE7662E95
      C:\Windows\System32\drivers\megasr.sys 083F71488E6780A67290273180256EA5
      C:\Windows\System32\drivers\TeeDriverW8x64.sys 43DB6A9CFC704F48D362B13E05926276
      C:\Windows\System32\drivers\mlx4_bus.sys 5907A10D46747A2B6DBFD6A198254DC2
      C:\Windows\system32\drivers\mmcss.sys 91ED6F0EDF4158D63C52194F17D4F42E
      C:\Windows\System32\drivers\modem.sys 2C4CC9F6ADBED5A6D131FDB97A78FF68
      C:\Windows\System32\drivers\monitor.sys D8DB13529C8AD6FBAF8E2F382024374F
      C:\Windows\System32\drivers\mouclass.sys 2DAAF1EE1C30F2FCF59851A64ADA0422
      C:\Windows\System32\drivers\mouhid.sys D30FE074503283829ED194BCAE6239C3
      C:\Windows\System32\drivers\mountmgr.sys 828BD02B24D0DEAA985C4E040F1AB21D
      C:\Windows\System32\drivers\mpsdrv.sys 989A1BBD9C49B107B4A47D06E6827A69
      C:\Windows\system32\drivers\mrxdav.sys C1E74DD1D84861D8F12FF8BC0BA11975
      C:\Windows\System32\DRIVERS\mrxsmb.sys 1DF2C5FD2710A13B07E663A12F0E0EEA
      C:\Windows\System32\DRIVERS\mrxsmb10.sys 185932B1149BD707F8A13174CDAB365B
      C:\Windows\System32\DRIVERS\mrxsmb20.sys 99E24D4DBACBC569833B9A67710D65E7
      C:\Windows\System32\drivers\bridge.sys 6F8BE4FB6262012E61BBADB5444628DC
      C:\Windows\System32\Drivers\Msfs.sys 7C55F1751CAC199680D4489D1EE46544
      C:\Windows\System32\drivers\msgpiowin32.sys 7395DF6A6C67033E6B3AE97CC838A10F
      C:\Windows\System32\drivers\mshidkmdf.sys 09622DBC24D0178F15DB8461BB6970DF
      C:\Windows\System32\drivers\mshidumdf.sys 34BB07495C0159BE4189841E16F3BC2F
      C:\Windows\System32\drivers\msisadrv.sys 7BF3F0DA362C053918F5F2EC43CE39E2
      C:\Windows\system32\drivers\MSKSSRV.sys B2D0FD21FE67D6434769CC6F7A7883CA
      C:\Windows\System32\drivers\mslldp.sys FB3801F176376286A3F8F20FFB8CDC53
      C:\Windows\system32\drivers\MSPCLOCK.sys 8CBDF0E7A6CD824352F37A682A33DF7E
      C:\Windows\system32\drivers\MSPQM.sys 33E5B6261D69ACD4948A5C64B9D8F29F
      C:\Windows\System32\Drivers\MsRPC.sys 557DF8C0DBBBF518AC395C6EB1B179AE
      C:\Windows\System32\drivers\mssmbios.sys 0A29AFA668F5DD50482A98ECE70C77A7
      C:\Windows\system32\drivers\MSTEE.sys 30CE30877FD5BFADE74FA27D7829BF89
      C:\Windows\System32\drivers\MTConfig.sys 13D88C0B8A2FA001CD72D454955A6974
      C:\Windows\System32\Drivers\mup.sys 00C7F0F06A0A48B9CDB6B3AC3BE288F0
      C:\Windows\System32\drivers\mvumis.sys 8E237527CA260C71D39ED4081BDF3419
      C:\Windows\System32\DRIVERS\nwifi.sys 48D0587A8302FD3302CFE6F59F7345B0
      C:\Windows\System32\drivers\ndfltr.sys CF8296427834CF8BBB3EE1444C17362D
      C:\Windows\System32\drivers\ndis.sys C055015D9B573A7EDAF2B2948E687F36
      C:\Windows\System32\drivers\ndiscap.sys A0719D1EBA971DFC5DF5F7CC010385F8
      C:\Windows\System32\drivers\NdisImPlatform.sys 0C557932CCCC65AEB37326DD36504527
      C:\Windows\System32\DRIVERS\ndistapi.sys 56F9345D1945826135FBAB7589592B1F
      C:\Windows\System32\drivers\ndisuio.sys AADFC340939D99E5D756E713E1D452EB
      C:\Windows\System32\drivers\NdisVirtualBus.sys 312DFD787D99D3BF1427B0388BC04F71
      C:\Windows\System32\drivers\ndiswan.sys 2103F43E0A1ECFB14B7E1B889F5F24D7
      C:\Windows\System32\DRIVERS\ndiswan.sys 2103F43E0A1ECFB14B7E1B889F5F24D7
      C:\Windows\System32\DRIVERS\NDProxy.sys 6E98F16983C4AE8703FF9F90AB4B31DD
      C:\Windows\System32\drivers\Ndu.sys F1B7CC77F412C8D45B2DDCF76EDA4F9D
      C:\Windows\System32\drivers\netbios.sys 824FDC990A3F79069BE468A132EB6888
      C:\Windows\System32\DRIVERS\netbt.sys F0D791348AD254360CC3C3E501CCB745
      C:\Windows\System32\drivers\netvsc.sys 46E862DA2CF8F351375EF537276B69B5
      C:\Windows\System32\drivers\Netwbw02.sys BF8754D74B4B2E399D99CC96D34F6C37
      C:\Windows\System32\Drivers\Npfs.sys 41557BE174E9EC6AC703A8A4ADBC6650
      C:\Windows\System32\drivers\npsvctrig.sys AC3F70FCFBCE97AA2F12BA43EE13B86E
      C:\Windows\System32\drivers\nsiproxy.sys 66A98C407085B8920DF1E6D722F1ADB8
      C:\Windows\System32\Drivers\NTFS.sys 5B3D91EB07785D0EDB19449D5C35E30A
      C:\Windows\System32\Drivers\Null.sys 383E546EF4982262A0EF6CC2B6E9D525
      C:\Windows\System32\drivers\nvraid.sys 466F875F1D4C6ABB46AF28007009237C
      C:\Windows\System32\drivers\nvstor.sys 76F19EAE7A52CBAF7B8EC428BE6E0DA0
      C:\Windows\System32\drivers\nv_agp.sys 0D0CB77D74B38E0EC62341C19E469D8D
      C:\Windows\System32\drivers\parport.sys 38F1AE32339731F6E5A7281AE8042545
      C:\Windows\System32\drivers\partmgr.sys 707889D2F95AAE8C9DD254D8767AD908
      C:\Windows\System32\drivers\pci.sys 2D28307BF258572FA46E643A594CD0EA
      C:\Windows\System32\drivers\pciide.sys 3D587E4295B11B8480F7ACB09A89D718
      C:\Windows\System32\drivers\pcmcia.sys B8F07002B5F1DA23CFF979C2806B09F3
      C:\Windows\System32\drivers\pcw.sys FF588077D0C6AC2EA3FCBF1903CE08D0
      C:\Windows\System32\drivers\pdc.sys 5A4426450501534666F9E6157E258A0B
      C:\Windows\System32\drivers\peauth.sys 688F47C342E1BBC87A48AB71D316233E
      C:\Windows\System32\drivers\percsas2i.sys 189265498945593D5256CFF7FEBB9665
      C:\Windows\System32\drivers\percsas3i.sys 9B86965114F6831A5130EFE6657B17D9
      C:\Windows\System32\drivers\raspptp.sys 1433EB7908E5E1E20FFD50E4126C3484
      C:\Windows\System32\drivers\processr.sys 22DE54C3974E4FD98F61D095C22C59B7
      C:\Windows\System32\drivers\pacer.sys EDD52C352CBAAAD13FD7BD5DCEA309B3
      C:\Windows\system32\drivers\qwavedrv.sys 51590F442C6E5D43244BA30DDB0CE79D
      C:\Windows\System32\DRIVERS\rasacd.sys E951E70019865B06126AF850BCCA2026
      C:\Windows\System32\drivers\AgileVpn.sys 0BF8607133AE264BC3C41A5BAA5FFB7B
      C:\Windows\System32\drivers\rasl2tp.sys CA60F6C03611AF1710BC903ED9F566FB
      C:\Windows\System32\drivers\raspppoe.sys E5FA41160F5A3D78D8F7765E5C5F6BB0
      C:\Windows\System32\drivers\rassstp.sys DF0834AE921E633E05D1FDC55C318957
      C:\Windows\System32\DRIVERS\rdbss.sys FC9B7AC6E2B837EF7CD6C64F7068D41D
      C:\Windows\System32\drivers\rdpbus.sys FB7375657F8A5932C35EAA45E9B4B416
      C:\Windows\System32\drivers\rdpdr.sys A32AED8C644734B283A7C9D08D76064D
      C:\Windows\System32\drivers\rdpvideominiport.sys 37CC7E41243EFBB4FBC0510E5CA32A02
      C:\Windows\System32\drivers\rdyboost.sys 9C5002D1DC437DCE6D11FA4448D994D7
      C:\Windows\System32\Drivers\ReFSv1.sys E726FE08AFAFAC6F8E75E5DCC3BF8177
      C:\Windows\System32\drivers\rspndr.sys DC66C1D262D64E30A30B68E9F21AC74B
      C:\Windows\System32\drivers\vms3cap.sys 88F7703F2A4677C828124AE2110D3EBC
      C:\Windows\System32\drivers\sbp2port.sys B467E932FE4E16E201DC7E56870CB559
      C:\Windows\System32\DRIVERS\scfilter.sys 31DDA0716EC265CA57DAF9D2295FD76F
      C:\Windows\System32\drivers\sdbus.sys CC41D16FB823F9BE167BE773F225CD1F
      C:\Windows\System32\drivers\sdstor.sys F4BF50A7D16A97A887BFA0F193693C42
      C:\Windows\System32\drivers\SerCx.sys 9DB0BBE3ABE1F49651AE51EC5BCABE58
      C:\Windows\System32\drivers\SerCx2.sys C4AF79C37334D995D95C22C14FDBF7FD
      C:\Windows\System32\drivers\serenum.sys FC541A272F47BE03E67A9FCB87FA8C3E
      C:\Windows\System32\drivers\serial.sys 2A5F5F95FCA123DCBF53B5F603B64789
      C:\Windows\System32\drivers\sermouse.sys C8738887228B7BFA3B1A906816A8BB12
      C:\Windows\System32\drivers\sfloppy.sys 67832B68752CDF7FDE56949E4A2E70BF
      C:\Windows\System32\drivers\SiSRaid2.sys ED058030296CF9B79C8D48BF43724323
      C:\Windows\System32\drivers\sisraid4.sys 633D3D1581E9DCCD5A2D8F039104C9A5
      C:\Windows\System32\drivers\spaceport.sys 187B4AD4446C59F8FCC4A10F473EE3D1
      C:\Windows\System32\drivers\SpbCx.sys 2799FCA215919FDC9A87C5FCAB530828
      C:\Windows\System32\Drivers\sptd.sys FEB80A9EC320569CC82D4DB9F4AC78BC
      C:\Windows\System32\DRIVERS\srv.sys AA1F23501511EFE9CF9771F6B20E8D45
      C:\Windows\System32\DRIVERS\srv2.sys F5B169EDF9D5E3C7200D89D30E065D13
      C:\Windows\System32\DRIVERS\srvnet.sys 2E142E027F0AA698BA4DCE49CBDB43CD
      C:\Windows\System32\drivers\stexstor.sys DDE064A4298FD1FBF804D3ED691E7EDB
      C:\Windows\System32\drivers\storahci.sys 32C95F44108C3E7DB58F773346E3C9D0
      C:\Windows\System32\drivers\vmstorfl.sys 8883C8CE4942A99B84E1CC6EFA19738E
      C:\Windows\System32\drivers\stornvme.sys 7042792AC7045D1EE8CC9FE743FD5194
      C:\Windows\System32\drivers\storqosflt.sys 63513EF3121689B3A59BD217618A2E42
      C:\Windows\System32\drivers\storufs.sys 000F5CFCEF0F06DC8FD1D2F568E48AE4
      C:\Windows\System32\drivers\storvsc.sys 7415087F9006D6818F85F3CBD79B1A50
      C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys 802278EE4ACCE9EA1F1481DF20EB1667
      C:\Windows\System32\drivers\Synth3dVsc.sys 12D0CB1DCAE6725B6CA54CC2038C4C8C
      C:\Windows\System32\drivers\tcpip.sys BA8CDF0FC9469005A84453A128EEB6AE
      C:\Windows\System32\drivers\tcpip.sys BA8CDF0FC9469005A84453A128EEB6AE
      C:\Windows\System32\drivers\tcpipreg.sys D378A1AF58AFA84BB6AC753F2C1BE9F4
      C:\Windows\system32\DRIVERS\tdx.sys 28E1E63A1AC65E17B3194238FA2CF3BF
      C:\Windows\System32\drivers\terminpt.sys CCDBD2817C10A4F631280CBB3AE44FFB
      C:\Windows\system32\drivers\tpm.sys F4AEDABC8F3A9D632F8206D0C7F8CA09
      C:\Windows\System32\drivers\TsUsbFlt.sys 676C801CAA61AADD0C918CC536A74B78
      C:\Windows\System32\drivers\TsUsbGD.sys 2BB6CC0DD1CEE86330743B56FA9FE91F
      C:\Windows\System32\drivers\tunnel.sys 20FFDE9DE8B57B51262EC54940DE4C82
      C:\Windows\System32\drivers\uagp35.sys D0BE5EA1652D55029C9A898FB8ACFCE0
      C:\Windows\System32\drivers\uaspstor.sys 13C15E4B238895FE4731DB1D612EEB5F
      C:\Windows\System32\Drivers\UcmCx.sys BEBB8B55C5F99B69EEE39A9D7BADB21E
      C:\Windows\System32\drivers\UcmUcsi.sys C4F7D38D959CF6297747CCEEEF021726
      C:\Windows\System32\drivers\ucx01000.sys FB1C1D8B96A482F3581338D6752E1D6C
      C:\Windows\System32\drivers\udecx.sys 4E1543ACE2F6E2846713E5123D9D4159
      C:\Windows\System32\DRIVERS\udfs.sys CDCA9CC1D8293E75218D8FF85F2337A4
      C:\Windows\System32\drivers\UEFI.sys BC683E19307C533C7161DB7A58051347
      C:\Windows\System32\drivers\ufx01000.sys D14B42C26DE402F316D49667D15446F0
      C:\Windows\System32\drivers\UfxChipidea.sys 192470BE4321791FBB25F379D0141D6F
      C:\Windows\System32\drivers\ufxsynopsys.sys F7BD838E84E6B286DBCE068EFB8C0800
      C:\Windows\System32\drivers\uliagpkx.sys A25842AC180F0E8B02380ECB8ADA1AF5
      C:\Windows\System32\drivers\umbus.sys 21088F43172525C7E02D335A3327F46C
      C:\Windows\System32\drivers\umpass.sys 294A291B5D48FE8F38DD94B7272442C5
      C:\Windows\System32\drivers\urschipidea.sys A7A52EDDC3FAF183D6AC4774690ADF13
      C:\Windows\System32\drivers\urscx01000.sys 2EEA0897DD9E30E958B508D557F0B5E4
      C:\Windows\System32\drivers\urssynopsys.sys DC54D775A3A61E4CDE871B4E38A1459A
      C:\Windows\system32\drivers\usbaudio.sys 1DC6166DB6C4FEFE87D9B9105044E5BE
      C:\Windows\System32\drivers\usbccgp.sys 18B63A0980F4AA1E6D7879B253980E37
      C:\Windows\System32\drivers\usbcir.sys 1C60A1A3C8E1E819E16F12BAEB1C83F8
      C:\Windows\System32\drivers\usbehci.sys 9A3E39F85DC6E3B9F792F1095ACFF788
      C:\Windows\System32\drivers\usbhub.sys 758B05374B34D13ADCDFE27B741E42D4
      C:\Windows\System32\drivers\UsbHub3.sys 69EB556E0A693ADCCFC83A380C44BD8A
      C:\Windows\System32\drivers\usbohci.sys 72EA850B59F40C25A4FEDDA5FE84EFEB
      C:\Windows\System32\drivers\usbprint.sys 47B2B2DE152E25546944049CA1170BB1
      C:\Windows\System32\drivers\usbser.sys 40B2D0D9BEB100F882AED916775EB656
      C:\Windows\System32\drivers\USBSTOR.SYS CD35467670DF1E6FBF36DA308F0C872B
      C:\Windows\System32\drivers\usbuhci.sys DFA92EA105DD1073B43FB210EEB03DD4
      C:\Windows\System32\Drivers\usbvideo.sys B1484D4BBC6B7B424F1CD1554B0AFB84
      C:\Windows\System32\drivers\USBXHCI.SYS 0728504F9863774E56A54AE66C3F1E6B
      C:\Windows\System32\drivers\vdrvroot.sys 26223003DDFB347B5CF3EC0B56DB066B
      C:\Windows\System32\drivers\VerifierExt.sys A417284BC6B5C2EEF63F2C5154473530
      C:\Windows\System32\drivers\vhdmp.sys 4C39C05A72EB14C0567501C7E087E564
      C:\Windows\System32\drivers\vhf.sys C42206A15078596FDE8E89BB629DE342
      C:\Windows\System32\drivers\vmbus.sys 248D9F911A5C94CF8477125DD0C3A291
      C:\Windows\System32\drivers\VMBusHID.sys 3E98DD4E0CBD6B4F9CBD0E9E0EDF541E
      C:\Windows\System32\drivers\volmgr.sys 91F165C5D71D9DCB18D4661CF10D1084
      C:\Windows\System32\drivers\volmgrx.sys 17042748AC05862A0283D32575220080
      C:\Windows\System32\drivers\volsnap.sys 823A237D871CD652C6BFD47BECB6810A
      C:\Windows\System32\drivers\vpci.sys 78727FA284C2095EED660D71CD3C9AEF
      C:\Windows\System32\drivers\vsmraid.sys 2415961D561E02F5E46B7C1C687A6788
      C:\Windows\System32\drivers\vstxraid.sys 6AE9A843AE979F2DCCA5A25C07C7A5F8
      C:\Windows\System32\drivers\vwifibus.sys BD232C761C59FA8D8EF626CA630E2D2E
      C:\Windows\System32\drivers\vwififlt.sys 3039687AB65CEE26CF478C1F42FFCD7D
      C:\Windows\System32\drivers\vwifimp.sys 37C868DDE3103130B00AD1313DAB5ACB
      C:\Windows\System32\drivers\wacompen.sys FC40A7527D39F06D032A6553D22E4BF6
      C:\Windows\System32\DRIVERS\wanarp.sys E9E22E116F810DAC98C5EC207F24C916
      C:\Windows\System32\DRIVERS\wanarp.sys E9E22E116F810DAC98C5EC207F24C916
      C:\Windows\system32\drivers\WdBoot.sys C8BA574B3BA6AE88741AC86B1FE3C1DC
      C:\Windows\System32\drivers\Wdf01000.sys 796D1C95894BC15B3FEF090C107CBA31
      C:\Windows\system32\drivers\WdFilter.sys C5BB7C612B4C852836BEA39593BA5F46
      C:\Windows\System32\DRIVERS\wdiwifi.sys A9B6536FC0EA0E533B97A4F31F985D56
      C:\Windows\System32\Drivers\WdNisDrv.sys BD193A7BD34B2E829FAF56306FEE3B09
      C:\Windows\System32\drivers\wfplwfs.sys DBF5255B759212E5217A2748567A0B5C
      C:\Windows\System32\drivers\wimmount.sys 4375BCBA419D19695CF566082CEF27D3
      C:\Windows\System32\drivers\WindowsTrustedRT.sys 037BC6DE5F58D4A74A5BB0C12DCECDCA
      C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 70BCD70BD53F2FE660ED94B025A043EB
      C:\Windows\System32\drivers\winmad.sys 7792AE5403BF8975B6460DFC3428D129
      C:\Windows\System32\drivers\WinUSB.SYS 811F30EB6EE8318C4171CB95AE30B9BD
      C:\Windows\System32\drivers\winverbs.sys DF00381AB8665D48DE3FF794BC6760AB
      C:\Windows\System32\drivers\wmiacpi.sys 623ED8E10DFEEAB7AE2CD11A0451DB79
      C:\Windows\System32\Drivers\Wof.sys 8F5140800751CFDAB57AEC1F59E7C7AA
      C:\Windows\System32\DRIVERS\wpcfltr.sys D1D0BEA5CD87754D276656013F0D8341
      C:\Windows\System32\drivers\WpdUpFltr.sys 37DCE976B3935380F2F6E39ABB6BF40D
      C:\Windows\system32\drivers\ws2ifsl.sys 3CD22DD5A790CF7C24D65455E565EA83
      C:\Windows\System32\drivers\WudfPf.sys 835F60262E7E310080EA05F6752BF248
      C:\Windows\System32\drivers\WUDFRd.sys 4E848DE29E4279C7F25EF5B34ED94FDD
      C:\Windows\system32\DRIVERS\WUDFRd.sys 4E848DE29E4279C7F25EF5B34ED94FDD
      C:\Windows\System32\drivers\xboxgip.sys 30021D1E0407B71E8D5D4F8DAE4E656A
      C:\Windows\System32\drivers\xinputhid.sys 6851673B90D8CB332439E0339F81A6B6
      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== Three Months Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-05-18 12:47 - 2017-05-18 12:47 - 00016148 _____ C:\Windows\system32\DESKTOP-I75C32L_DELL_HistoryPrediction.bin
      2017-05-18 11:31 - 2017-05-18 11:31 - 00002580 _____ C:\Users\DELL\Desktop\AdwCleaner[C6].txt
      2017-05-18 11:29 - 2017-05-18 11:29 - 00167492 _____ C:\Users\DELL\Desktop\malware.txt
      2017-05-18 11:19 - 2017-05-18 12:50 - 00037132 _____ C:\Users\DELL\Desktop\FRST.txt
      2017-05-18 11:18 - 2017-05-18 12:50 - 00000000 ____D C:\FRST
      2017-05-18 11:14 - 2017-05-18 11:14 - 00781312 _____ C:\Users\DELL\Desktop\DelFix.exe
      2017-05-18 11:05 - 2017-05-18 11:18 - 02429952 _____ (Farbar) C:\Users\DELL\Desktop\FRST64.exe
      2017-05-18 09:57 - 2017-05-18 09:57 - 00000000 ____D C:\Program Files (x86)\MIO
      2017-05-18 09:42 - 2017-05-18 09:42 - 00002453 _____ C:\Users\DELL\Desktop\AdwCleaner[S7].txt
      2017-05-18 09:28 - 2017-05-18 09:28 - 00000545 _____ C:\Users\DELL\Desktop\JRT.txt
      2017-05-18 09:26 - 2017-05-18 09:26 - 00173009 _____ C:\Users\DELL\Desktop\malwarebytes.txt
      2017-05-18 09:26 - 2017-05-18 09:26 - 00000000 ____D C:\ProgramData\SWCUTemp
      2017-05-18 08:46 - 2017-05-18 09:55 - 00000000 ____D C:\Reimward
      2017-05-17 16:18 - 2017-05-18 09:14 - 00337032 _____ C:\Windows\system32\FNTCACHE.DAT
      2017-05-17 15:54 - 2017-05-18 11:30 - 00294434 _____ C:\Windows\ntbtlog.txt
      2017-05-17 11:50 - 2017-05-18 11:30 - 00000000 ____D C:\AdwCleaner
      2017-05-17 11:44 - 2017-05-17 11:50 - 04102600 _____ C:\Users\DELL\Desktop\AdwCleaner.exe
      2017-05-17 11:38 - 2017-05-17 11:38 - 00000000 ____D C:\Users\DELL\AppData\Local\Hotleaf
      2017-05-17 00:16 - 2017-05-17 00:16 - 00028094 _____ C:\Users\DELL\Downloads\Boletin.pdf
      2017-05-16 20:02 - 2017-05-16 20:02 - 00453501 _____ C:\Users\DELL\Downloads\TP5_MD_17.pdf
      2017-05-16 20:01 - 2017-05-16 20:01 - 00306192 _____ C:\Users\DELL\Downloads\TP4_MD_17.pdf
      2017-05-14 19:10 - 2017-05-14 19:10 - 00493892 _____ C:\Users\DELL\Downloads\2.1.002_pensamiento_crit._y_comunic._29-11-2016 (1).pdf
      2017-05-13 21:13 - 2017-05-13 21:13 - 00493892 _____ C:\Users\DELL\Downloads\2.1.002_pensamiento_crit._y_comunic._29-11-2016.pdf
      2017-05-12 14:46 - 2017-05-12 14:46 - 00002868 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
      2017-05-12 14:27 - 2017-05-12 14:27 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\398F1A57.sys
      2017-05-12 14:23 - 2017-05-12 14:23 - 00000000 ____D C:\Windows\ERUNT
      2017-05-12 14:18 - 2017-05-12 14:18 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
      2017-05-12 14:18 - 2017-05-12 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      2017-05-12 14:18 - 2017-05-12 14:18 - 00000000 ____D C:\Program Files\CCleaner
      2017-05-12 13:44 - 2017-05-18 11:30 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
      2017-05-12 13:44 - 2017-05-18 11:23 - 00002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-05-12 13:44 - 2017-05-12 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-05-12 13:44 - 2017-05-12 13:44 - 00000000 ____D C:\ProgramData\Malwarebytes
      2017-05-12 13:44 - 2017-05-12 13:44 - 00000000 ____D C:\Program Files\Malwarebytes
      2017-05-12 13:44 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
      2017-05-12 13:43 - 2017-05-18 11:23 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
      2017-05-11 15:03 - 2017-05-11 15:03 - 00000000 _____ C:\Windows\SysWOW64\3333333
      2017-05-11 15:02 - 2017-05-11 15:02 - 00000000 _____ C:\Windows\SysWOW64\22
      2017-05-11 15:02 - 2017-05-11 15:02 - 00000000 _____ C:\Windows\SysWOW64\1111111
      2017-05-11 15:02 - 2017-05-11 15:02 - 00000000 _____ C:\Windows\SysWOW64\11
      2017-05-11 15:02 - 2017-05-11 15:02 - 00000000 _____ C:\Windows\SysWOW64\00
      2017-05-11 12:07 - 2017-05-12 14:17 - 01663672 _____ (Malwarebytes) C:\Users\DELL\Desktop\JRT.exe
      2017-05-11 12:00 - 2017-05-17 15:56 - 00000000 ____D C:\Users\DELL\Desktop\Security
      2017-05-09 13:22 - 2017-05-17 11:33 - 00000000 _____ C:\Windows\SysWOW64\1111
      2017-05-09 09:41 - 2017-05-09 09:43 - 00000000 ____D C:\Users\DELL\AppData\Local\Comms
      2017-05-08 19:36 - 2017-05-08 19:36 - 00000222 _____ C:\Users\DELL\Desktop\Starbound.url
      2017-05-08 13:37 - 2017-05-06 13:28 - 00000000 ____D C:\Users\DELL\Desktop\Manual Blender offline
      2017-05-08 13:32 - 2017-05-08 13:32 - 00000000 ____D C:\Users\Public\Documents\chrome
      2017-05-08 07:21 - 2017-05-08 07:21 - 00000222 _____ C:\Users\DELL\Desktop\Blender 2.78.url
      2017-05-08 07:16 - 2017-05-18 09:57 - 00000000 ____D C:\Program Files\MK
      2017-05-07 19:39 - 2017-05-07 19:39 - 00000000 ____D C:\Users\DELL\Desktop\Aseprite
      2017-05-07 18:14 - 2017-05-07 19:39 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Aseprite
      2017-05-07 18:11 - 2017-05-07 18:11 - 00000222 _____ C:\Users\DELL\Desktop\Aseprite.url
      2017-05-07 14:59 - 2017-05-07 14:59 - 00000000 ____D C:\Users\DELL\Documents\REAPER Media
      2017-05-07 14:15 - 2017-05-07 14:15 - 00003294 _____ C:\Windows\System32\Tasks\{659BD3DC-F5B8-4F91-95BB-C720E85BA22A}
      2017-05-07 01:02 - 2017-05-07 16:41 - 00000000 ____D C:\Users\DELL\AppData\Roaming\REAPER
      2017-05-06 22:07 - 2017-05-06 22:07 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2017-05-06 22:04 - 2017-05-06 22:04 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
      2017-05-06 22:04 - 2017-05-06 22:04 - 00000000 ____D C:\Program Files\Common Files\AV
      2017-05-06 22:00 - 2017-05-06 22:00 - 00000000 ____D C:\Users\DELL\AppData\Roaming\AVAST Software
      2017-05-06 21:59 - 2017-05-17 16:04 - 00002148 _____ C:\Users\Public\Desktop\Avast Premier.lnk
      2017-05-06 21:59 - 2017-05-12 16:09 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
      2017-05-06 21:59 - 2017-05-08 13:40 - 00004268 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2017-05-06 21:59 - 2017-05-06 22:32 - 00004030 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1494118766
      2017-05-06 21:59 - 2017-05-06 22:32 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
      2017-05-06 21:59 - 2017-05-06 22:07 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2017-05-06 21:59 - 2017-05-06 22:07 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2017-05-06 21:59 - 2017-05-06 22:07 - 00507928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
      2017-05-06 21:59 - 2017-05-06 22:07 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2017-05-06 21:59 - 2017-05-06 22:07 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
      2017-05-06 21:59 - 2017-05-06 22:07 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2017-05-06 21:59 - 2017-05-06 22:07 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
      2017-05-06 21:59 - 2017-05-06 22:07 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2017-05-06 21:59 - 2017-05-06 22:07 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2017-05-06 21:59 - 2017-05-06 22:07 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2017-05-06 21:59 - 2017-05-06 22:07 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
      2017-05-06 21:59 - 2017-05-06 22:07 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2017-05-06 21:59 - 2017-05-06 22:07 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
      2017-05-06 21:59 - 2017-05-06 21:59 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk
      2017-05-06 21:59 - 2017-05-06 21:59 - 00001088 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
      2017-05-06 21:58 - 2017-05-06 21:58 - 00000000 ____D C:\Program Files\AVAST Software
      2017-05-06 21:57 - 2017-05-07 14:03 - 00000000 ____D C:\ProgramData\AVAST Software
      2017-05-06 21:36 - 2017-05-07 14:23 - 00000000 ____D C:\Program Files\REAPER (x64)
      2017-05-06 21:36 - 2017-05-06 21:36 - 00000869 _____ C:\Users\Public\Desktop\REAPER (x64).lnk
      2017-05-06 21:36 - 2017-05-06 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
      2017-05-06 21:36 - 2017-05-06 21:36 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
      2017-05-06 19:25 - 2017-05-06 19:25 - 00000000 ____D C:\Users\DELL\Desktop\Puyo
      2017-05-06 19:18 - 2017-05-06 01:44 - 00000030 _____ C:\AVScanner.ini
      2017-05-06 01:55 - 2017-05-06 01:55 - 00000000 ____D C:\Program Files\Common Files\Intel
      2017-05-06 01:54 - 2017-05-06 19:24 - 00000000 ____D C:\Program Files\Common Files\McAfee
      2017-05-06 01:45 - 2017-05-06 01:45 - 00000000 ____D C:\Users\DELL\AppData\Local\Macromedia
      2017-05-06 01:44 - 2017-05-06 19:24 - 00000000 ____D C:\ProgramData\McAfee
      2017-05-05 16:14 - 2017-05-05 16:14 - 00000000 ____D C:\Users\DELL\AppData\Local\PuyoVS
      2017-05-05 09:13 - 2017-05-07 18:57 - 00000000 ____D C:\Users\DELL\Desktop\Universidad
      2017-05-05 07:57 - 2017-05-05 07:57 - 00000000 ____D C:\Users\DELL\AppData\Roaming\NuGet
      2017-05-05 07:56 - 2017-05-05 07:56 - 00000000 ____D C:\Users\DELL\Documents\Visual Studio 2013
      2017-05-05 07:50 - 2017-05-05 07:50 - 00000000 ____D C:\Users\DELL\AppData\Local\.IdentityService
      2017-05-05 07:49 - 2017-05-05 07:56 - 00000000 ____D C:\Users\DELL\Documents\Visual Studio 2017
      2017-05-05 07:49 - 2017-05-05 07:49 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Unity
      2017-05-05 07:49 - 2017-05-05 07:49 - 00000000 ____D C:\Users\DELL\AppData\LocalLow\Unity
      2017-05-05 07:49 - 2017-05-05 07:49 - 00000000 ____D C:\Users\DELL\AppData\Local\Unity
      2017-05-05 07:49 - 2017-05-05 07:49 - 00000000 ____D C:\ProgramData\Unity
      2017-05-05 07:46 - 2017-05-05 07:46 - 00000000 ____D C:\Program Files\Windows Identity Foundation
      2017-05-05 04:00 - 2017-05-05 04:00 - 00000000 ____D C:\Users\DELL\.cordova
      2017-05-05 03:59 - 2017-05-12 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.4.0f3 (64-bit)
      2017-05-05 03:59 - 2017-05-05 03:59 - 00000928 _____ C:\Users\Public\Desktop\Unity 5.4.0f3 (64-bit).lnk
      2017-05-05 03:59 - 2017-05-05 03:59 - 00000000 ____D C:\Program Files (x86)\GtkSharp
      2017-05-05 03:57 - 2017-05-05 03:59 - 00000000 ____D C:\Program Files\Unity
      2017-05-05 03:40 - 2017-05-05 03:40 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity
      2017-05-05 03:39 - 2017-05-05 03:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity
      2017-05-05 03:29 - 2017-05-05 03:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
      2017-05-05 03:28 - 2017-05-05 03:28 - 00000000 ____D C:\Users\DELL\AppData\LocalLow\Oracle
      2017-05-05 03:28 - 2017-05-05 03:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
      2017-05-05 03:28 - 2017-05-05 03:28 - 00000000 ____D C:\Program Files\Java
      2017-05-05 03:28 - 2017-05-05 03:28 - 00000000 ____D C:\Program Files (x86)\Java
      2017-05-05 03:28 - 2017-05-05 03:28 - 00000000 ____D C:\Program Files (x86)\Android
      2017-05-05 03:09 - 2017-05-05 03:09 - 00000000 ____D C:\Windows\symbols
      2017-05-05 03:09 - 2017-05-05 03:09 - 00000000 ____D C:\Program Files\Reference Assemblies
      2017-05-05 03:09 - 2017-05-05 03:09 - 00000000 ____D C:\Program Files\Microsoft Identity Extensions
      2017-05-05 03:09 - 2017-05-05 03:09 - 00000000 ____D C:\Program Files (x86)\Workflow Manager Tools
      2017-05-05 03:09 - 2017-05-05 03:09 - 00000000 ____D C:\Program Files (x86)\Open XML SDK
      2017-05-05 03:08 - 2017-05-05 03:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
      2017-05-05 03:08 - 2017-05-05 03:08 - 00000000 ____D C:\ProgramData\Git
      2017-05-05 03:08 - 2017-05-05 03:08 - 00000000 ____D C:\Program Files\Git
      2017-05-05 03:08 - 2017-05-05 03:08 - 00000000 ____D C:\Program Files (x86)\ShellDir
      2017-05-05 03:07 - 2017-05-05 03:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure
      2017-05-05 03:07 - 2017-05-05 03:07 - 00000000 ____D C:\ProgramData\dftmp
      2017-05-05 03:06 - 2017-05-05 03:06 - 00000000 ____D C:\Program Files\Microsoft SDKs
      2017-05-05 03:06 - 2017-05-05 03:06 - 00000000 ____D C:\Program Files (x86)\NuGet
      2017-05-05 03:06 - 2017-05-05 03:06 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.1 Local Feed - Visual Studio 2017
      2017-05-05 03:06 - 2017-05-05 03:06 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.0 Local Feed - Visual Studio 2017
      2017-05-05 02:46 - 2017-05-05 02:46 - 00000000 ____D C:\Program Files\dotnet
      2017-05-05 02:45 - 2017-05-05 03:06 - 00000000 ____D C:\Program Files\IIS Express
      2017-05-05 02:45 - 2017-05-05 03:06 - 00000000 ____D C:\Program Files (x86)\IIS Express
      2017-05-05 02:45 - 2017-05-05 02:45 - 00000000 ____D C:\Program Files\IIS
      2017-05-05 02:45 - 2017-05-05 02:45 - 00000000 ____D C:\Program Files (x86)\IIS
      2017-05-05 02:45 - 2017-05-05 02:45 - 00000000 ____D C:\Program Files (x86)\Entity Framework Tools
      2017-05-05 02:44 - 2017-05-05 02:44 - 14388224 _____ (Microsoft Corporation) C:\Windows\system32\DXCaptureReplay.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 11670528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCaptureReplay.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 05850624 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsDesktopEngine.exe
      2017-05-05 02:44 - 2017-05-05 02:44 - 04969472 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsRemoteEngine.exe
      2017-05-05 02:44 - 2017-05-05 02:44 - 04596224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsDesktopEngine.exe
      2017-05-05 02:44 - 2017-05-05 02:44 - 03701248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsRemoteEngine.exe
      2017-05-05 02:44 - 2017-05-05 02:44 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsOfflineAnalysis.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 01509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsOfflineAnalysis.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 01198592 _____ (Microsoft Corporation) C:\Windows\system32\DXCap.exe
      2017-05-05 02:44 - 2017-05-05 02:44 - 00953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCap.exe
      2017-05-05 02:44 - 2017-05-05 02:44 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\perf_gputiming.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsExperiment.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf_gputiming.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsExperiment.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsMonitor.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsReporting.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsCapture.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsMonitor.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 00134144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsCapture.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsReporting.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 00094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxToolsReportGenerator.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\DxToolsReportGenerator.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsProxyStub.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsProxyStub.dll
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\SysWOW64\3082
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\SysWOW64\2052
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\SysWOW64\1055
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\SysWOW64\1049
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\SysWOW64\1046
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\SysWOW64\1045
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\SysWOW64\1042
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\SysWOW64\1041
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\SysWOW64\1040
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\SysWOW64\1036
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\SysWOW64\1033
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\SysWOW64\1031
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\SysWOW64\1029
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\SysWOW64\1028
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\system32\3082
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\system32\2052
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\system32\1055
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\system32\1049
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\system32\1046
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\system32\1045
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\system32\1042
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\system32\1041

    7. #7
      Usuario Avatar de WolFran
      Registrado
      may 2017
      Ubicación
      Argentina
      Mensajes
      7

      Re: Luckysites, zoohair y demases. No paran de regenerarse aun en modo seguro.

      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\system32\1040
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\system32\1036
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\system32\1033
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\system32\1031
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\system32\1029
      2017-05-05 02:44 - 2017-05-05 02:44 - 00000000 ____D C:\Windows\system32\1028
      2017-05-05 02:43 - 2017-05-05 02:43 - 00000000 ____D C:\Program Files (x86)\Windows Phone Kits
      2017-05-05 02:41 - 2017-05-05 02:41 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
      2017-05-05 02:41 - 2017-05-05 02:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
      2017-05-05 02:41 - 2017-05-05 02:41 - 00000000 ____D C:\Program Files\Application Verifier
      2017-05-05 01:55 - 2017-05-05 01:55 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
      2017-05-05 01:55 - 2017-05-05 01:55 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
      2017-05-05 01:47 - 2017-05-05 02:44 - 00000000 ____D C:\Program Files\Microsoft SQL Server
      2017-05-05 01:47 - 2017-05-05 02:44 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
      2017-05-05 01:47 - 2017-05-05 01:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
      2017-05-05 01:41 - 2017-05-05 02:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
      2017-05-05 00:43 - 2017-05-05 03:07 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
      2017-05-05 00:43 - 2017-05-05 02:41 - 00000000 ____D C:\Program Files (x86)\Windows Kits
      2017-05-05 00:43 - 2017-05-05 00:43 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
      2017-05-05 00:42 - 2017-05-05 01:27 - 00000000 ____D C:\Program Files (x86)\MSBuild
      2017-05-05 00:42 - 2017-05-05 00:42 - 00001803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
      2017-05-05 00:42 - 2017-05-05 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
      2017-05-05 00:39 - 2017-05-05 00:39 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
      2017-05-05 00:28 - 2017-05-05 07:46 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Visual Studio Setup
      2017-05-05 00:28 - 2017-05-05 00:28 - 00002291 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
      2017-05-05 00:28 - 2017-05-05 00:28 - 00000000 ____D C:\Users\DELL\AppData\Roaming\vstelemetry
      2017-05-05 00:28 - 2017-05-05 00:28 - 00000000 ____D C:\Users\DELL\AppData\Local\ServiceHub
      2017-05-05 00:27 - 2017-05-05 02:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
      2017-05-05 00:20 - 2017-05-05 01:52 - 4234921984 _____ C:\Users\DELL\Downloads\es_windows_10_education_version_1703_updated_march_2017_x64_dvd_10204631.iso
      2017-05-04 21:20 - 2017-05-11 21:43 - 00000000 ____D C:\Users\DELL\zinjai
      2017-05-04 21:19 - 2017-05-04 21:20 - 00000000 ____D C:\Program Files (x86)\ZinjaI
      2017-05-04 21:19 - 2017-05-04 21:19 - 00001078 _____ C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZinjaI.lnk
      2017-05-04 21:19 - 2017-05-04 21:19 - 00001048 _____ C:\Users\DELL\Desktop\ZinjaI.lnk
      2017-05-04 20:28 - 2017-05-04 21:57 - 00004124 _____ C:\Users\DELL\Documents\Clase Vectores 04 de mayo.txt
      2017-05-04 15:51 - 2017-05-04 15:51 - 00005068 _____ C:\Users\DELL\AppData\Local\recently-used.xbel
      2017-05-04 15:49 - 2017-05-08 12:31 - 00000000 ____D C:\Users\DELL\.thumbnails
      2017-05-04 15:49 - 2017-05-04 15:51 - 00000000 ____D C:\Users\DELL\AppData\Local\gtk-2.0
      2017-05-04 15:47 - 2017-05-04 15:51 - 00000000 ____D C:\Users\DELL\.gimp-2.8
      2017-05-04 15:47 - 2017-05-04 15:47 - 00001561 _____ C:\Users\DELL\Desktop\GIMP 2.lnk
      2017-05-04 15:47 - 2017-05-04 15:47 - 00000000 ____D C:\Users\DELL\AppData\Local\gegl-0.2
      2017-05-04 15:47 - 2017-05-04 15:47 - 00000000 ____D C:\Users\DELL\AppData\Local\fontconfig
      2017-05-04 15:44 - 2017-05-04 15:44 - 00000939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
      2017-05-04 15:43 - 2017-05-04 15:44 - 00000000 ____D C:\Program Files\GIMP 2
      2017-05-04 15:26 - 2017-05-18 09:19 - 00004216 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{832A7428-72E4-4C83-A3CD-5369314BD5F9}
      2017-05-04 13:10 - 2017-05-04 13:10 - 00000000 ____D C:\Users\DELL\AppData\LocalLow\Adobe
      2017-05-04 13:09 - 2017-05-05 00:44 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
      2017-05-04 13:09 - 2017-05-04 13:10 - 00000000 ____D C:\ProgramData\Adobe
      2017-05-04 13:09 - 2017-05-04 13:09 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2017-05-04 13:09 - 2017-05-04 13:09 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
      2017-05-04 13:09 - 2017-05-04 13:09 - 00000000 ____D C:\Program Files (x86)\Adobe
      2017-05-04 13:03 - 2017-05-06 01:44 - 00000000 ____D C:\Users\DELL\AppData\Local\Adobe
      2017-05-04 09:57 - 2017-05-17 11:38 - 00000000 ____D C:\Users\DELL\AppData\LocalLow\Mozilla
      2017-05-04 09:57 - 2017-05-04 09:57 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Mozilla
      2017-05-04 09:56 - 2017-05-04 09:56 - 00000000 ____D C:\Users\Public\Documents\Google
      2017-05-04 09:54 - 2017-05-17 11:53 - 00000000 ____D C:\Windows\system32\log
      2017-05-04 08:44 - 2017-05-04 08:44 - 00000000 ____D C:\Users\DELL\AppData\LocalLow\League of Geeks
      2017-05-04 01:29 - 2017-05-08 19:36 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
      2017-05-04 01:26 - 2017-05-04 01:26 - 00000000 ____D C:\Users\DELL\AppData\Local\Steam
      2017-05-04 01:26 - 2017-05-04 01:26 - 00000000 ____D C:\Users\DELL\AppData\Local\CEF
      2017-05-04 01:21 - 2017-05-18 11:36 - 00000000 ____D C:\Program Files (x86)\Steam
      2017-05-04 01:21 - 2017-05-04 01:21 - 00001032 _____ C:\Users\Public\Desktop\Steam.lnk
      2017-05-04 01:21 - 2017-05-04 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
      2017-05-03 20:55 - 2017-05-17 14:57 - 00000000 ____D C:\Insist
      2017-05-02 19:40 - 2017-05-18 11:31 - 00003808 _____ C:\Windows\System32\Tasks\AutoKMS
      2017-05-02 19:40 - 2017-05-02 20:40 - 00000000 ____D C:\Windows\AutoKMS
      2017-05-02 19:39 - 2017-05-02 19:39 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
      2017-05-02 19:35 - 2017-05-02 19:47 - 00000000 ____D C:\Program Files\Microsoft Office
      2017-05-02 19:35 - 2017-05-02 19:35 - 00000000 ____D C:\Users\DELL\AppData\Local\Microsoft Help
      2017-05-02 19:18 - 2017-05-02 19:18 - 00000000 ____D C:\Program Files (x86)\HP
      2017-05-02 19:02 - 2017-05-02 19:02 - 00000000 ____D C:\Program Files\HP
      2017-04-28 15:49 - 2017-05-05 09:58 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
      2017-04-27 09:15 - 2017-04-27 09:15 - 00000000 ____D C:\Users\Public\Documents\Steam
      2017-04-27 09:15 - 2017-04-27 09:15 - 00000000 ____D C:\Users\DELL\Documents\My Games
      2017-04-27 09:12 - 2017-05-05 03:05 - 00000000 ____D C:\ProgramData\Package Cache
      2017-04-27 09:10 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
      2017-04-27 09:10 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
      2017-04-27 09:10 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
      2017-04-27 09:10 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
      2017-04-27 09:10 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
      2017-04-27 09:10 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
      2017-04-27 09:10 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
      2017-04-27 09:10 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
      2017-04-27 09:10 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
      2017-04-27 09:10 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
      2017-04-27 09:10 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
      2017-04-27 09:10 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
      2017-04-27 09:10 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
      2017-04-27 09:10 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
      2017-04-27 09:10 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
      2017-04-27 09:10 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
      2017-04-27 09:10 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
      2017-04-27 09:10 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
      2017-04-27 09:10 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
      2017-04-27 09:10 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
      2017-04-27 09:10 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
      2017-04-27 09:10 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
      2017-04-27 09:10 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
      2017-04-27 09:10 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
      2017-04-27 09:10 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
      2017-04-27 09:10 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
      2017-04-27 09:10 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
      2017-04-27 09:10 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
      2017-04-27 09:10 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
      2017-04-27 09:10 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
      2017-04-27 09:10 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
      2017-04-27 09:10 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
      2017-04-27 09:10 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
      2017-04-27 09:10 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
      2017-04-27 09:10 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
      2017-04-27 09:10 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
      2017-04-27 09:10 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
      2017-04-27 09:10 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
      2017-04-27 09:10 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
      2017-04-27 09:10 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
      2017-04-27 09:10 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
      2017-04-27 09:10 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
      2017-04-27 09:10 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
      2017-04-27 09:10 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
      2017-04-27 09:10 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
      2017-04-27 09:10 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
      2017-04-27 09:10 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
      2017-04-27 09:10 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
      2017-04-27 09:10 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
      2017-04-27 09:10 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
      2017-04-27 09:10 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
      2017-04-27 09:10 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
      2017-04-27 09:10 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
      2017-04-27 09:10 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
      2017-04-27 09:10 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
      2017-04-27 09:10 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
      2017-04-27 09:10 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
      2017-04-27 09:10 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
      2017-04-27 09:10 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
      2017-04-27 09:10 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
      2017-04-27 09:10 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
      2017-04-27 09:10 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
      2017-04-27 09:10 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
      2017-04-27 09:10 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
      2017-04-27 09:10 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
      2017-04-27 09:10 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
      2017-04-27 09:10 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
      2017-04-27 09:10 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
      2017-04-27 09:10 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
      2017-04-27 09:10 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
      2017-04-27 09:10 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
      2017-04-27 09:10 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
      2017-04-27 09:10 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
      2017-04-27 09:10 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
      2017-04-27 09:10 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
      2017-04-27 09:10 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
      2017-04-27 09:10 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
      2017-04-27 09:10 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
      2017-04-27 09:10 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
      2017-04-27 09:10 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
      2017-04-27 09:10 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
      2017-04-27 09:10 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
      2017-04-27 09:10 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
      2017-04-27 09:10 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
      2017-04-27 09:10 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
      2017-04-27 09:10 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
      2017-04-27 09:10 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
      2017-04-27 09:10 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
      2017-04-27 09:10 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
      2017-04-27 09:10 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
      2017-04-27 09:10 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
      2017-04-27 09:10 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
      2017-04-27 09:10 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
      2017-04-27 09:10 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
      2017-04-27 09:10 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
      2017-04-27 09:10 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
      2017-04-27 09:10 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
      2017-04-27 09:10 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
      2017-04-27 09:03 - 2017-04-27 09:03 - 00000000 ____D C:\Users\DELL\AppData\Local\Disc_Soft_Ltd
      2017-04-27 09:02 - 2017-04-27 09:02 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
      2017-04-27 08:58 - 2017-04-27 08:58 - 00381608 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
      2017-04-27 08:55 - 2017-04-27 13:41 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Shiguentldry
      2017-04-27 08:55 - 2017-04-27 08:55 - 00006116 _____ C:\Windows\System32\Tasks\Cpiphnequk Update
      2017-04-27 08:55 - 2017-04-27 08:55 - 00000000 ____D C:\Users\DELL\AppData\Local\Mezety
      2017-04-27 08:54 - 2017-05-12 14:51 - 00000000 ____D C:\Users\DELL\AppData\Roaming\DAEMON Tools Lite
      2017-04-27 08:54 - 2017-04-27 09:00 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
      2017-04-27 08:53 - 2017-04-27 08:53 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
      2017-04-27 00:57 - 2017-04-27 00:57 - 00000000 ____D C:\Users\DELL\AppData\Local\PeerDistRepub
      2017-04-26 23:46 - 2017-05-03 23:06 - 00000000 ____D C:\Users\DELL\AppData\Local\JDownloader 2.0
      2017-04-25 14:28 - 2017-04-25 14:28 - 00000000 ____D C:\Users\DELL\AppData\Roaming\PhotoScape
      2017-04-25 14:26 - 2017-04-25 14:26 - 00000000 ____D C:\Users\DELL\AppData\Roaming\WinRAR
      2017-04-25 14:23 - 2017-04-25 14:23 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
      2017-04-25 14:23 - 2017-04-25 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
      2017-04-25 14:22 - 2017-04-25 14:25 - 00000000 ____D C:\Program Files\WinRAR
      2017-04-22 11:19 - 2017-05-03 23:07 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Spotify
      2017-04-22 11:19 - 2017-05-03 23:07 - 00000000 ____D C:\Users\DELL\AppData\Local\Spotify
      2017-04-22 11:19 - 2017-04-22 11:19 - 00001831 _____ C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
      2017-04-21 21:00 - 2017-04-21 21:00 - 00000000 ____D C:\Windows\system32\SleepStudy
      2017-04-21 20:45 - 2017-04-21 20:45 - 00003288 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
      2017-04-21 20:44 - 2017-04-21 20:44 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Skype
      2017-04-21 20:40 - 2017-05-18 11:31 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
      2017-04-21 20:40 - 2017-05-18 11:31 - 00000000 __SHD C:\Users\DELL\IntelGraphicsProfiles
      2017-04-21 20:40 - 2017-04-21 20:40 - 00000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
      2017-04-21 20:40 - 2017-04-21 20:40 - 00000000 ____D C:\Program Files\Intel
      2017-04-21 20:40 - 2017-04-21 20:40 - 00000000 ____D C:\Intel
      2017-04-21 20:40 - 2017-04-21 20:40 - 00000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
      2017-04-21 20:40 - 2017-04-21 20:39 - 00103960 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
      2017-04-21 20:40 - 2017-04-21 20:39 - 00099856 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
      2017-04-21 20:39 - 2017-04-21 20:39 - 39862864 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 38903912 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 34823888 _____ (Intel Corporation) C:\Windows\SysWOW64\igd11dxva32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 33479376 _____ (Intel Corporation) C:\Windows\system32\igd11dxva64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 10322456 _____ (Intel Corporation) C:\Windows\SysWOW64\ig8icd32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 07966200 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
      2017-04-21 20:39 - 2017-04-21 20:39 - 06696840 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 05799386 _____ C:\Windows\system32\igdclbif.bin
      2017-04-21 20:39 - 2017-04-21 20:39 - 05688848 _____ (Intel Corporation) C:\Windows\system32\igdmcl64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 05262864 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 05140480 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 04928536 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 04363800 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 04270688 _____ (Intel Corporation) C:\Windows\system32\igd12umd64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 04239720 _____ (Intel Corporation) C:\Windows\SysWOW64\igd12umd32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 03971600 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmcl32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 02813952 _____ C:\Windows\system32\iglhxa64.cpa
      2017-04-21 20:39 - 2017-04-21 20:39 - 02393184 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 01590800 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 01178640 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 01027064 _____ C:\Windows\system32\igfxSDK.exe
      2017-04-21 20:39 - 2017-04-21 20:39 - 00968184 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
      2017-04-21 20:39 - 2017-04-21 20:39 - 00964600 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
      2017-04-21 20:39 - 2017-04-21 20:39 - 00831685 _____ C:\Windows\system32\DisplayAudiox64.cab
      2017-04-21 20:39 - 2017-04-21 20:39 - 00756752 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00705048 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00641530 _____ C:\Windows\system32\FilmModeDetection.wmv
      2017-04-21 20:39 - 2017-04-21 20:39 - 00536568 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUMS64.exe
      2017-04-21 20:39 - 2017-04-21 20:39 - 00511260 _____ C:\Windows\system32\cp_resources.bin
      2017-04-21 20:39 - 2017-04-21 20:39 - 00466936 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
      2017-04-21 20:39 - 2017-04-21 20:39 - 00448512 _____ (Intel Corporation) C:\Windows\system32\IntelCpHDCPSvc.exe
      2017-04-21 20:39 - 2017-04-21 20:39 - 00439312 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00416280 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00403671 _____ C:\Windows\system32\ImageStabilization.wmv
      2017-04-21 20:39 - 2017-04-21 20:39 - 00401912 _____ C:\Windows\system32\igfxTray.exe
      2017-04-21 20:39 - 2017-04-21 20:39 - 00398864 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00390160 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00388624 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00375173 _____ C:\Windows\system32\ColorImageEnhancement.wmv
      2017-04-21 20:39 - 2017-04-21 20:39 - 00373760 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
      2017-04-21 20:39 - 2017-04-21 20:39 - 00354816 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
      2017-04-21 20:39 - 2017-04-21 20:39 - 00350200 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCComp64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00318480 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00312312 _____ (Intel Corporation) C:\Windows\system32\igd10idpp64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00301560 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
      2017-04-21 20:39 - 2017-04-21 20:39 - 00297184 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10idpp32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00273432 _____ C:\Windows\system32\igfxCPL.cpl
      2017-04-21 20:39 - 2017-04-21 20:39 - 00268800 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
      2017-04-21 20:39 - 2017-04-21 20:39 - 00266264 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00255000 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00242176 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00181856 _____ (Intel Corporation) C:\Windows\SysWOW64\igdde32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00175096 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
      2017-04-21 20:39 - 2017-04-21 20:39 - 00174104 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00160288 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00160280 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00111632 _____ ( ) C:\Windows\system32\igfxSDKLibv2_0.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00103960 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00103440 _____ C:\Windows\system32\igfxCUIServicePS.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00100880 _____ ( ) C:\Windows\system32\igfxSDKLib.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00099856 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00095248 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00084496 _____ ( ) C:\Windows\system32\igfxDHLib.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00055256 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00052760 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00041296 _____ C:\Windows\system32\iglhxc64_dev.vp
      2017-04-21 20:39 - 2017-04-21 20:39 - 00040931 _____ C:\Windows\system32\iglhxo64_dev.vp
      2017-04-21 20:39 - 2017-04-21 20:39 - 00040343 _____ C:\Windows\system32\iglhxo64.vp
      2017-04-21 20:39 - 2017-04-21 20:39 - 00040316 _____ C:\Windows\system32\iglhxc64.vp
      2017-04-21 20:39 - 2017-04-21 20:39 - 00039798 _____ C:\Windows\system32\iglhxg64_dev.vp
      2017-04-21 20:39 - 2017-04-21 20:39 - 00039658 _____ C:\Windows\system32\iglhxg64.vp
      2017-04-21 20:39 - 2017-04-21 20:39 - 00029208 _____ ( ) C:\Windows\system32\igfxDILib.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00029200 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00027664 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00027664 _____ ( ) C:\Windows\system32\igfxEMLib.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00022544 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00022544 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
      2017-04-21 20:39 - 2017-04-21 20:39 - 00004862 _____ C:\Windows\system32\iglhxs64.vp
      2017-04-21 20:39 - 2017-04-21 20:39 - 00001125 _____ C:\Windows\system32\iglhxa64.vp
      2017-04-21 20:39 - 2017-04-21 20:39 - 00000935 _____ C:\Windows\system32\Gfxv4_0.exe.config
      2017-04-21 20:39 - 2017-04-21 20:39 - 00000935 _____ C:\Windows\system32\DPTopologyApp.exe.config
      2017-04-21 20:39 - 2017-04-21 20:39 - 00000895 _____ C:\Windows\system32\Gfxv2_0.exe.config
      2017-04-21 20:39 - 2017-04-21 20:39 - 00000895 _____ C:\Windows\system32\DPTopologyAppv2_0.exe.config
      2017-04-21 20:37 - 2017-04-21 20:40 - 00000000 ____D C:\Program Files (x86)\Intel
      2017-04-21 20:37 - 2017-04-21 20:37 - 01804688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01011.dll
      2017-04-21 20:37 - 2017-04-21 20:37 - 01392792 _____ (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
      2017-04-21 20:37 - 2017-04-21 20:37 - 00971944 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120.dll
      2017-04-21 20:37 - 2017-04-21 20:37 - 00668840 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120.dll
      2017-04-21 20:37 - 2017-04-21 20:37 - 00547840 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1d65x64.sys
      2017-04-21 20:37 - 2017-04-21 20:37 - 00260072 _____ (Intel Corporation) C:\Windows\system32\Drivers\esif_lf.sys
      2017-04-21 20:37 - 2017-04-21 20:37 - 00202848 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverW8x64.sys
      2017-04-21 20:37 - 2017-04-21 20:37 - 00146192 _____ (Intel Corporation) C:\Windows\system32\NicCo4.dll
      2017-04-21 20:37 - 2017-04-21 20:37 - 00109560 _____ (Intel Corporation) C:\Windows\system32\NicInstD.dll
      2017-04-21 20:37 - 2017-04-21 20:37 - 00092712 _____ (Intel Corporation) C:\Windows\system32\e1dmsg.dll
      2017-04-21 20:37 - 2017-04-21 20:37 - 00088256 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelPcc.sys
      2017-04-21 20:37 - 2017-04-21 20:37 - 00055784 _____ (Intel Corporation) C:\Windows\system32\Drivers\dptf_acpi.sys
      2017-04-21 20:37 - 2017-04-21 20:37 - 00052200 _____ (Intel Corporation) C:\Windows\system32\Drivers\dptf_cpu.sys
      2017-04-21 20:37 - 2017-04-21 20:37 - 00019440 _____ (OSR Open Systems Resources, Inc.) C:\Windows\system32\Drivers\DellRbtn.sys
      2017-04-21 20:37 - 2017-04-21 20:37 - 00003130 _____ C:\Windows\system32\e1d65x64.din
      2017-04-21 20:37 - 2017-04-21 20:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
      2017-04-21 20:36 - 2017-04-21 20:36 - 00000000 ____D C:\Windows\system32\RTCOM
      2017-04-21 20:36 - 2017-04-21 20:36 - 00000000 ____D C:\Program Files\Waves
      2017-04-21 20:36 - 2017-04-21 20:36 - 00000000 ____D C:\Program Files (x86)\Realtek
      2017-04-21 20:35 - 2017-04-21 20:36 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
      2017-04-21 20:35 - 2017-04-21 20:35 - 00000000 ____D C:\Program Files\Realtek
      2017-04-21 20:34 - 2017-04-21 20:34 - 72130584 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
      2017-04-21 20:34 - 2017-04-21 20:34 - 13245728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 12129800 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO30.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 03709056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe
      2017-04-21 20:34 - 2017-04-21 20:34 - 01579256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTDSnM64.cpl
      2017-04-21 20:34 - 2017-04-21 20:34 - 01444248 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 01377072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 01233072 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 01185184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 01017440 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00930840 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00784312 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00704688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00693032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00657296 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00591640 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00422432 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00355496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00333280 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00333280 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00203440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00183032 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTHDASIO64.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00158456 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RTHDASIO.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00084040 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00079296 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00032392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
      2017-04-21 20:34 - 2017-04-21 20:34 - 00002236 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
      2017-04-21 20:32 - 2017-05-17 12:05 - 00002280 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-04-21 20:31 - 2017-04-28 15:52 - 00003618 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-04-21 20:31 - 2017-04-28 15:52 - 00003494 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-04-21 20:31 - 2017-04-21 21:33 - 00000000 ____D C:\Users\DELL\AppData\Local\Google
      2017-04-21 20:31 - 2017-04-21 20:32 - 00000000 ____D C:\Program Files (x86)\Google
      2017-04-21 20:26 - 2017-04-21 20:26 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Macromedia
      2017-04-21 20:25 - 2017-04-21 20:26 - 00000000 ____D C:\Users\DELL\AppData\Local\MicrosoftEdge
      2017-04-21 15:25 - 2017-04-21 15:25 - 00000000 ____D C:\Users\DELL\AppData\Local\NetworkTiles
      2017-04-19 04:37 - 2017-05-18 11:35 - 01861690 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-04-19 04:36 - 2017-04-21 20:45 - 00002392 _____ C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2017-04-19 04:36 - 2017-04-21 20:45 - 00000000 ___RD C:\Users\DELL\OneDrive
      2017-04-17 12:04 - 2017-05-12 14:51 - 00000000 ____D C:\Windows\Panther
      2017-04-17 11:09 - 2017-04-17 11:09 - 00000000 ____D C:\Windows\CSC
      2017-04-17 11:09 - 2017-04-17 11:09 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
      2017-04-17 11:09 - 2015-07-10 07:59 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
      2017-04-17 11:08 - 2017-05-17 14:29 - 00000000 ____D C:\Users\DELL
      2017-04-17 11:08 - 2017-05-04 13:10 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Adobe
      2017-04-17 11:08 - 2017-04-21 20:43 - 00000000 ____D C:\Users\DELL\AppData\Local\Packages
      2017-04-17 11:08 - 2017-04-17 11:08 - 00016148 _____ C:\Windows\system32\DESKTOP-I75C32L_defaultuser0_HistoryPrediction.bin
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000020 ___SH C:\Users\DELL\ntuser.ini
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\Reciente
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\Plantillas
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\Mis documentos
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\Menú Inicio
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\Impresoras
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\Entorno de red
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\Documents\Mis vídeos
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\Documents\Mis imágenes
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\Documents\Mi música
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\Datos de programa
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\Configuración local
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\AppData\Local\Historial
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\AppData\Local\Datos de programa
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 _SHDL C:\Users\DELL\AppData\Local\Archivos temporales de Internet
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 __RHD C:\Users\Public\AccountPictures
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 ____D C:\Users\DELL\AppData\Local\VirtualStore
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 ____D C:\Users\DELL\AppData\Local\TileDataLayer
      2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 ____D C:\Users\DELL\AppData\Local\Publishers
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Public\Documents\Mis vídeos
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Public\Documents\Mis imágenes
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Public\Documents\Mi música
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\Reciente
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\Plantillas
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\Mis documentos
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\Menú Inicio
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\Impresoras
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\Entorno de red
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\Documents\Mis vídeos
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\Documents\Mis imágenes
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\Documents\Mi música
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\Datos de programa
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\Configuración local
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\AppData\Local\Historial
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\AppData\Local\Datos de programa
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default\AppData\Local\Archivos temporales de Internet
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default User\Documents\Mis vídeos
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default User\Documents\Mis imágenes
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default User\Documents\Mi música
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Historial
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Datos de programa
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Archivos temporales de Internet
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\ProgramData\Plantillas
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\ProgramData\Menú Inicio
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\ProgramData\Escritorio
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\ProgramData\Documentos
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\ProgramData\Datos de programa
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Program Files\Archivos comunes
      2017-04-17 11:07 - 2017-04-17 11:07 - 00000000 _SHDL C:\Archivos de programa
      2017-04-17 11:05 - 2017-04-17 11:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
      2017-04-17 11:05 - 2017-04-17 11:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
      2017-03-30 16:21 - 2017-03-30 16:21 - 00107984 _____ (Microsoft Corporation) C:\Windows\system32\vfrdvcompat.dll
      2017-03-30 16:14 - 2017-03-30 16:14 - 00419176 _____ (Microsoft Corporation) C:\Windows\system32\vfbasics.dll
      2017-03-30 16:14 - 2017-03-30 16:14 - 00196856 _____ (Microsoft Corporation) C:\Windows\system32\vrfcore.dll
      2017-03-30 16:13 - 2017-03-30 16:13 - 01151200 _____ (Microsoft Corporation) C:\Windows\system32\vfprintpthelper.dll
      2017-03-30 16:13 - 2017-03-30 16:13 - 00148008 _____ (Microsoft Corporation) C:\Windows\system32\appverif.exe
      2017-03-30 16:12 - 2017-03-30 16:12 - 00436944 _____ (Microsoft Corporation) C:\Windows\system32\vfprint.dll
      2017-03-30 16:12 - 2017-03-30 16:12 - 00085672 _____ (Microsoft Corporation) C:\Windows\system32\vfnws.dll
      2017-03-30 16:12 - 2017-03-30 16:12 - 00048264 _____ (Microsoft Corporation) C:\Windows\system32\vfntlmless.dll
      2017-03-30 16:11 - 2017-03-30 16:11 - 00278440 _____ (Microsoft Corporation) C:\Windows\system32\vfluapriv.dll
      2017-03-30 16:11 - 2017-03-30 16:11 - 00115784 _____ (Microsoft Corporation) C:\Windows\system32\vfnet.dll
      2017-03-30 16:11 - 2017-03-30 16:11 - 00049352 _____ (Microsoft Corporation) C:\Windows\system32\vfcuzz.dll
      2017-03-30 16:10 - 2017-03-30 16:10 - 00064888 _____ (Microsoft Corporation) C:\Windows\system32\vfcompat.dll
      2017-03-30 16:10 - 2017-03-30 16:10 - 00024464 _____ (Microsoft Corporation) C:\Windows\system32\cuzzapi.dll
      2017-03-30 13:39 - 2017-03-30 13:39 - 00099160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfrdvcompat.dll
      2017-03-30 13:26 - 2017-03-30 13:26 - 00176528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vrfcore.dll
      2017-03-30 13:26 - 2017-03-30 13:26 - 00119944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appverif.exe
      2017-03-30 13:25 - 2017-03-30 13:25 - 00375568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfbasics.dll
      2017-03-30 13:24 - 2017-03-30 13:24 - 00632216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfprintpthelper.dll
      2017-03-30 13:24 - 2017-03-30 13:24 - 00334008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfprint.dll
      2017-03-30 13:23 - 2017-03-30 13:23 - 00252424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfluapriv.dll
      2017-03-30 13:23 - 2017-03-30 13:23 - 00071096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfnws.dll
      2017-03-30 13:23 - 2017-03-30 13:23 - 00043600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfntlmless.dll
      2017-03-30 13:22 - 2017-03-30 13:22 - 00093472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfnet.dll
      2017-03-30 13:22 - 2017-03-30 13:22 - 00066368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfcompat.dll
      2017-03-30 13:22 - 2017-03-30 13:22 - 00045648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfcuzz.dll
      2017-03-30 13:21 - 2017-03-30 13:21 - 00022352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cuzzapi.dll
      2017-03-30 01:07 - 2017-03-30 01:07 - 01797440 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbased.dll
      2017-03-30 01:07 - 2017-03-30 01:07 - 00630080 _____ (Microsoft Corporation) C:\Windows\system32\d3d10sdklayers.dll
      2017-03-30 01:07 - 2017-03-30 01:07 - 00458040 _____ (Microsoft Corporation) C:\Windows\system32\d3d10ref.dll
      2017-03-30 00:52 - 2017-03-30 00:52 - 00031552 _____ (Microsoft Corporation) C:\Windows\system32\microsoft.windows.softwarelogo.showdesktop.exe
      2017-03-30 00:41 - 2017-03-30 00:41 - 01505600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbased.dll
      2017-03-30 00:41 - 2017-03-30 00:41 - 00074560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsd3dwarpdebug.dll
      2017-03-30 00:40 - 2017-03-30 00:40 - 00644408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11ref.dll
      2017-03-30 00:40 - 2017-03-30 00:40 - 00385856 _____ (Windows (R) Win 7 DDK provider) C:\Windows\SysWOW64\dxcpl.exe
      2017-03-30 00:40 - 2017-03-30 00:40 - 00063808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VSD3DRefDebug.dll
      2017-03-30 00:38 - 2017-03-30 00:38 - 00408896 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\dxcpl.exe
      2017-03-30 00:38 - 2017-03-30 00:38 - 00082240 _____ (Microsoft Corporation) C:\Windows\system32\VSD3DRefDebug.dll
      2017-03-30 00:38 - 2017-03-30 00:38 - 00075072 _____ (Microsoft Corporation) C:\Windows\system32\vsd3dwarpdebug.dll
      2017-03-30 00:37 - 2017-03-30 00:37 - 00763192 _____ (Microsoft Corporation) C:\Windows\system32\d3d11ref.dll
      2017-03-30 00:27 - 2017-03-30 00:27 - 00481600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10sdklayers.dll
      2017-03-30 00:27 - 2017-03-30 00:27 - 00361792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10ref.dll
      2017-03-29 22:16 - 2017-03-29 22:16 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dref9.dll
      2017-03-29 22:11 - 2017-03-29 22:11 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\d3dref9.dll
      2017-03-29 21:52 - 2017-03-29 21:52 - 00103728 _____ C:\Windows\SysWOW64\appverifUI.dll
      2017-03-29 21:48 - 2017-03-29 21:48 - 00129840 _____ C:\Windows\system32\appverifUI.dll
      2017-03-23 19:56 - 2017-03-23 19:56 - 00181936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VSCover150.dll

      ==================== Three Months Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-05-18 11:35 - 2015-07-10 13:26 - 00822942 _____ C:\Windows\system32\perfh00A.dat
      2017-05-18 11:35 - 2015-07-10 13:26 - 00171582 _____ C:\Windows\system32\perfc00A.dat
      2017-05-18 11:35 - 2015-07-10 08:02 - 00000000 ____D C:\Windows\INF
      2017-05-18 11:30 - 2015-07-10 09:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
      2017-05-18 11:30 - 2015-07-10 06:05 - 00262144 ___SH C:\Windows\system32\config\BBI
      2017-05-08 12:25 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\NDF
      2017-05-07 21:37 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\rescache
      2017-05-06 01:44 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
      2017-05-06 01:44 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\Macromed
      2017-05-05 16:01 - 2015-07-10 08:04 - 00000000 ___HD C:\Windows\system32\GroupPolicy
      2017-05-05 03:59 - 2015-07-10 07:55 - 00000000 ____D C:\Windows\CbsTemp
      2017-05-05 03:09 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
      2017-05-04 16:39 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\FxsTmp
      2017-05-03 23:58 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\WinBioDatabase
      2017-05-02 19:47 - 2015-07-10 13:35 - 00000000 ____D C:\Windows\ShellNew
      2017-05-02 19:46 - 2015-07-10 08:04 - 00000076 _____ C:\Windows\win.ini
      2017-05-02 19:46 - 2015-07-10 08:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
      2017-05-02 19:46 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files\Common Files\System
      2017-04-27 00:59 - 2015-07-10 08:04 - 00000000 ___HD C:\Program Files\WindowsApps
      2017-04-21 20:45 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\AppReadiness
      2017-04-19 04:36 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\DevicesFlow

      ==================== Files in the root of some directories =======

      2017-05-04 15:51 - 2017-05-04 15:51 - 0005068 _____ () C:\Users\DELL\AppData\Local\recently-used.xbel

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      ==================== BCD ================================

      Administrador de arranque de Windows
      ----------------------------------
      Identificador {bootmgr}
      device partition=\Device\HarddiskVolume1
      description Windows Boot Manager
      locale es-ES
      inherit {globalsettings}
      default {current}
      resumeobject {17a7584c-237f-11e7-b434-8ae23e5b18fa}
      displayorder {current}
      toolsdisplayorder {memdiag}
      timeout 30

      Cargador de arranque de Windows
      -----------------------------
      Identificador {current}
      device partition=C:
      path \Windows\system32\winload.exe
      description Windows 10
      locale es-ES
      inherit {bootloadersettings}
      recoverysequence {17a7584e-237f-11e7-b434-8ae23e5b18fa}
      recoveryenabled Yes
      allowedinmemorysettings 0x15000075
      osdevice partition=C:
      systemroot \Windows
      resumeobject {17a7584c-237f-11e7-b434-8ae23e5b18fa}
      nx OptIn
      bootmenupolicy Standard

      Cargador de arranque de Windows
      -----------------------------
      Identificador {17a7584e-237f-11e7-b434-8ae23e5b18fa}
      device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{17a7584f-237f-11e7-b434-8ae23e5b18fa}
      path \windows\system32\winload.exe
      description Windows Recovery Environment
      locale es-ES
      inherit {bootloadersettings}
      displaymessage Recovery
      displaymessageoverride Recovery
      osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{17a7584f-237f-11e7-b434-8ae23e5b18fa}
      systemroot \windows
      nx OptIn
      bootmenupolicy Standard
      winpe Yes

      Reanudar tras hibernaci¢n
      -------------------------
      Identificador {17a7584c-237f-11e7-b434-8ae23e5b18fa}
      device partition=C:
      path \Windows\system32\winresume.exe
      description Windows Resume Application
      locale es-ES
      inherit {resumeloadersettings}
      recoverysequence {17a7584e-237f-11e7-b434-8ae23e5b18fa}
      recoveryenabled Yes
      allowedinmemorysettings 0x15000075
      filedevice partition=C:
      filepath \hiberfil.sys
      bootmenupolicy Standard
      debugoptionenabled No

      Herramienta de comprobaci¢n de memoria de Windows
      -------------------------------------------------
      Identificador {memdiag}
      device partition=\Device\HarddiskVolume1
      path \boot\memtest.exe
      description Herramienta de diagn¢stico de memoria de Windows
      locale es-ES
      inherit {globalsettings}
      badmemoryaccess Yes

      Configuraci¢n de EMS
      --------------------
      Identificador {emssettings}
      bootems No

      Configuraci¢n del depurador
      ---------------------------
      Identificador {dbgsettings}
      debugtype Serial
      debugport 1
      baudrate 115200

      Defectos de RAM
      ---------------
      Identificador {badmemory}

      Configuraci¢n global
      --------------------
      Identificador {globalsettings}
      inherit {dbgsettings}
      {emssettings}
      {badmemory}

      Configuraci¢n del cargador de arranque
      ------------------------------------
      Identificador {bootloadersettings}
      inherit {globalsettings}
      {hypervisorsettings}

      Configuraci¢n de hipervisor
      -------------------
      Identificador {hypervisorsettings}
      hypervisordebugtype Serial
      hypervisordebugport 1
      hypervisorbaudrate 115200

      Reanudar la configuraci¢n del cargador
      --------------------------------------
      Identificador {resumeloadersettings}
      inherit {globalsettings}

      Opciones de dispositivo
      -----------------------
      Identificador {17a7584f-237f-11e7-b434-8ae23e5b18fa}
      description Windows Recovery
      ramdisksdidevice partition=\Device\HarddiskVolume1
      ramdisksdipath \Recovery\WindowsRE\boot.sdi


      LastRegBack: 2017-05-16 14:06

      ==================== End of FRST.txt ============================

    8. #8
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.832

      Re: Luckysites, zoohair y demases. No paran de regenerarse aun en modo seguro.

      Hola

      No configuraste FRST como te indiqué, hay que seguir los pasos atentamente.

      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación inicia tu equipo desde el >> Modo Seguro de Windows con función de red.

      Si tu SO es Windows 8/8.1/10 usa el 2º MÉTODO: de esta Faq de Windows 8 (aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.


      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
      IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
      ShellExecuteHooks: No Name - {800BE1C8-294B-11E7-BDA5-64006A5CFC35} - -> No File
      GroupPolicyScripts: Restriction <======= ATTENTION
      SearchScopes: HKU\S-1-5-21-1725805020-1347050944-845805920-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
      CHR Profile: C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-18] <==== ATTENTION
      CHR Extension: (Google Docs) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-21]
      CHR Extension: (Chrome Media Router) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
      S2 CSHMDR; C:\Users\DELL\AppData\Local\CSHMDR\Snare.dll [X]
      2017-05-18 09:57 - 2017-05-18 09:57 - 00000000 ____D C:\Program Files (x86)\MIO
      2017-05-18 09:26 - 2017-05-18 09:26 - 00000000 ____D C:\ProgramData\SWCUTemp
      2017-05-18 08:46 - 2017-05-18 09:55 - 00000000 ____D C:\Reimward
      2017-05-07 14:15 - 2017-05-07 14:15 - 00003294 _____ C:\Windows\System32\Tasks\{659BD3DC-F5B8-4F91-95BB-C720E85BA22A}
      2017-04-28 15:49 - 2017-05-05 09:58 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
      2017-04-27 08:55 - 2017-04-27 13:41 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Shiguentldry
      2017-04-27 08:55 - 2017-04-27 08:55 - 00006116 _____ C:\Windows\System32\Tasks\Cpiphnequk Update
      2017-04-27 08:55 - 2017-04-27 08:55 - 00000000 ____D C:\Users\DELL\AppData\Local\Mezety
      2017-04-21 20:40 - 2017-05-18 11:31 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
      Task: {398D4BC4-8F1C-4C85-91D7-2512D26B96F0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-05-02] ()
      Task: {46E419FE-6038-4392-9A01-93AFA2FE729E} - \Jmuchcagash -> No File <==== ATTENTION
      Task: {478FE3CD-8009-442C-9338-FB0E39FEEF60} - System32\Tasks\Cpiphnequk Update => C:\Program Files (x86)\Ckudalycotaied\pokech.exe 
      Task: {722272C3-8CA1-447D-99C4-47F20D8B9959} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-21] (Google Inc.)
      
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Pon el reporte y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de WolFran
      Registrado
      may 2017
      Ubicación
      Argentina
      Mensajes
      7

      Re: Luckysites, zoohair y demases. No paran de regenerarse aun en modo seguro.

      Bueno daniela, aca te dejo el fixlog:

      Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
      Ran by DELL (19-05-2017 09:52:58) Run:1
      Running from C:\Users\DELL\Desktop
      Loaded Profiles: DELL (Available Profiles: DELL)
      Boot Mode: Safe Mode (with Networking)
      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
      IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
      ShellExecuteHooks: No Name - {800BE1C8-294B-11E7-BDA5-64006A5CFC35} - -> No File
      GroupPolicyScripts: Restriction <======= ATTENTION
      SearchScopes: HKU\S-1-5-21-1725805020-1347050944-845805920-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
      CHR Profile: C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-18] <==== ATTENTION
      CHR Extension: (Google Docs) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-21]
      CHR Extension: (Chrome Media Router) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
      S2 CSHMDR; C:\Users\DELL\AppData\Local\CSHMDR\Snare.dll [X]
      2017-05-18 09:57 - 2017-05-18 09:57 - 00000000 ____D C:\Program Files (x86)\MIO
      2017-05-18 09:26 - 2017-05-18 09:26 - 00000000 ____D C:\ProgramData\SWCUTemp
      2017-05-18 08:46 - 2017-05-18 09:55 - 00000000 ____D C:\Reimward
      2017-05-07 14:15 - 2017-05-07 14:15 - 00003294 _____ C:\Windows\System32\Tasks\{659BD3DC-F5B8-4F91-95BB-C720E85BA22A}
      2017-04-28 15:49 - 2017-05-05 09:58 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
      2017-04-27 08:55 - 2017-04-27 13:41 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Shiguentldry
      2017-04-27 08:55 - 2017-04-27 08:55 - 00006116 _____ C:\Windows\System32\Tasks\Cpiphnequk Update
      2017-04-27 08:55 - 2017-04-27 08:55 - 00000000 ____D C:\Users\DELL\AppData\Local\Mezety
      2017-04-21 20:40 - 2017-05-18 11:31 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
      Task: {398D4BC4-8F1C-4C85-91D7-2512D26B96F0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-05-02] ()
      Task: {46E419FE-6038-4392-9A01-93AFA2FE729E} - \Jmuchcagash -> No File <==== ATTENTION
      Task: {478FE3CD-8009-442C-9338-FB0E39FEEF60} - System32\Tasks\Cpiphnequk Update => C:\Program Files (x86)\Ckudalycotaied\pokech.exe
      Task: {722272C3-8CA1-447D-99C4-47F20D8B9959} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-21] (Google Inc.)

      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      *****************

      Error: Restore point can only be created in normal mode.
      Processes closed successfully.
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GoogleUpdate.exe => key removed successfully
      HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GoogleUpdaterService.exe => key removed successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{800BE1C8-294B-11E7-BDA5-64006A5CFC35} => value removed successfully
      HKCR\CLSID\{800BE1C8-294B-11E7-BDA5-64006A5CFC35} => key not found.
      C:\Windows\system32\GroupPolicy\Machine => moved successfully
      C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
      HKU\S-1-5-21-1725805020-1347050944-845805920-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
      C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
      C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake => not found
      C:\Users\DELL\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => not found
      HKLM\System\CurrentControlSet\Services\CSHMDR => key removed successfully
      CSHMDR => service removed successfully
      C:\Program Files (x86)\MIO => moved successfully
      "C:\ProgramData\SWCUTemp" => not found.
      C:\Reimward => moved successfully
      C:\Windows\System32\Tasks\{659BD3DC-F5B8-4F91-95BB-C720E85BA22A} => moved successfully
      C:\Windows\system32\Drivers\PROCEXP152.SYS => moved successfully
      C:\Users\DELL\AppData\Roaming\Shiguentldry => moved successfully
      C:\Windows\System32\Tasks\Cpiphnequk Update => moved successfully
      C:\Users\DELL\AppData\Local\Mezety => moved successfully
      C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{398D4BC4-8F1C-4C85-91D7-2512D26B96F0} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{398D4BC4-8F1C-4C85-91D7-2512D26B96F0} => key removed successfully
      C:\Windows\System32\Tasks\AutoKMS => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46E419FE-6038-4392-9A01-93AFA2FE729E} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46E419FE-6038-4392-9A01-93AFA2FE729E} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jmuchcagash => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{478FE3CD-8009-442C-9338-FB0E39FEEF60} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{478FE3CD-8009-442C-9338-FB0E39FEEF60} => key removed successfully
      C:\Windows\System32\Tasks\Cpiphnequk Update => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cpiphnequk Update => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{722272C3-8CA1-447D-99C4-47F20D8B9959} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{722272C3-8CA1-447D-99C4-47F20D8B9959} => key removed successfully
      C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully

      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Wi-Fi mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local* 1 mientras los medios
      est‚n desconectados.

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0 [ 7.8.10240 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007043c
      El servicio no puede iniciarse en modo a prueba de errores



      ========= End of CMD: =========


      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
      HKU\S-1-5-21-1725805020-1347050944-845805920-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-1725805020-1347050944-845805920-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


      ========= End of RemoveProxy: =========

      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      =========== EmptyTemp: ==========

      BITS transfer queue => 0 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5610836 B
      Java, Flash, Steam htmlcache => 354324078 B
      Windows/system/drivers => 256256 B
      Edge => 2260445 B
      Chrome => 0 B
      Firefox => 0 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Default => 0 B
      Users => 0 B
      ProgramData => 0 B
      Public => 0 B
      systemprofile => 128 B
      systemprofile32 => 167 B
      LocalService => 2462 B
      NetworkService => 0 B
      DELL => 7578196 B

      RecycleBin => 990866 B
      EmptyTemp: => 353.8 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 09:53:01 ====







      Gracias Daniela por ayudar.
      Por el momento bien, no hay señales de "lucky".
      Lo cierto es que que volvi a pasar el awdcleaner y me detectó algo llamado "hotleaf", el que le di eliminar. Como me repugnan los desarrolladores de malware.
      Y una disculpa, a veces me confundo en eso del analisis jaja.

    10. #10
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.832

      Re: Luckysites, zoohair y demases. No paran de regenerarse aun en modo seguro.

      Hola

      Sigue estos pasos, para eliminar las herramientas utilizadas:

      • Utiliza de nuevo >> Descarga >> DelFix
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca todas las casillas.
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), revisa que se hayan eliminado las herramientas utilizadas.


      Comenta si sigue todo bien.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo