• Registrarse
  • Iniciar sesión


  • Resultados 1 al 7 de 7

    Posible virus Reimage Repaire

    Rebuscando por el foro creo que he encontrado lo que a mi me esta pasando, asi que les mando los reportes que me han salido. # AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 28 ...

    1. #1
      Usuario Avatar de Kikepalmer
      Registrado
      feb 2011
      Ubicación
      España
      Mensajes
      13

      Posible virus Reimage Repaire

      Rebuscando por el foro creo que he encontrado lo que a mi me esta pasando, asi que les mando los reportes que me han salido.

      # AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 28 14:34:24 2017
      # Updated on 2017/29/08 by Malwarebytes
      # Running on Windows 10 Pro N (X64)
      # Mode: clean
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      No malicious services deleted.

      ***** [ Folders ] *****

      Deleted: C:\Users\Carlos\AppData\Local\globalUpdate
      Deleted: C:\ProgramData\MailUpdate
      Deleted: C:\Users\All Users\MailUpdate
      Deleted: C:\Users\Carlos\AppData\Roaming\MailUpdate
      Deleted: C:\Users\Carlos\AppData\Roaming\WTools
      Deleted: C:\Users\Carlos\AppData\Local\Doctor_PC
      Deleted: C:\Program Files (x86)\XTab
      Deleted: C:\Program Files (x86)\SystemUp
      Deleted: C:\Program Files (x86)\StumbleUpon
      Deleted: C:\Program Files (x86)\myfree codec
      Deleted: C:\Users\Carlos\AppData\Roaming\acestream
      Deleted: C:\Users\Carlos\AppData\LocalLow\.acestream
      Deleted: C:\Users\Carlos\AppData\Roaming\.acestream
      Deleted: C:\_acestream_cache_
      Deleted: C:\ProgramData\{B96EB44A-7860-4F13-BC9A-0A73CA5F11C2}
      Deleted: C:\Users\All Users\{B96EB44A-7860-4F13-BC9A-0A73CA5F11C2}
      Deleted: C:\Users\Public\Documents\ShopperPro
      Deleted: C:\Users\Carlos\AppData\Roaming\Nosibay
      Deleted: C:\Program Files\Reimage
      Deleted: C:\Users\Carlos\AppData\Roaming\AnyProtectEx
      Deleted: C:\Users\Carlos\AppData\Roaming\sweet-page
      Deleted: C:\Users\Carlos\AppData\Roaming\AnyProtectEx
      Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft
      Deleted: C:\ProgramData\Solvusoft
      Deleted: C:\Program Files\Solvusoft
      Deleted: C:\Program Files (x86)\Solvusoft
      Deleted: C:\Users\All Users\Solvusoft
      Deleted: C:\Users\Carlos\AppData\Roaming\Solvusoft
      Deleted: C:\ZombieInvasion
      Deleted: C:\Users\Carlos\AppData\Local\BrowserHelper
      Deleted: C:\Users\Carlos\AppData\Local\ZombieNews
      Deleted: C:\ProgramData\IHProtectUpDate
      Deleted: C:\Users\All Users\IHProtectUpDate
      Deleted: C:\Users\Carlos\AppData\LocalLow\COMPANY\PRODUCT
      Deleted: C:\Program Files (x86)\DNS Unlocker
      Deleted: C:\Users\Carlos\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
      Deleted: C:\ProgramData\DealsFactor
      Deleted: C:\Users\All Users\DealsFactor
      Deleted: C:\Program Files (x86)\Registry Dr
      Deleted: C:\Users\Carlos\Documents\RegistryDr
      Deleted: C:\ProgramData\WindowsMangerProtect
      Deleted: C:\Users\All Users\WindowsMangerProtect
      Deleted: C:\Program Files\shopperz
      Deleted: C:\Program Files (x86)\DNS Unlocker
      Deleted: C:\ProgramData\10d87bb000006d95
      Deleted: C:\ProgramData\2759257548389859801


      ***** [ Files ] *****

      Deleted: C:\Users\Carlos\AppData\Roaming\\appdataFr2.bin
      Deleted: C:\Users\Carlos\Downloads\ReimageRepair.exe
      Deleted: C:\Users\Carlos\AppData\Roaming\WindApp.installation.log
      Deleted: C:\Users\Carlos\AppData\Roaming\Bubble Dock.installation.log
      Deleted: C:\Users\Carlos\AppData\Roaming\WindApp.boostrap.log
      Deleted: C:\Users\Carlos\AppData\Roaming\Bubble Dock.boostrap.log
      Deleted: C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
      Deleted: C:\Users\All Users\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
      Deleted: C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\searchplugins\yahoo! powered.xml
      Deleted: C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\SEARCHPLUGINS\YAHOO! POWERED.XML
      Deleted: C:\Windows\Reimage.ini
      Deleted: C:\Users\Public\Desktop\WinThruster.lnk
      Deleted: C:\Windows\System32\GambaliOff.ini
      Deleted: C:\Windows\SysNative\GambaliOff.ini
      Deleted: C:\Windows\SysWOW64\GambaliOff.ini
      Deleted: C:\Windows\patsearch.bin
      Deleted: C:\Users\Carlos\AppData\Roaming\Selection Tools.installation.log


      ***** [ DLL ] *****

      No malicious DLLs cleaned.

      ***** [ WMI ] *****

      No malicious WMI cleaned.

      ***** [ Shortcuts ] *****

      No malicious shortcuts cleaned.

      ***** [ Tasks ] *****

      Deleted: DoctorPC_Popup
      Deleted: APSnotifierPP3
      Deleted: APSnotifierPP2
      Deleted: APSnotifierPP1
      Deleted: DoctorPC_Start
      Deleted: PostPoneInstall
      Deleted: amiupdaterExi
      Deleted: amiupdaterExd
      Deleted: globalUpdateUpdateTaskMachineCore
      Deleted: globalUpdateUpdateTaskMachineUA
      Deleted: postponeinstall
      Deleted: Run_Bobby_Browser
      Deleted: LaunchSignup
      Deleted: DNSCONTRERAS


      ***** [ Registry ] *****

      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
      Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Optimizer Pro
      Deleted: [Key] - HKCU\Software\Optimizer Pro
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\coupontime.co
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\internetspeedtracker.dl.tb.ask.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nps.pastaleads.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nps.pastaleads.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pastaleads.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pastaleads.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markable.net
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markit.co
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markable00.re-markable.net
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adnetworkperformance.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bestpriceninja.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\coupontime.co
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getformsonline.dl.tb.ask.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nps.pastaleads.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nps.pastaleads.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pastaleads.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pastaleads.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pcpurifier.co
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.bestpriceninja.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markable.net
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.cmptch.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.coupontime00.coupontime.co
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markable00.re-markable.net
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\torcho.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utop.it
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.tb.ask.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.torcho.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\adnetworkperformance.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\coupontime.co
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d19tqk5t6qcjac.cloudfront.net
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\eshopcomp.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\nps.pastaleads.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\nps.pastaleads.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\palikan.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pastaleads.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pastaleads.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpriceninja.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.eshopcomp.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\re-markable.net
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\re-markit.co
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.coupontime00.coupontime.co
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.re-markable00.re-markable.net
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.re-markit00.re-markit.co
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.adnetworkperformance.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adnetworkperformance.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\coupontime.co
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d19tqk5t6qcjac.cloudfront.net
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\eshopcomp.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\nps.pastaleads.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\nps.pastaleads.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\palikan.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pastaleads.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pastaleads.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\re-markable.net
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\re-markit.co
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.re-markable00.re-markable.net
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.adnetworkperformance.com
      Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL [http:\\search.delta-homes.com\web\?type=ds&ts=1434696743&z=80063edf60ac552666b7584gdz8c0z6q5teq2m8w6w&from=ient06182&uid=ST500DM002-1BD142_S2AYR6TDXXXXS2AYR6TD&q={searchTerms}]
      Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL [http:\\www.delta-homes.com\?type=hp&ts=1434696743&z=80063edf60ac552666b7584gdz8c0z6q5teq2m8w6w&from=ient06182&uid=ST500DM002-1BD142_S2AYR6TDXXXXS2AYR6TD]
      Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page [http:\\search.delta-homes.com\web\?type=ds&ts=1434696743&z=80063edf60ac552666b7584gdz8c0z6q5teq2m8w6w&from=ient06182&uid=ST500DM002-1BD142_S2AYR6TDXXXXS2AYR6TD&q={searchTerms}]
      Deleted: [Key] - HKLM\SOFTWARE\SUPDP
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
      Deleted: [Key] - HKLM\SOFTWARE\Clara
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\WTools
      Deleted: [Key] - HKCU\Software\WTools
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\AppDataLow\Software\Re-Markable
      Deleted: [Key] - HKCU\Software\AppDataLow\Software\Re-Markable
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\SIMPLYTECH
      Deleted: [Key] - HKCU\Software\SIMPLYTECH
      Deleted: [Key] - HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\DriverToolkit
      Deleted: [Key] - HKCU\Software\DriverToolkit
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\RegistryDrLanguage
      Deleted: [Key] - HKCU\Software\RegistryDrLanguage
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\AceStream
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
      Deleted: [Key] - HKCU\Software\AceStream
      Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
      Deleted: [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
      Deleted: [Key] - HKLM\SOFTWARE\GlobalUpdate
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\GlobalUpdate
      Deleted: [Key] - HKCU\Software\GlobalUpdate
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\powerpack
      Deleted: [Key] - HKCU\Software\powerpack
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\OB
      Deleted: [Key] - HKCU\Software\OB
      Deleted: [Key] - HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
      Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
      Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
      Deleted: [Key] - HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\CoinisRevShare
      Deleted: [Key] - HKCU\Software\CoinisRevShare
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Mozilla\Extends
      Deleted: [Key] - HKCU\Software\Mozilla\Extends
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\simplytech
      Deleted: [Key] - HKCU\Software\simplytech
      Deleted: [Key] - HKLM\SOFTWARE\SupDp
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80107F16-CB2E-42AB-AB9D-6C11540D5A8B}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
      Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
      Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
      Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{94CB6BE7-AE1A-4751-AE74-1EDD6B567264}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\61F70108E2BCBA24BAD9C61145D0A5B8
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\61F70108E2BCBA24BAD9C61145D0A5B8
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\61F70108E2BCBA24BAD9C61145D0A5B8
      Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CommonToolkitTray_Solvusoft
      Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
      Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
      Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
      Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
      Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
      Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
      Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
      Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@staging.google.com\globalUpdate Update;version=10
      Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@staging.google.com\globalUpdate Update;version=4
      Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
      Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
      Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
      Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
      Deleted: [Key] - HKCU\SOFTWARE\Classes\Applications\ace_player.exe
      Deleted: [Key] - HKCU\Software\Classes\Applications\ace_player.exe
      Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
      Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
      Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
      Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
      Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\mseff32.DLL
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\WinThrusterSetup.exe
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\Setup_WinThruster_2016.exe
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
      Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
      Deleted: [Key] - HKLM\SOFTWARE\ShopperPro
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
      Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
      Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Nosibay
      Deleted: [Key] - HKCU\Software\Nosibay
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
      Deleted: [Key] - HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
      Deleted: [Key] - HKLM\SOFTWARE\Reimage
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Reimage
      Deleted: [Key] - HKCU\Software\Reimage
      Deleted: [Key] - HKLM\SOFTWARE\istartsurfSoftware
      Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
      Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
      Deleted: [Key] - HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\AppDataLow\Software\Crossrider
      Deleted: [Key] - HKCU\Software\AppDataLow\Software\Crossrider
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\1ClickDownload
      Deleted: [Key] - HKCU\Software\1ClickDownload
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\BoBrowser
      Deleted: [Key] - HKCU\Software\BoBrowser
      Deleted: [Key] - HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000_Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
      Deleted: [Key] - HKU\S-1-5-18\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
      Deleted: [Key] - HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
      Deleted: [Key] - HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
      Deleted: [Key] - HKLM\SOFTWARE\omniboxesSoftware
      Deleted: [Key] - HKLM\SOFTWARE\sweet-pageSoftware
      Deleted: [Key] - HKLM\SOFTWARE\delta-homesSoftware
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\AnyProtect
      Deleted: [Key] - HKCU\Software\AnyProtect
      Deleted: [Key] - HKLM\SOFTWARE\Solvusoft
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Solvusoft
      Deleted: [Key] - HKCU\Software\Solvusoft
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinThruster
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinThruster.exe
      Deleted: [Key] - HKLM\SOFTWARE\CLASSES\APPLICATIONS\SolvusoftTray.exe
      Deleted: [Key] - HKLM\SOFTWARE\SupTab
      Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
      Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\clean-master-for-pc.softonic.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\clean-master-for-pc.softonic.com
      Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\AppDataLow\Software\DynConIE
      Deleted: [Key] - HKCU\Software\AppDataLow\Software\DynConIE
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Store
      Deleted: [Key] - HKCU\Software\Store
      Deleted: [Key] - HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000_Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
      Deleted: [Key] - HKU\S-1-5-18\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
      Deleted: [Key] - HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
      Deleted: [Key] - HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Super Optimizer
      Deleted: [Key] - HKCU\Software\Super Optimizer
      Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
      Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
      Deleted: [Key] - HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
      Deleted: [Key] - HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
      Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|QuickCheckout.exe
      Deleted: [Key] - HKLM\SOFTWARE\YTDownloader
      Deleted: [Key] - HKLM\SOFTWARE\FFPluginHp
      Deleted: [Key] - HKLM\SOFTWARE\FlashBeat
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
      Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
      Deleted: [Key] - HKLM\SOFTWARE\IHProtect
      Deleted: [Key] - HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\AppDataLow\Software\Crossrider
      Deleted: [Key] - HKCU\Software\AppDataLow\Software\Crossrider
      Deleted: [Key] - HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
      Deleted: [Key] - HKLM\SOFTWARE\mystartsearchSoftware
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
      Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
      Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
      Deleted: [Key] - HKLM\SOFTWARE\TornTv Downloader
      Deleted: [Key] - HKLM\SOFTWARE\WdsManPro
      Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
      Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\csastats
      Deleted: [Key] - HKCU\Software\csastats
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\PRODUCTSETUP
      Deleted: [Key] - HKCU\Software\PRODUCTSETUP
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
      Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
      Deleted: [Key] - HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\RegistryDrConfig
      Deleted: [Key] - HKCU\Software\RegistryDrConfig
      Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
      Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
      Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
      Deleted: [Value] - HKCU\Software\RegisteredApplications|AceStream
      Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\internetspeedtracker.dl.tb.ask.com


      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries deleted.

      ***** [ Chromium (and derivatives) ] *****

      Plugin deleted: Search Manager -
      Plugin deleted: Palikan New Tab -
      SearchProvider deleted: delta-homes - delta-homes


      *************************

      ::Tracing keys deleted
      ::Winsock settings cleared
      ::Additional Actions: 0



      *************************

      C:/AdwCleaner/AdwCleaner[S0].txt - [44568 B] - [2017/9/28 14:26:49]


      ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########



      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 10 Pro N x64
      Ran by Carlos (Administrator) on 28/09/2017 at 16:40:26,29
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 29

      Successfully deleted: C:\Program Files (x86)\deal4mee (Folder)
      Successfully deleted: C:\Program Files (x86)\deal4mue (Folder)
      Successfully deleted: C:\Program Files (x86)\FinEDealSoft (Folder)
      Successfully deleted: C:\Program Files (x86)\FinEoDealSofut (Folder)
      Successfully deleted: C:\Program Files (x86)\FleexaibleShhopper (Folder)
      Successfully deleted: C:\Program Files (x86)\FlexibleShopPer (Folder)
      Successfully deleted: C:\Program Files (x86)\FlexoiblleShoeppperr (Folder)
      Successfully deleted: C:\Program Files (x86)\FllexiubeleShOpper (Folder)
      Successfully deleted: C:\Program Files (x86)\lesse2ppAy (Folder)
      Successfully deleted: C:\Program Files (x86)\prefs.js (File)
      Successfully deleted: C:\Program Files (x86)\realdEal (Folder)
      Successfully deleted: C:\Program Files (x86)\realedeal (Folder)
      Successfully deleted: C:\Program Files (x86)\ReeAldeal (Folder)
      Successfully deleted: C:\Program Files (x86)\saveitkueeep (Folder)
      Successfully deleted: C:\Program Files (x86)\savinggtoyooU (Folder)
      Successfully deleted: C:\Program Files (x86)\savinnShOp (Folder)
      Successfully deleted: C:\Program Files (x86)\savIongtoyou (Folder)
      Successfully deleted: C:\Program Files (x86)\shoopndrop (Folder)
      Successfully deleted: C:\Program Files (x86)\surfkeeopit (Folder)
      Successfully deleted: C:\ProgramData\1323d53b296f47c09050d50887c25b54 (Folder)
      Successfully deleted: C:\ProgramData\7f604709cec64e31929e1b43bb4032b3 (Folder)
      Successfully deleted: C:\Users\Carlos\AppData\Local\{EDB1DBED-C919-B755-A481-92BD80E96E25} (Empty Folder)
      Successfully deleted: C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage (File)
      Successfully deleted: C:\Users\Carlos\AppData\Local\installer (Folder)
      Successfully deleted: C:\Users\Carlos\Appdata\LocalLow\company (Folder)
      Successfully deleted: C:\Users\Carlos\AppData\Roaming\store (Folder)
      Successfully deleted: C:\Users\Carlos\Documents\optimizer pro (Folder)
      Successfully deleted: C:\Users\Carlos\AppData\Roaming\appdataFr25.bin (File)
      Successfully deleted: C:\Users\Carlos\AppData\Roaming\appdataFr3.bin (File)



      Registry: 4

      Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} (Registry Key)
      Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (Registry Key)
      Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} (Registry Key)
      Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} (Registry Key)




      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 28/09/2017 at 16:42:48,30
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    2. #2
      Moderador
      Avatar de @MiguelRiaguel
      Registrado
      dic 2008
      Ubicación
      España
      Mensajes
      12.069

      Re: Posible virus Reimage Repaire

      Saludos Kikepalmer

      Si nos das más detalles sobre los posibles inconvenientes/problemas que tengas en tu equipo, podremos intentar ayudarte de una forma más correcta y eficaz. Después de ejecutar AdwCleaner y JRT, ¿persisten los problemas?

      Saludos.
      El problema de los virus es pasajero y durará un par de años / John McAfee - fundador de McAfee

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de Kikepalmer
      Registrado
      feb 2011
      Ubicación
      España
      Mensajes
      13

      Re: Posible virus Reimage Repaire

      Hola Miguel, muchas gracias por tu pronta respuesta.

      Pues el problema es que continuamente mientras intento navegar a través de distintas páginas web, siempre se me abre una página de Remaige Repair, anunciándome que tengo el equipo infectado y que solo ellos pueden repararlo.

      Después de ejecutar los dos programas y reiniciar el equipo, sigue persistiendo el problema, es mas, he pasado también el Farbar Recovery Scan Tool, que tengo pendiente de enviar el resultado porque me esta dando mucho problemas el pc para poder hacerlo, a veces no me activa el foro para poder hacerlo.

      En cuanto me deje lo envío.

    4. #4
      Usuario Avatar de Kikepalmer
      Registrado
      feb 2011
      Ubicación
      España
      Mensajes
      13

      Re: Posible virus Reimage Repaire

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01
      Ran by Carlos (administrator) on CARLOS-PC (28-09-2017 16:52:56)
      Running from C:\Users\Carlos\Desktop
      Loaded Profiles: Carlos (Available Profiles: Carlos & DefaultAppPool)
      Platform: Windows 10 Pro N Version 1703 (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Edge)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
      (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
      (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
      (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
      (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
      (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
      HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
      HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
      Winlogon\Notify\igfxcui: igfxdev.dll [X]
      Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-03-04]
      ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-09-30]
      ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{a619b2f2-bb44-4704-b29f-36a7ecf4e114}: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{a981459e-2be3-4cf2-b5d5-71ae8dd473a3}: [NameServer] 82.163.143.172,82.163.142.174
      Tcpip\..\Interfaces\{a981459e-2be3-4cf2-b5d5-71ae8dd473a3}: [DhcpNameServer] 192.168.1.1

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://es.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_06&param1=1&param2=f%3D1%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0B0B0AzyyBtA0BtAtC0BtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0A0C0FzztC0BtCtGtB0EtByCtGtByCtB0BtGtByCzy0EtGtDtCyCyCyBzytDtB0EtCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0B0DtDtCyC0EtCtGzzzz0F0DtGyEyD0A0AtGzz0FzztBtGzzzztAtBtDzy0EzzyDyCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzyyDyC%26cr%3D1702891191%26a%3Dwbf_fs_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro%2BN
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
      SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://es.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0B0B0AzyyBtA0BtAtC0BtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0A0C0FzztC0BtCtGtB0EtByCtGtByCtB0BtGtByCzy0EtGtDtCyCyCyBzytDtB0EtCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0B0DtDtCyC0EtCtGzzzz0F0DtGyEyD0A0AtGzz0FzztBtGzzzztAtBtDzy0EzzyDyCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzyyDyC%26cr%3D1702891191%26a%3Dwbf_fs_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro%2BN&p={searchTerms}
      SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
      SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://es.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0B0B0AzyyBtA0BtAtC0BtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0A0C0FzztC0BtCtGtB0EtByCtGtByCtB0BtGtByCzy0EtGtDtCyCyCyBzytDtB0EtCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0B0DtDtCyC0EtCtGzzzz0F0DtGyEyD0A0AtGzz0FzztBtGzzzztAtBtDzy0EzzyDyCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzyyDyC%26cr%3D1702891191%26a%3Dwbf_fs_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro%2BN&p={searchTerms}
      SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://es.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0B0B0AzyyBtA0BtAtC0BtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0A0C0FzztC0BtCtGtB0EtByCtGtByCtB0BtGtByCzy0EtGtDtCyCyCyBzytDtB0EtCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0B0DtDtCyC0EtCtGzzzz0F0DtGyEyD0A0AtGzz0FzztBtGzzzztAtBtDzy0EzzyDyCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzyyDyC%26cr%3D1702891191%26a%3Dwbf_fs_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro%2BN&p={searchTerms}
      SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
      SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.?<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hxxp://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://es.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0B0B0AzyyBtA0BtAtC0BtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0A0C0FzztC0BtCtGtB0EtByCtGtByCtB0BtGtByCzy0EtGtDtCyCyCyBzytDtB0EtCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0B0DtDtCyC0EtCtGzzzz0F0DtGyEyD0A0AtGzz0FzztBtGzzzztAtBtDzy0EzzyDyCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzyyDyC%26cr%3D1702891191%26a%3Dwbf_fs_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro%2BN&p={searchTerms}
      SearchScopes: HKU\S-1-5-21-3465795896-1197667706-1526052496-1000 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
      BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
      BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
      Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
      Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)

      FireFox:
      ========
      FF DefaultProfile: 4ileexe7.default
      FF ProfilePath: C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default [2017-09-28]
      FF NewTab: Mozilla\Firefox\Profiles\4ileexe7.default -> about:newtab
      FF DefaultSearchEngine: Mozilla\Firefox\Profiles\4ileexe7.default -> Yahoo! Powered
      FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4ileexe7.default -> Yahoo! Powered
      FF Homepage: Mozilla\Firefox\Profiles\4ileexe7.default -> hxxp://www.google.com/
      FF Keyword.URL: Mozilla\Firefox\Profiles\4ileexe7.default -> user_pref("keyword.URL", true);
      FF Extension: (Music Start) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\Extensions\[email protected] [2017-02-15]
      FF Extension: (Movies Start) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\Extensions\[email protected] [2017-02-15]
      FF Extension: (IE Tab 2 (FF 3.6+)) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2016-02-20]
      FF Extension: (Antivirus link scanner) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\Extensions\{490d85d0-682a-4a4a-9d9f-baba6a56c323}.xpi [2017-06-27]
      FF Extension: (Adblock Plus) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
      FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\extensions\[email protected] => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\extensions\[email protected] => not found
      FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\extensions\[email protected] => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\extensions\[email protected] => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\extensions\[email protected] => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\extensions\[email protected] => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\extensions\[email protected] => not found
      FF HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-15] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-15] ()
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
      FF Plugin HKU\S-1-5-21-3465795896-1197667706-1526052496-1000: @acestream.net/acestreamplugin,version=3.1.16 -> C:\Users\Carlos\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]

      Chrome:
      =======
      CHR DefaultProfile: Default
      CHR dev: Chrome dev build detected! <==== ATTENTION
      CHR Profile: C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default [2017-09-28]
      CHR Extension: (Google Docs) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-26]
      CHR Extension: (Google Drive) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-26]
      CHR Extension: (YouTube) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-26]
      CHR Extension: (Hojas de cálculo de Google) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-26]
      CHR Extension: (Palikan New Tab) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljibkigjccbegnbeojkoafejpoiachej [2016-03-18]
      CHR Extension: (Ace Stream Web Extension) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2016-11-12]
      CHR Extension: (Search Manager) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-06-11]
      CHR Extension: (Gmail) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-26]
      CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
      CHR crx: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\default_apps\search.crx [2015-06-20]
      CHR crx: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\default_apps\search.crx [2015-06-05]

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
      R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
      R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
      R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
      S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
      R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
      R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
      R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
      S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
      R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
      R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)

    5. #5
      Usuario Avatar de Kikepalmer
      Registrado
      feb 2011
      Ubicación
      España
      Mensajes
      13

      Re: Posible virus Reimage Repaire

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R1 BdAgent; C:\WINDOWS\System32\DRIVERS\BdAgent.sys [117184 2014-05-15] (BullGuard Ltd.)
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
      S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET)
      R1 MpKsldab6c7bc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7918F2F4-ECBE-43FA-A3F2-6F4145FF486F}\MpKsldab6c7bc.sys [58120 2017-09-28] (Microsoft Corporation)
      S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
      S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
      R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
      R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
      U3 idsvc; no ImagePath

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-09-28 16:52 - 2017-09-28 16:53 - 000018550 _____ C:\Users\Carlos\Desktop\FRST.txt
      2017-09-28 16:52 - 2017-09-28 16:52 - 000000000 ____D C:\FRST
      2017-09-28 16:49 - 2017-09-28 16:49 - 002399744 _____ (Farbar) C:\Users\Carlos\Desktop\FRST64.exe
      2017-09-28 16:42 - 2017-09-28 16:43 - 000003255 _____ C:\Users\Carlos\Desktop\JRT.txt
      2017-09-28 16:38 - 2017-09-28 16:38 - 001790024 _____ (Malwarebytes) C:\Users\Carlos\Desktop\JRT.exe
      2017-09-28 16:37 - 2017-09-28 16:37 - 000039045 _____ C:\Users\Carlos\Desktop\AdwCleaner[C0].txt
      2017-09-28 16:25 - 2017-09-28 16:26 - 000000000 ____D C:\AdwCleaner
      2017-09-28 16:19 - 2017-09-28 16:19 - 008182736 _____ (Malwarebytes) C:\Users\Carlos\Desktop\AdwCleaner.exe
      2017-09-28 09:09 - 2017-09-28 09:09 - 000000000 ____D C:\Users\Carlos\AppData\LocalLow\uTorrent
      2017-09-25 08:50 - 2017-09-25 08:50 - 000604928 _____ (Reimage) C:\Users\Carlos\Downloads\ReimageRepair(1).exe
      2017-09-13 18:50 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
      2017-09-13 18:50 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
      2017-09-13 18:50 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
      2017-09-13 18:50 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
      2017-09-13 18:50 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
      2017-09-13 18:50 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
      2017-09-13 18:50 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
      2017-09-13 18:50 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
      2017-09-13 18:50 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
      2017-09-13 18:50 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
      2017-09-13 18:50 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
      2017-09-13 18:50 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
      2017-09-13 18:50 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
      2017-09-13 18:50 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
      2017-09-13 18:50 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
      2017-09-13 18:50 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
      2017-09-13 18:50 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
      2017-09-13 18:50 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
      2017-09-13 18:50 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
      2017-09-13 18:50 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
      2017-09-13 18:50 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
      2017-09-13 18:50 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
      2017-09-13 18:50 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
      2017-09-13 18:50 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
      2017-09-13 18:50 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
      2017-09-13 18:50 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
      2017-09-13 18:50 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
      2017-09-13 18:50 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
      2017-09-13 18:50 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
      2017-09-13 18:50 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
      2017-09-13 18:50 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
      2017-09-13 18:50 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
      2017-09-13 18:50 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
      2017-09-13 18:50 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
      2017-09-13 18:50 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
      2017-09-13 18:50 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
      2017-09-13 18:50 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
      2017-09-13 18:50 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
      2017-09-13 18:50 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
      2017-09-13 18:50 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
      2017-09-13 18:50 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
      2017-09-13 18:50 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
      2017-09-13 18:50 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
      2017-09-13 18:50 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
      2017-09-13 18:49 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
      2017-09-13 18:49 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
      2017-09-13 18:49 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
      2017-09-13 18:49 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
      2017-09-13 18:49 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
      2017-09-13 18:49 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
      2017-09-13 18:49 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
      2017-09-13 18:49 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
      2017-09-13 18:49 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
      2017-09-13 18:49 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
      2017-09-13 18:49 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
      2017-09-13 18:49 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
      2017-09-13 18:49 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
      2017-09-13 18:49 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
      2017-09-13 18:49 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
      2017-09-13 18:49 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
      2017-09-13 18:49 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
      2017-09-13 18:49 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
      2017-09-13 18:49 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
      2017-09-13 18:49 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
      2017-09-13 18:49 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
      2017-09-13 18:49 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
      2017-09-13 18:49 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
      2017-09-13 18:49 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
      2017-09-13 18:49 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
      2017-09-13 18:49 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
      2017-09-13 18:49 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
      2017-09-13 18:49 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
      2017-09-13 18:49 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
      2017-09-13 18:49 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
      2017-09-13 18:49 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
      2017-09-13 18:49 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
      2017-09-13 18:49 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
      2017-09-13 18:49 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
      2017-09-13 18:49 - 2017-09-05 06:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
      2017-09-13 18:49 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
      2017-09-13 18:49 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
      2017-09-13 18:49 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
      2017-09-13 18:49 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
      2017-09-13 18:49 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
      2017-09-13 18:49 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
      2017-09-13 18:49 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
      2017-09-13 18:49 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
      2017-09-13 18:49 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
      2017-09-13 18:49 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
      2017-09-13 18:49 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
      2017-09-13 18:49 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
      2017-09-13 18:49 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
      2017-09-13 18:49 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
      2017-09-13 18:49 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
      2017-09-13 18:49 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
      2017-09-13 18:49 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
      2017-09-13 18:49 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
      2017-09-13 18:49 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
      2017-09-13 18:49 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
      2017-09-13 18:49 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
      2017-09-13 18:49 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
      2017-09-13 18:49 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
      2017-09-13 18:49 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
      2017-09-13 18:49 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
      2017-09-13 18:49 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
      2017-09-13 18:49 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
      2017-09-13 18:49 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
      2017-09-13 18:49 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
      2017-09-13 18:49 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
      2017-09-13 18:49 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
      2017-09-13 18:49 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
      2017-09-13 18:49 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
      2017-09-13 18:49 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
      2017-09-13 18:49 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
      2017-09-13 18:49 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
      2017-09-13 18:49 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
      2017-09-13 18:49 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
      2017-09-13 18:49 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
      2017-09-13 18:49 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
      2017-09-13 18:49 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
      2017-09-13 18:49 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
      2017-09-13 18:49 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
      2017-09-13 18:49 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
      2017-09-13 18:49 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
      2017-09-13 18:49 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
      2017-09-13 18:49 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
      2017-09-13 18:49 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
      2017-09-13 18:49 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
      2017-09-13 18:49 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
      2017-09-13 18:49 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
      2017-09-13 18:49 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
      2017-09-13 18:49 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
      2017-09-13 18:49 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
      2017-09-13 18:49 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
      2017-09-13 18:49 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
      2017-09-13 18:49 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
      2017-09-13 18:49 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
      2017-09-13 18:49 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
      2017-09-13 18:49 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
      2017-09-13 18:49 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
      2017-09-13 18:49 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
      2017-09-13 18:49 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
      2017-09-13 18:49 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
      2017-09-13 18:49 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
      2017-09-13 18:49 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
      2017-09-13 18:49 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
      2017-09-13 18:49 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
      2017-09-13 18:49 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
      2017-09-13 18:49 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
      2017-09-13 18:49 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
      2017-09-13 18:49 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
      2017-09-13 18:49 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
      2017-09-13 18:49 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
      2017-09-13 18:49 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
      2017-09-13 18:49 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
      2017-09-13 18:49 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
      2017-09-13 18:49 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
      2017-09-13 18:49 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
      2017-09-13 18:49 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
      2017-09-13 18:49 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
      2017-09-13 18:49 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
      2017-09-13 18:49 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
      2017-09-13 18:49 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
      2017-09-13 18:49 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
      2017-09-13 18:49 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
      2017-09-13 18:49 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
      2017-09-13 18:49 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
      2017-09-13 18:49 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
      2017-09-13 18:49 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
      2017-09-13 18:49 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
      2017-09-13 18:49 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
      2017-09-13 18:49 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
      2017-09-13 18:49 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
      2017-09-13 18:49 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
      2017-09-13 18:49 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
      2017-09-13 18:49 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
      2017-09-13 18:49 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
      2017-09-13 18:49 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
      2017-09-13 18:49 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
      2017-09-13 18:49 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
      2017-09-13 18:48 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
      2017-09-13 18:48 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
      2017-09-13 18:48 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
      2017-09-13 18:48 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
      2017-09-13 18:48 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
      2017-09-13 18:48 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
      2017-09-13 18:48 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
      2017-09-13 18:48 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
      2017-09-13 18:48 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
      2017-09-13 18:48 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
      2017-09-13 18:48 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
      2017-09-13 18:48 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
      2017-09-13 18:48 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
      2017-09-13 18:48 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
      2017-09-13 18:48 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
      2017-09-13 18:48 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
      2017-09-13 18:48 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
      2017-09-13 18:48 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
      2017-09-13 18:48 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
      2017-09-13 18:48 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
      2017-09-13 18:48 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
      2017-09-13 18:48 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
      2017-09-13 18:48 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
      2017-09-13 18:48 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
      2017-09-13 18:48 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
      2017-09-13 18:48 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
      2017-09-13 18:48 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
      2017-09-13 18:48 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
      2017-09-13 18:48 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
      2017-09-13 18:48 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
      2017-09-13 18:48 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
      2017-09-13 18:48 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
      2017-09-13 18:48 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
      2017-09-13 18:48 - 2017-09-05 07:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
      2017-09-13 18:48 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
      2017-09-13 18:48 - 2017-09-05 07:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
      2017-09-13 18:48 - 2017-09-05 07:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
      2017-09-13 18:48 - 2017-09-05 07:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
      2017-09-13 18:48 - 2017-09-05 07:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
      2017-09-13 18:48 - 2017-09-05 07:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
      2017-09-13 18:48 - 2017-09-05 07:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
      2017-09-13 18:48 - 2017-09-05 07:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
      2017-09-13 18:48 - 2017-09-05 07:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
      2017-09-13 18:48 - 2017-09-05 07:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
      2017-09-13 18:48 - 2017-09-05 07:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
      2017-09-13 18:48 - 2017-09-05 07:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
      2017-09-13 18:48 - 2017-09-05 07:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
      2017-09-13 18:48 - 2017-09-05 07:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
      2017-09-13 18:48 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
      2017-09-13 18:48 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
      2017-09-13 18:48 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
      2017-09-13 18:48 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
      2017-09-13 18:48 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
      2017-09-13 18:48 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
      2017-09-13 18:48 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
      2017-09-13 18:48 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
      2017-09-13 18:48 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
      2017-09-13 18:48 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
      2017-09-13 18:48 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
      2017-09-13 18:48 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
      2017-09-13 18:48 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
      2017-09-13 18:48 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
      2017-09-13 18:48 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
      2017-09-13 18:48 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
      2017-09-13 18:48 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
      2017-09-13 18:48 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
      2017-09-13 18:48 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
      2017-09-13 18:48 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
      2017-09-13 18:48 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
      2017-09-13 18:48 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
      2017-09-13 18:48 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
      2017-09-13 18:48 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
      2017-09-13 18:48 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
      2017-09-13 18:48 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
      2017-09-13 18:48 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
      2017-09-13 18:48 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
      2017-09-13 18:48 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
      2017-09-13 18:48 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
      2017-09-13 18:48 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
      2017-09-13 18:48 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
      2017-09-13 18:48 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
      2017-09-13 18:48 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
      2017-09-13 18:48 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
      2017-09-13 18:48 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
      2017-09-13 18:48 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
      2017-09-13 18:48 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
      2017-09-13 18:48 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
      2017-09-13 18:48 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
      2017-09-13 18:48 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
      2017-09-13 18:48 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
      2017-09-13 18:48 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
      2017-09-13 18:48 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
      2017-09-13 18:48 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
      2017-09-13 18:48 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
      2017-09-13 18:48 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
      2017-09-13 18:48 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
      2017-09-13 18:48 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
      2017-09-13 18:48 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
      2017-09-13 18:48 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
      2017-09-13 18:48 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
      2017-09-13 18:48 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
      2017-09-13 18:48 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
      2017-09-13 18:48 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
      2017-09-13 18:48 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
      2017-09-13 18:48 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
      2017-09-13 18:48 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
      2017-09-13 18:48 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
      2017-09-13 18:48 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
      2017-09-13 18:48 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
      2017-09-13 18:48 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
      2017-09-13 18:48 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
      2017-09-13 18:48 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
      2017-09-13 18:48 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
      2017-09-13 18:48 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
      2017-09-13 18:48 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
      2017-09-13 18:48 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
      2017-09-13 18:48 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
      2017-09-13 18:48 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
      2017-09-13 18:48 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
      2017-09-13 18:48 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
      2017-09-13 18:48 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
      2017-09-13 18:48 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
      2017-09-13 18:48 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
      2017-09-13 18:48 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
      2017-09-13 18:48 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
      2017-09-13 18:48 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
      2017-09-13 18:48 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
      2017-09-13 18:48 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
      2017-09-13 18:48 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
      2017-09-13 18:48 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
      2017-09-13 18:48 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
      2017-09-13 18:48 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
      2017-09-13 18:48 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
      2017-09-13 18:48 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
      2017-09-13 18:48 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
      2017-09-13 18:48 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
      2017-09-13 18:48 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
      2017-09-13 18:48 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
      2017-09-13 18:48 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
      2017-09-13 18:48 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
      2017-09-11 17:54 - 2017-09-11 17:54 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
      2017-09-11 17:54 - 2017-09-11 17:54 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Local\TileDataLayer
      2017-08-30 11:25 - 2017-08-30 11:25 - 000000000 ____D C:\Users\Carlos\AppData\Local\DBG

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-09-28 16:39 - 2017-08-04 11:10 - 002423946 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-09-28 16:39 - 2017-03-20 07:08 - 001079882 _____ C:\WINDOWS\system32\perfh00A.dat
      2017-09-28 16:39 - 2017-03-20 07:08 - 000253302 _____ C:\WINDOWS\system32\perfc00A.dat
      2017-09-28 16:36 - 2015-02-19 11:55 - 000000000 __SHD C:\Users\Carlos\IntelGraphicsProfiles
      2017-09-28 16:35 - 2017-08-04 11:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-09-28 16:34 - 2017-03-18 13:40 - 000262144 _____ C:\WINDOWS\system32\config\BBI
      2017-09-28 16:34 - 2016-07-16 13:45 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
      2017-09-28 16:26 - 2017-03-21 19:40 - 000000000 ____D C:\Users\Carlos\AppData\Roaming\uTorrent
      2017-09-28 15:52 - 2017-08-04 11:24 - 000004210 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9C5B880B-8B2E-47D4-A368-833797F7BE3F}
      2017-09-28 15:49 - 2017-08-04 11:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
      2017-09-28 12:34 - 2015-02-20 09:31 - 000000000 ____D C:\Users\Carlos\Desktop\PELICULAS
      2017-09-28 09:33 - 2015-03-01 17:01 - 000000000 ____D C:\FFOutput
      2017-09-28 08:25 - 2017-03-18 23:02 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-09-28 08:25 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\AppReadiness
      2017-09-27 17:55 - 2017-03-29 09:42 - 000000000 ____D C:\Users\Carlos\AppData\Local\tkdata
      2017-09-27 17:55 - 2017-02-12 19:55 - 000000000 ____D C:\ProgramData\{84F34190-0EB1-CB56-8877-55141235DEDA}
      2017-09-23 19:37 - 2017-08-02 09:26 - 000000000 ___DC C:\WINDOWS\Panther
      2017-09-23 19:37 - 2017-03-18 23:00 - 000000000 ____D C:\WINDOWS\INF
      2017-09-23 19:20 - 2017-08-04 11:24 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3465795896-1197667706-1526052496-1000
      2017-09-23 19:20 - 2015-10-18 16:59 - 000002441 _____ C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2017-09-23 19:20 - 2015-10-18 16:59 - 000000000 ___RD C:\Users\Carlos\OneDrive
      2017-09-15 10:29 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\rescache
      2017-09-15 09:53 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2017-09-15 09:53 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2017-09-15 09:51 - 2015-09-10 07:47 - 000000000 __RHD C:\Users\Public\AccountPictures
      2017-09-15 09:49 - 2017-08-04 11:07 - 000252264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-09-13 20:01 - 2017-03-20 07:08 - 000000000 ____D C:\WINDOWS\system32\es
      2017-09-13 20:01 - 2017-03-18 23:02 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
      2017-09-13 20:01 - 2017-03-18 23:02 - 000000000 ___SD C:\WINDOWS\system32\F12
      2017-09-13 20:01 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
      2017-09-13 20:01 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
      2017-09-13 20:01 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\setup
      2017-09-13 20:00 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\ShellExperiences
      2017-09-13 20:00 - 2017-03-18 23:02 - 000000000 ____D C:\Program Files\Windows Photo Viewer
      2017-09-13 20:00 - 2017-03-18 23:02 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
      2017-09-13 19:06 - 2015-02-19 11:34 - 000000000 ____D C:\WINDOWS\system32\MRT
      2017-09-13 19:03 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
      2017-09-13 19:03 - 2015-02-19 11:34 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
      2017-09-11 17:54 - 2017-08-04 11:11 - 000000000 ____D C:\Users\DefaultAppPool
      2017-09-11 17:38 - 2015-03-01 16:36 - 000000000 ____D C:\ProgramData\McAfee
      2017-09-11 17:36 - 2016-11-18 18:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2017-09-11 17:36 - 2015-02-19 12:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-09-06 12:15 - 2016-11-19 09:43 - 000000000 ____D C:\Users\Carlos\AppData\LocalLow\Mozilla
      2017-09-02 17:15 - 2017-03-18 23:04 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
      2017-09-02 17:15 - 2017-03-18 23:04 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

      ==================== Files in the root of some directories =======

      2015-03-26 13:48 - 2015-03-26 13:48 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
      2015-11-15 11:28 - 2015-11-15 11:28 - 000000043 _____ () C:\Users\Carlos\AppData\Roaming\WB.CFG
      2017-08-04 11:09 - 2017-08-04 11:09 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
      2017-03-04 12:57 - 2017-03-04 13:02 - 000000830 _____ () C:\ProgramData\hpzinstall.log

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-09-21 18:42

      ==================== End of FRST.txt ============================

    6. #6
      Usuario Avatar de Kikepalmer
      Registrado
      feb 2011
      Ubicación
      España
      Mensajes
      13

      Re: Posible virus Reimage Repaire

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
      Ran by Carlos (28-09-2017 16:54:09)
      Running from C:\Users\Carlos\Desktop
      Windows 10 Pro N Version 1703 (X64) (2017-08-04 09:30:31)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-3465795896-1197667706-1526052496-500 - Administrator - Disabled)
      Carlos (S-1-5-21-3465795896-1197667706-1526052496-1000 - Administrator - Enabled) => C:\Users\Carlos
      DefaultAccount (S-1-5-21-3465795896-1197667706-1526052496-503 - Limited - Disabled)
      HomeGroupUser$ (S-1-5-21-3465795896-1197667706-1526052496-1002 - Limited - Enabled)
      Invitado (S-1-5-21-3465795896-1197667706-1526052496-501 - Limited - Disabled)

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      µTorrent (HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
      1310 (HKLM-x32\...\{76A9FB3A-D7AB-4C8C-8C49-3CFDBF2D6C2D}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
      1310_Help (HKLM-x32\...\{6D4553DF-2095-4D10-92C0-17934733B51D}) (Version: 82.0.58.000 - Hewlett-Packard) Hidden
      1310Trb (HKLM-x32\...\{6D7E031C-4C05-4265-854A-FE9FDEA9984D}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
      64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
      Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
      AIO_CDB_ProductContext (HKLM-x32\...\{D5045A94-1D46-44A7-9C4F-7D05B40D82EC}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
      AIO_CDB_Software (HKLM-x32\...\{2DFDE21D-AFFE-4CDD-BBD4-3B7832BEC036}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
      AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
      aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
      Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
      BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
      CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
      Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
      Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
      DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
      DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
      Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
      FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
      Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
      GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
      HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
      HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
      HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
      HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
      HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
      HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
      HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
      HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
      ImTOO Video Converter Ultimate (HKLM-x32\...\ImTOO Video Converter Ultimate) (Version: 7.7.3.20131014 - ImTOO)
      Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
      Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
      K-Lite Mega Codec Pack 11.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.0 - )
      KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 4.1.5.8 - PandoraTV)
      MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
      Microsoft OneDrive (HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Mozilla Firefox 55.0.3 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 es-ES)) (Version: 55.0.3 - Mozilla)
      Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
      Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
      OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
      OpenOffice 4.1.1 (HKLM-x32\...\{EFC97BC6-345A-4861-ACD5-0D3181252924}) (Version: 4.11.9775 - Apache Software Foundation)
      Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
      Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
      Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
      Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
      Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
      Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
      SketchUp 2015 (HKLM\...\{F775D2AD-9B40-4BA6-91AE-304EAE34F123}) (Version: 15.0.9350 - Trimble Navigation Limited)
      SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
      SopCast 4.0.0 (HKLM-x32\...\SopCast) (Version: 4.0.0 - SopCast - Free P2P internet TV | live football, NBA, cricket)
      Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
      Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
      TP-LINK Archer T2U_T2UH Driver (HKLM-x32\...\{F2496892-5295-4208-AB93-21F1AFD07C97}) (Version: 1.3.1 - TP-LINK)
      TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
      TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
      WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
      Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
      WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
      WinThruster (HKLM-x32\...\WinThruster) (Version: 1.16.8 - Solvusoft Corporation) <==== ATTENTION

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-3465795896-1197667706-1526052496-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
      ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
      ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
      ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
      ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
      ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
      ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
      ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {09F4DD8E-D502-435E-8C2D-BE7755C05643} - System32\Tasks\{1E045A2D-1C81-467D-9E38-2DAA06938007} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carlos\Desktop\OpenOffice 4.1.1 (en-US) Installation Files\setup.exe" -d "C:\Users\Carlos\Desktop\OpenOffice 4.1.1 (en-US) Installation Files"
      Task: {3AB19484-977C-4E25-98B9-1C68FFE6DD48} - System32\Tasks\{17CFF8A9-F8C9-4EF5-9939-E2A97DE5B72E} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Carlos\AppData\Local\{5BA46DF8-7F0C-0140-1294-24A836FCD830}\uninstall.exe -c /Uninstall /s /noun
      Task: {4EC38277-B27A-4A8A-8950-C1035B25DEB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
      Task: {5610D944-31EB-4DE0-B06D-A32B82E066BB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
      Task: {6177BBA6-8F78-44C3-AE4D-AD0E8BDA9D3F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
      Task: {68B1D2F6-FF6B-4D46-9FE4-DDB967944E69} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
      Task: {71A12140-9654-4D44-8EA2-24671B8D3403} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
      Task: {7E8CE3C5-16B1-4A05-A7EF-326A962E8CB8} - System32\Tasks\WinThruster64-Carlos-Notification => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== ATTENTION
      Task: {851D78D9-5846-4E96-89FA-F9AA867DCF1C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
      Task: {86ECCA1F-4A7A-42F4-809C-218F28027204} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
      Task: {96737F71-FF1C-42F2-B27B-3E0CA28911F4} - System32\Tasks\{973FF6D0-1F81-45F7-9903-E366F8009713} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Carlos\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cornl
      Task: {A2A529AB-213C-448E-9739-D2AF9DE04B1A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
      Task: {A3BE0655-C449-456D-AF1F-BB905F14D6A9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
      Task: {B8DA71A6-82FB-41F4-A7FC-DE402880A84C} - System32\Tasks\Yahoo! Powered sorom => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\{84F34190-0EB1-CB56-8877-55141235DEDA}\nofe.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b38344633343139302d304542312d434235362d383837372d3535313431323335444544417d5c74696c6f6461" "433a5c50726f6772616d446174615c7b38344633343139302d304542312d434235362d383837 (the data entry has 78 more characters). <==== ATTENTION
      Task: {C0760BDE-F997-46D1-9A6E-30B460C069BB} - System32\Tasks\{B076061B-64E6-46CF-8FDF-FA5AB5C379E7} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall
      Task: {C539798F-8439-43F9-B0C7-53285A510625} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-13] (Microsoft Corporation)
      Task: {C6796F07-B8A4-4254-B585-9640FA9096DB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
      Task: {E2F4EEC9-5DF6-42DD-9468-3DBB334472C8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
      Task: {E7917A4A-8314-4F06-BE69-AA4C7B74CB5A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
      Task: {F78BA6D4-26E0-46E8-B4F0-0ECC80945FDB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
      Task: {F985E7CD-0FEF-49C7-85C4-DBC50BDB9957} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-15] (Adobe Systems Incorporated)
      Task: {FF72F040-031E-4666-A1A1-4C46B0CC7F86} - System32\Tasks\{E4CF7631-BE7B-49CA-A9C2-747E532E934D} => C:\Windows\system32\pcalua.exe -a C:\Users\Carlos\AppData\Roaming\omniboxes\UninstallManager.exe -c -ptid=obw

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
      Task: C:\WINDOWS\Tasks\WinThruster64-Carlos-Notification.job => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== ATTENTION
      Task: C:\WINDOWS\Tasks\Yahoo! Powered sorom.job => Wscript.exe C:\ProgramData\{84F34190-0EB1-CB56-8877-55141235DEDA}\nofe.txt <==== ATTENTION

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ShortcutWithArgument: C:\Users\Carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->
      ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->
      ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->

      ==================== Loaded Modules (Whitelisted) ==============

      2017-03-18 22:56 - 2017-03-18 22:56 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
      2017-03-18 22:58 - 2017-03-20 07:10 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
      DNS Servers: 82.163.143.172 - 82.163.142.174
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
      HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
      HKLM\...\StartupApproved\Run32: => "Flashget"
      HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\...\StartupApproved\StartupFolder: => "OPTISetup.lnk"
      HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\...\StartupApproved\Run: => "AceStream"
      HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
      HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\...\StartupApproved\Run: => "OneDrive"
      HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\...\StartupApproved\Run: => "AirDroid 3"

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{66B93980-2DE5-4902-A3C1-135C297808DB}] => (Allow) C:\Users\Carlos\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{2FF027F9-0BB7-42FA-96B3-C185E63AB048}] => (Allow) C:\Users\Carlos\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{F1FB8507-89F3-444B-90F7-019DE044C9C9}] => (Allow) C:\Users\Carlos\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{9A732152-2DDF-44BD-86E4-B66FBFBF39EA}] => (Allow) C:\Users\Carlos\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{BD6DF2CC-44B6-48FD-A91D-0D0F7AC81883}] => (Allow) C:\Users\Carlos\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{ABBEADA1-C45E-4DBF-83F9-DB6E2DD0CF51}] => (Allow) C:\Users\Carlos\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{57CA24A6-5D60-45CD-8F93-73CA25A2A437}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
      FirewallRules: [{4B4FEA89-A63C-458E-863D-00F54BC33E2D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
      FirewallRules: [{61279577-DEE1-4450-838F-0F41FBCE6A7E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
      FirewallRules: [{FDED0696-D656-44E0-8A74-C48138C8AC78}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
      FirewallRules: [{8481BC9C-52A5-40E6-BC83-670F563C9389}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
      FirewallRules: [{AFB12365-BA01-446F-BAB8-A5562C6FBF2C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
      FirewallRules: [{61EBC8A4-4D9A-44C9-9F97-0E9B6187CF06}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
      FirewallRules: [{1358F7B1-B26B-4EBD-A8FE-ABE17161D98D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
      FirewallRules: [{8906941A-12C5-4D69-93C6-1A3F7B6CC5BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
      FirewallRules: [{9E217CF5-3E16-49AA-8F8C-577B830C6989}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
      FirewallRules: [{A3ADBAAA-B65F-41CA-AD9B-02DF61FBFE77}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
      FirewallRules: [{DB2D0344-8283-4827-B5D7-067061DD3187}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
      FirewallRules: [{F63470BB-8B7A-4548-B98B-6549C52F28A2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
      FirewallRules: [{CC69948E-D07E-441D-A214-8D0F48E8AF12}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
      FirewallRules: [{8791C52F-42A0-4C20-924B-AC458BEE9C08}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
      FirewallRules: [{42B1AD3D-BB43-4063-B1E2-56E450864B9A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
      FirewallRules: [{F3B76459-CFC0-4B26-A790-46CD3ABD704B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
      FirewallRules: [{84D6914F-AC58-4E03-9BF1-DB10415358CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
      FirewallRules: [{0F5EA689-3C5C-4B36-8701-1944E662BF79}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
      FirewallRules: [{F693E306-64CB-4F5F-8E58-5E07BACB536C}] => (Allow) C:\Users\Carlos\AppData\Roaming\ACEStream\engine\ace_engine.exe
      FirewallRules: [{AC5F1075-2CA5-4ED6-B59D-AF68890E5C61}] => (Allow) C:\Users\Carlos\AppData\Roaming\ACEStream\engine\ace_engine.exe
      FirewallRules: [{BEB9045B-939F-4C1C-B2A2-82CC6ED07CD0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{F63C0A4F-B5EA-420C-9AB9-AEB7E6F8DC76}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [UDP Query User{E138435F-6572-460D-BA7D-801793084CA7}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
      FirewallRules: [TCP Query User{EE084AC0-2E64-4DFF-9B21-96ECA03430F5}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
      FirewallRules: [{27BAD25D-FD1A-42C2-83F3-8AC1A47BED94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{C772E0DC-7FA1-4BDB-BA6A-560D84C3B568}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{B4982277-C27A-4F57-87E2-792FE9C2C79B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{DADBC05F-95A9-4E3E-B4E9-FFBD987AD01B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [TCP Query User{2652FC76-8EF0-4F02-A026-B677D2756748}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
      FirewallRules: [UDP Query User{C99876A8-CFFD-4542-B512-02982B91817B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
      FirewallRules: [{26F02F4F-394E-41F5-9BC7-4502B1520DB1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      FirewallRules: [TCP Query User{F5F36C07-A9AF-40CB-89C7-E16E8B9BCD78}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\freetime\formatfactory\formatfactory.exe
      FirewallRules: [UDP Query User{0816F5A9-FC9D-4F70-9EF5-9FAB8F845333}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\freetime\formatfactory\formatfactory.exe
      FirewallRules: [{83145682-4F38-40A9-A3A5-2B45DECBA6F4}] => (Block) C:\program files (x86)\freetime\formatfactory\formatfactory.exe
      FirewallRules: [{B749C876-5A62-4445-8D6F-9DD2313616F3}] => (Block) C:\program files (x86)\freetime\formatfactory\formatfactory.exe
      StandardProfile\AuthorizedApplications: [C:\Users\Carlos\Desktop\PELICULAS\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

      ==================== Restore Points =========================

      21-09-2017 18:48:20 Punto de control programado
      28-09-2017 16:40:28 JRT Pre-Junkware Removal

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (09/28/2017 04:38:58 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: MicrosoftEdgeCP.exe, versión: 11.0.15063.608, marca de tiempo: 0x59ae240c
      Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
      Código de excepción: 0xc0000604
      Desplazamiento de errores: 0x0000000000000000
      Identificador del proceso con errores: 0x1ecc
      Hora de inicio de la aplicación con errores: 0x01d3386766c0d605
      Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      Ruta de acceso del módulo con errores: unknown
      Identificador del informe: 874da236-ca90-44b9-86fe-b332c5bd4d2e
      Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
      Identificador de aplicación relativa del paquete con errores: ContentProcess

      Error: (09/28/2017 03:59:29 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: MicrosoftEdgeCP.exe, versión: 11.0.15063.608, marca de tiempo: 0x59ae240c
      Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
      Código de excepción: 0xc0000604
      Desplazamiento de errores: 0x0000000000000000
      Identificador del proceso con errores: 0x6d8
      Hora de inicio de la aplicación con errores: 0x01d33861f118b38b
      Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      Ruta de acceso del módulo con errores: unknown
      Identificador del informe: 8fe430eb-2cd6-4a06-8d2f-fde26ef38bf1
      Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
      Identificador de aplicación relativa del paquete con errores: ContentProcess

      Error: (09/28/2017 03:59:12 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: MicrosoftEdgeCP.exe, versión: 11.0.15063.608, marca de tiempo: 0x59ae240c
      Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
      Código de excepción: 0xc0000604
      Desplazamiento de errores: 0x0000000000000000
      Identificador del proceso con errores: 0x6d8
      Hora de inicio de la aplicación con errores: 0x01d33861f118b38b
      Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      Ruta de acceso del módulo con errores: unknown
      Identificador del informe: 0eb91ec2-907f-4500-85af-a1432398b995
      Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
      Identificador de aplicación relativa del paquete con errores: ContentProcess

      Error: (09/28/2017 03:57:48 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: MicrosoftEdgeCP.exe, versión: 11.0.15063.608, marca de tiempo: 0x59ae240c
      Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
      Código de excepción: 0xc0000604
      Desplazamiento de errores: 0x0000000000000000
      Identificador del proceso con errores: 0x1908
      Hora de inicio de la aplicación con errores: 0x01d33861c3c8fbf6
      Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      Ruta de acceso del módulo con errores: unknown
      Identificador del informe: a9ccf541-0739-4e12-a531-ebb2e4a93489
      Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
      Identificador de aplicación relativa del paquete con errores: ContentProcess

      Error: (09/28/2017 03:55:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carlos-PC)
      Description: No se pudo activar la aplicación Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

      Error: (09/28/2017 03:55:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carlos-PC)
      Description: No se pudo activar la aplicación Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess debido al error: -2147023170. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

      Error: (09/28/2017 03:54:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carlos-PC)
      Description: No se pudo activar la aplicación Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess debido al error: -2144927142. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

      Error: (09/28/2017 03:54:58 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: MicrosoftEdgeCP.exe, versión: 11.0.15063.608, marca de tiempo: 0x59ae240c
      Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
      Código de excepción: 0xc0000604
      Desplazamiento de errores: 0x0000000000000000
      Identificador del proceso con errores: 0x1f08
      Hora de inicio de la aplicación con errores: 0x01d338615f62dbca
      Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      Ruta de acceso del módulo con errores: unknown
      Identificador del informe: abfa4cb5-9e84-43ee-8ce0-b6ceb10b43cc
      Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
      Identificador de aplicación relativa del paquete con errores: ContentProcess

      Error: (09/28/2017 03:54:43 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: MicrosoftEdgeCP.exe, versión: 11.0.15063.608, marca de tiempo: 0x59ae240c
      Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
      Código de excepción: 0xc0000604
      Desplazamiento de errores: 0x0000000000000000
      Identificador del proceso con errores: 0x1604
      Hora de inicio de la aplicación con errores: 0x01d3386155ca8d21
      Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      Ruta de acceso del módulo con errores: unknown
      Identificador del informe: 8f6565ce-b78f-4c51-bc78-081be6174d7c
      Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
      Identificador de aplicación relativa del paquete con errores: ContentProcess

      Error: (09/28/2017 03:54:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
      Description: El programa firefox.exe, versión 55.0.3.6445, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

      Identificador de proceso: 10b4

      Hora de inicio: 01d33860e304142f

      Hora de finalización: 28

      Ruta de la aplicación: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

      Identificador de informe: 85846063-a76c-4687-a11b-985778cbe009

      Nombre completo de paquete con errores:

      Identificador de aplicación relativa del paquete con errores:


      System errors:
      =============
      Error: (09/28/2017 04:35:31 PM) (Source: bowser) (EventID: 8016) (User: )
      Description: El controlador de examinadores ha recibido demasiados datagramas ilegales del equipo LIVEBOX al nombre CARLOS-PC en el transporte NetBT_Tcpip_{A981459E-2BE3-4CF2-B5D5-71AE8DD473A3}. Los datos son el datagrama.
      Ningún evento más se generará hasta que termine la frecuencia establecida.

      Error: (09/28/2017 04:35:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio NetTcpActivator depende del servicio NetTcpPortSharing, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

      Error: (09/28/2017 04:35:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio CldFlt no pudo iniciarse debido al siguiente error:
      Solicitud no compatible.

      Error: (09/28/2017 04:35:19 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
      Description: La DLL de notificación de contraseña "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" no se pudo cargar y dio el error 126. Compruebe que la ruta de acceso de la DLL de notificación definida en el registro, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, haga referencia a una ruta de acceso correcta y absoluta (<unidad>:\<ruta de acceso>\<nombre de archivo>.<ext>) y no a una ruta de acceso relativa o no válida. Si la ruta de acceso de la DLL es correcta, valide que los archivos auxiliares se encuentren en el mismo directorio, y que la cuenta del sistema tenga acceso de lectura tanto en la ruta de acceso de la DLL, como en los archivos auxiliares. Póngase en contacto con el proveedor de la DLL de notificación para obtener soporte adicional. Si desea obtener más detalles visite http://go.microsoft.com/fwlink/?LinkId=245898.

      Error: (09/28/2017 04:28:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Intel Security True Key terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

      Error: (09/28/2017 04:28:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Windows Presentation Foundation Font Cache 3.0.0.0 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

      Error: (09/28/2017 04:28:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Message Queue Server terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

      Error: (09/28/2017 04:28:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Intel(R) HD Graphics Control Panel Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (09/28/2017 04:28:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Intel Security True Key Helper Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (09/28/2017 04:28:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Servicio Bonjour se terminó de manera inesperada. Esto ha sucedido 1 veces.


      ==================== Memory info ===========================

      Processor: Intel(R) Celeron(R) CPU G1620 @ 2.70GHz
      Percentage of memory in use: 46%
      Total physical RAM: 3975.19 MB
      Available physical RAM: 2117.88 MB
      Total Virtual: 8071.19 MB
      Available Virtual: 6216.63 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:464.82 GB) (Free:401.21 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 98A6CDC8)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=464.8 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=863 MB) - (Type=27)

      ==================== End of Addition.txt ============================

    7. #7
      Moderador
      Avatar de @MiguelRiaguel
      Registrado
      dic 2008
      Ubicación
      España
      Mensajes
      12.069

      Re: Posible virus Reimage Repaire

      Hola de nuevo:

      Realiza los pasos indicados en nuestra Guía para cambiar las DNSs con la herramienta IF-DNS.exe

      A continuación, sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro:

      • Para hacerlo descarga >> DelFix.exe en tu escritorio.

        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

        • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación, ve a:

      Inicio >>> Ejecutar >>>Escribes notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      Winlogon\Notify\igfxcui: igfxdev.dll [X]
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      Tcpip\..\Interfaces\{a981459e-2be3-4cf2-b5d5-71ae8dd473a3}: [NameServer] 82.163.143.172,82.163.142.174
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://es.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_06&param1=1&param2=f%3D1%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0B0B0AzyyBtA0BtAtC0BtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0A0C0FzztC0BtCtGtB0EtByCtGtByCtB0BtGtByCzy0EtGtDtCyCyCyBzytDtB0EtCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0B0DtDtCyC0EtCtGzzzz0F0DtGyEyD0A0AtGzz0FzztBtGzzzztAtBtDzy0EzzyDyCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzyyDyC%26cr%3D1702891191%26a%3Dwbf_fs_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro%2BN
      SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://es.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0B0B0AzyyBtA0BtAtC0BtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0A0C0FzztC0BtCtGtB0EtByCtGtByCtB0BtGtByCzy0EtGtDtCyCyCyBzytDtB0EtCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0B0DtDtCyC0EtCtGzzzz0F0DtGyEyD0A0AtGzz0FzztBtGzzzztAtBtDzy0EzzyDyCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzyyDyC%26cr%3D1702891191%26a%3Dwbf_fs_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro%2BN&p={searchTerms}
      SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://es.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0B0B0AzyyBtA0BtAtC0BtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0A0C0FzztC0BtCtGtB0EtByCtGtByCtB0BtGtByCzy0EtGtDtCyCyCyBzytDtB0EtCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0B0DtDtCyC0EtCtGzzzz0F0DtGyEyD0A0AtGzz0FzztBtGzzzztAtBtDzy0EzzyDyCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzyyDyC%26cr%3D1702891191%26a%3Dwbf_fs_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro%2BN&p={searchTerms}
      SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://es.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0B0B0AzyyBtA0BtAtC0BtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0A0C0FzztC0BtCtGtB0EtByCtGtByCtB0BtGtByCzy0EtGtDtCyCyCyBzytDtB0EtCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0B0DtDtCyC0EtCtGzzzz0F0DtGyEyD0A0AtGzz0FzztBtGzzzztAtBtDzy0EzzyDyCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzyyDyC%26cr%3D1702891191%26a%3Dwbf_fs_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro%2BN&p={searchTerms}
      SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.?<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hxxp://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://es.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0B0B0AzyyBtA0BtAtC0BtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0A0C0FzztC0BtCtGtB0EtByCtGtByCtB0BtGtByCzy0EtGtDtCyCyCyBzytDtB0EtCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0B0DtDtCyC0EtCtGzzzz0F0DtGyEyD0A0AtGzz0FzztBtGzzzztAtBtDzy0EzzyDyCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzyyDyC%26cr%3D1702891191%26a%3Dwbf_fs_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro%2BN&p={searchTerms}
      FF Extension: (Music Start) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\Extensions\[email protected] [2017-02-15]
      FF Extension: (Movies Start) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\Extensions\[email protected] [2017-02-15]
      FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\extensions\[email protected] => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\extensions\[email protected] => not found
      FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\extensions\[email protected] => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\extensions\[email protected] => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\extensions\[email protected] => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\extensions\[email protected] => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\4ileexe7.default\extensions\[email protected] => not found
      FF HKU\S-1-5-21-3465795896-1197667706-1526052496-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Carlos\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
      FF Plugin HKU\S-1-5-21-3465795896-1197667706-1526052496-1000: @acestream.net/acestreamplugin,version=3.1.16 -> C:\Users\Carlos\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
      CHR dev: Chrome dev build detected! <==== ATTENTION
      2017-09-25 08:50 - 2017-09-25 08:50 - 000604928 _____ (Reimage) C:\Users\Carlos\Downloads\ReimageRepair(1).exe
      ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
      ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
      ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
      ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
      ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
      Task: {4EC38277-B27A-4A8A-8950-C1035B25DEB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
      Task: {5610D944-31EB-4DE0-B06D-A32B82E066BB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
      Task: {6177BBA6-8F78-44C3-AE4D-AD0E8BDA9D3F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
      Task: {68B1D2F6-FF6B-4D46-9FE4-DDB967944E69} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
      Task: {71A12140-9654-4D44-8EA2-24671B8D3403} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
      Task: {7E8CE3C5-16B1-4A05-A7EF-326A962E8CB8} - System32\Tasks\WinThruster64-Carlos-Notification => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== ATTENTION
      Task: {851D78D9-5846-4E96-89FA-F9AA867DCF1C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
      Task: {A2A529AB-213C-448E-9739-D2AF9DE04B1A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
      Task: {B8DA71A6-82FB-41F4-A7FC-DE402880A84C} - System32\Tasks\Yahoo! Powered sorom => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\{84F34190-0EB1-CB56-8877-55141235DEDA}\nofe.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b38344633343139302d304542312d434235362d383837372d3535313431323335444544417d5c74696c6f6461" "433a5c50726f6772616d446174615c7b38344633343139302d304542312d434235362d383837 (the data entry has 78 more characters). <==== ATTENTION
      Task: {C6796F07-B8A4-4254-B585-9640FA9096DB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
      Task: {E2F4EEC9-5DF6-42DD-9468-3DBB334472C8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
      Task: {E7917A4A-8314-4F06-BE69-AA4C7B74CB5A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
      Task: {F78BA6D4-26E0-46E8-B4F0-0ECC80945FDB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
      Task: C:\WINDOWS\Tasks\WinThruster64-Carlos-Notification.job => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== ATTENTION
      Task: C:\WINDOWS\Tasks\Yahoo! Powered sorom.job => Wscript.exe C:\ProgramData\{84F34190-0EB1-CB56-8877-55141235DEDA}\nofe.txt <==== ATTENTION
      
      CMD:  ipconfig /release 
      CMD:  ipconfig /renew 
      CMD:  ipconfig /flushdns 
      CMD:  ipconfig /registerdns
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.
      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.


      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Reinicias el equipo y comentas como sigue funcionando todo.
      Saludos.
      El problema de los virus es pasajero y durará un par de años / John McAfee - fundador de McAfee

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.