Scanzie

Thing is, this is already a new fresh installation and I never had infections before nor do I tamper the registry. Interestingly enough, it isn't appearing in the Temp folder. I'd rather prefer this, TBH as I don't have a thumb drive large enough to back up things and cannot buy one either.

Here. I wonder why the Event Log and below shows up quite a bunch of errors. I have to run /sfc scannow and /dism quite frequently because there is always some corruption getting (successfuly) fixed, Chkdsk never finds anything, I do have drivers updated and yet sometimes this PC goes a bit weird and for example, an important excel file I need got damaged and Windows cannot extract from some compressed folders. I thought it might be some sort of malware, but nothing is coming out either. FRST.txt Addition.txt

Also, I ran MS Safety Scanner. It said it found 35 infected files, but it just says it removed VirTool:Win32/DefenderTamperingRestore, which if I'm not mistaken, usually comes out as a false positive. Here is the log anyways. msert.log

I don't ever recall tampering with things to make these things appear: HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION Or whatever this means: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\Temp\aswa2b4b00da4490296.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

After 20 hours, MBAM scan came out clean. No idea why it is taking longer than usual. I also ran ESET online scanner for the hell of it and it only flagged one remaining file of a previous Avast installation in a secondary drive. I'm still curious about those [Atention] details in the FRST log.

I forgot to add, I ran MBAM's Anti-Adware afterwards, which came out clean.

I run constant scans with MBAM. However, the lastest one found some stuff. The moment before I decided to run a scan, Win10 was running weird, with Firefox not being able to open up and immediately crashing after starting, Chrome able to start but not able to load tabs and MBAM not having enough memory to start. These things disappeared after a reboot and then I could run the scan. The logs are attached and together with the FRST and Addition. Addition.txt FRST.txt mbam log.txt

I went away while the installation was on course. I came back when it finished, and it is missing, again. Specifically, it is missing avastui.exe .

That was when I started repairing this laptop, noticed it was missing, and reinstalled it. I reinstalled it again today after all that.

I've noticed that Avast antivirus and the main .exe file keeps disappearing, as in, the files go missing and the service does not exist. I did install it on request because when I got asked to fix the computer, it had disappeared, installed it, and disappeared again now.

It loads up much faster, it boots correctly, no redirects. Malwarebytes did a scan and did not find anything. But I noticed a desktop.ini appearing in downloads out of nowhere. The malware MBAM removed, has been removed at least twice and it has kept popping up. Right now it has not, but I don't know if it can keep reappearing. The laptop also has plenty of folders all around that get an Access Denied popup if tried to open.

CHKDSK log said it found nothing, and it was okay. Here it is the report, but in Spanish: As for the CBS log, SFC did find and fix stuff. Interestingly, the lastest CBS log of that SFC was tiny compared to other previous logs, one from a few hours before, and one from yesterday. I put them in the zip just in case, and with the lastest log. Nuevo Archivo WinRAR ZIP.zip

MBAM scan did not find anything. Here is the log in case: Malwarebytes www.malwarebytes.com -Detalles del registro- Fecha del análisis: 12/5/20 Hora del análisis: 18:51 Archivo de registro: 26f45a5c-94a3-11ea-b62c-089e0175137f.json -Información del software- Versión: 4.1.0.56 Versión de los componentes: 1.0.896 Versión del paquete de actualización: 1.0.23734 Licencia: Prueba -Información del sistema- SO: Windows 10 (Build 18362.778) CPU: x64 Sistema de archivos: NTFS Usuario: Juan\Juan Munzenmayer -Resumen del análisis- Tipo de análisis: Análisis de amenazas Análisis iniciado por:: Manual Resultado: Completado Objetos analizados: 309052 Amenazas detectadas: 0 Amenazas en cuarentena: 0 Tiempo transcurrido: 22 min, 36 seg -Opciones de análisis- Memoria: Activado Inicio: Activado Sistema de archivos: Activado Archivo: Activado Rootkits: Activado Heurística: Activado PUP: Detectar PUM: Detectar -Detalles del análisis- Proceso: 0 (No hay elementos maliciosos detectados) Módulo: 0 (No hay elementos maliciosos detectados) Clave del registro: 0 (No hay elementos maliciosos detectados) Valor del registro: 0 (No hay elementos maliciosos detectados) Datos del registro: 0 (No hay elementos maliciosos detectados) Secuencia de datos: 0 (No hay elementos maliciosos detectados) Carpeta: 0 (No hay elementos maliciosos detectados) Archivo: 0 (No hay elementos maliciosos detectados) Sector físico: 0 (No hay elementos maliciosos detectados) WMI: 0 (No hay elementos maliciosos detectados) (end)

Nombre de imagen PID Servicios ========================= ======== ============================================= System Idle Process 0 N/D System 4 N/D Registry 88 N/D smss.exe 392 N/D csrss.exe 672 N/D wininit.exe 748 N/D csrss.exe 760 N/D services.exe 840 N/D winlogon.exe 848 N/D lsass.exe 856 KeyIso, SamSs, VaultSvc svchost.exe 992 PlugPlay fontdrvhost.exe 1000 N/D fontdrvhost.exe 1008 N/D svchost.exe 596 BrokerInfrastructure, DcomLaunch, Power, SystemEventsBroker svchost.exe 740 RpcEptMapper, RpcSs svchost.exe 744 LSM dwm.exe 1100 N/D svchost.exe 1184 NcbService svchost.exe 1236 DisplayEnhancementService svchost.exe 1288 hidserv svchost.exe 1312 CoreMessagingRegistrar svchost.exe 1328 TimeBrokerSvc svchost.exe 1384 EventLog svchost.exe 1532 StateRepository svchost.exe 1544 DispBrokerDesktopSvc svchost.exe 1576 camsvc svchost.exe 1604 nsi RapportMgmtService.exe 1696 RapportMgmtService svchost.exe 1708 Dhcp svchost.exe 1832 ProfSvc svchost.exe 1856 NlaSvc svchost.exe 1868 Schedule svchost.exe 1896 SEMgrSvc svchost.exe 1948 UserManager svchost.exe 2036 FontCache svchost.exe 1808 Dnscache svchost.exe 2152 EventSystem svchost.exe 2168 SysMain svchost.exe 2184 Themes svchost.exe 2212 netprofm Memory Compression 2272 N/D svchost.exe 2292 SENS igfxCUIService.exe 2364 igfxCUIService1.0.0.0 svchost.exe 2404 AudioEndpointBuilder svchost.exe 2464 Audiosrv svchost.exe 2584 DusmSvc svchost.exe 2592 Wcmsvc svchost.exe 2732 WinHttpAutoProxySvc svchost.exe 2796 WlanSvc svchost.exe 2852 ShellHWDetection spoolsv.exe 2948 Spooler svchost.exe 2992 BFE, mpssvc svchost.exe 3032 LanmanWorkstation svchost.exe 2500 DeviceAssociationService dasHost.exe 2748 N/D svchost.exe 3088 SSDPSRV mDNSResponder.exe 3208 Bonjour Service svchost.exe 3216 CryptSvc svchost.exe 3228 DiagTrack svchost.exe 3248 DPS RIconMan.exe 3272 IconMan_R dsiwmis.exe 3280 DsiWMIService svchost.exe 3296 Winmgmt HeciServer.exe 3324 Intel(R) Capability Licensing Service Interfa ce Jhi_service.exe 3344 jhi_service svchost.exe 3404 LanmanServer RfBtnSvc64.exe 3420 RfButtonDriverService SynTPEnhService.exe 3444 SynTPEnhService svchost.exe 3484 stisvc svchost.exe 3504 SstpSvc svchost.exe 3548 TrkWks svchost.exe 3572 WpnService svchost.exe 3664 iphlpsvc svchost.exe 3760 WdiServiceHost svchost.exe 3876 lmhosts svchost.exe 3948 RasMan MBAMService.exe 4088 MBAMService svchost.exe 3564 fdPHost svchost.exe 4120 NcdAutoSetup WmiPrvSE.exe 4440 N/D svchost.exe 4476 FDResPub SynTPEnh.exe 5036 N/D LMutilps32.exe 4212 N/D sihost.exe 5176 N/D svchost.exe 5224 CDPUserSvc_61f0e svchost.exe 5304 WpnUserService_61f0e taskhostw.exe 5376 N/D GoogleUpdate.exe 5532 N/D svchost.exe 5636 TokenBroker svchost.exe 5684 TabletInputService ctfmon.exe 5828 N/D svchost.exe 6076 CDPSvc svchost.exe 6120 Appinfo SynTPHelper.exe 5280 N/D explorer.exe 5260 N/D svchost.exe 6028 PcaSvc LManager.exe 5564 N/D svchost.exe 5268 cbdhsvc_61f0e unsecapp.exe 1028 N/D MMDx64Fx.exe 6348 N/D mbamtray.exe 6404 N/D igfxEM.exe 6496 N/D igfxext.exe 6520 N/D igfxHK.exe 6584 N/D igfxTray.exe 6616 N/D AppleMobileDeviceService. 6828 Apple Mobile Device Service RapportInjService_x64.exe 6924 N/D StartMenuExperienceHost.e 2808 N/D RuntimeBroker.exe 6792 N/D IntelMeFWService.exe 4064 Intel(R) ME Service svchost.exe 6740 OneSyncSvc_61f0e RapportService.exe 6372 N/D LMS.exe 7140 LMS SearchUI.exe 4028 N/D svchost.exe 6624 LicenseManager RapportInjService_x64.exe 5572 N/D ApplicationFrameHost.exe 6472 N/D MicrosoftEdge.exe 6460 N/D SkypeBackgroundHost.exe 6388 N/D YourPhone.exe 7200 N/D RuntimeBroker.exe 7276 N/D SkypeApp.exe 7592 N/D browser_broker.exe 7660 N/D SearchIndexer.exe 7840 WSearch dllhost.exe 7860 N/D RuntimeBroker.exe 3380 N/D RuntimeBroker.exe 7948 N/D RuntimeBroker.exe 8560 N/D smartscreen.exe 8776 N/D SecurityHealthSystray.exe 8916 N/D SecurityHealthService.exe 9076 SecurityHealthService RAVCpl64.exe 9108 N/D svchost.exe 7120 WdiSystemHost RuntimeBroker.exe 8816 N/D SgrmBroker.exe 9184 SgrmBroker MicrosoftEdgeSH.exe 8904 N/D MicrosoftEdgeCP.exe 8444 N/D svchost.exe 8196 InstallService MicrosoftEdgeCP.exe 9000 N/D svchost.exe 8296 UsoSvc svchost.exe 5600 wscsvc UNS.exe 9816 UNS svchost.exe 10096 StorSvc svchost.exe 8592 ClipSVC Video.UI.exe 1224 N/D RuntimeBroker.exe 2688 N/D ShellExperienceHost.exe 7900 N/D RuntimeBroker.exe 6532 N/D chrome.exe 6548 N/D chrome.exe 2980 N/D chrome.exe 4236 N/D chrome.exe 6956 N/D chrome.exe 6712 N/D chrome.exe 3500 N/D chrome.exe 2176 N/D chrome.exe 2228 N/D cmd.exe 4224 N/D conhost.exe 8932 N/D RapportHelper.exe 2624 N/D chrome.exe 6940 N/D chrome.exe 3740 N/D chrome.exe 7896 N/D chrome.exe 7800 N/D audiodg.exe 6240 N/D svchost.exe 7872 BITS backgroundTaskHost.exe 8556 N/D RuntimeBroker.exe 4380 N/D RuntimeBroker.exe 8288 N/D svchost.exe 4668 wuauserv WmiPrvSE.exe 9460 N/D backgroundTaskHost.exe 10156 N/D cmd.exe 9564 N/D conhost.exe 7820 N/D WindowsInternal.Composabl 9352 N/D tasklist.exe 4972 N/D

I ran it as the first thing. It said it was succesfully applied and needed a restart. So it shut down, but got stuck in "Preparing Windows. Do not turn off", and has been like that for hours now.

What's that fixlist for? When I was installing MBAM from that link, I went somewhere else, and finished and started scanning before I could put the setting you said. It had found stuff. I stopped, quarantined them, and then started another scan with the settings, finding more stuff, and MBAM wanted to make a reboot after quarantine, so there are 2 logs. It found the very same stuff that had already found, quarantined and deleted referenced in the first post. # ------------------------------- # Malwarebytes AdwCleaner 8.0.4.0 # ------------------------------- # Build: 04-03-2020 # Database: 2020-04-08.2 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 05-12-2020 # Duration: 00:00:13 # OS: Windows 10 Home Single Language # Cleaned: 2 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\ProgramData\pctonics.com ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.AcerGames Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent acer Master Uninstall ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1563 octets] - [12/05/2020 12:40:27] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## When typing that command into Run, it says it does not find it and to create a new notepad file. Looking up that folder there is this log called msert.log --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.0, (build 1.315.501.0) Started On Tue May 12 12:54:22 2020 ->Scan ERROR: resource process://pid:88,ProcessStart:132337756395371174 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:392,ProcessStart:132337756476063556 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:672,ProcessStart:132337756713782116 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:744,ProcessStart:132337756718298475 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:756,ProcessStart:132337756718415762 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:872,ProcessStart:132337756719989781 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:2272,ProcessStart:132337756762917059 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4196,ProcessStart:132337756839069951 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4528,ProcessStart:132337756953063742 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1748,ProcessStart:132337758063586362 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:8936,ProcessStart:132337758620928471 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:6784,ProcessStart:132337758676975616 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:7276,ProcessStart:132337759063404843 (code 0x0000012B (299)) ->Scan ERROR: resource process://pid:9808,ProcessStart:132337759425160681 (code 0x0000012B (299)) ->Scan ERROR: resource process://pid:10192,ProcessStart:132337759846312137 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:10480,ProcessStart:132337760410973084 (code 0x0000012B (299)) ->Scan ERROR: resource process://pid:10856,ProcessStart:132337760576129472 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4528,ProcessStart:132337756953063742 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1748,ProcessStart:132337758063586362 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4196,ProcessStart:132337756839069951 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:6784,ProcessStart:132337758676975616 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:8936,ProcessStart:132337758620928471 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:10856,ProcessStart:132337760576129472 (code 0x00000005 (5)) ->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33)) ->Scan ERROR: resource process://pid:4196,ProcessStart:132337756839069951 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4196,ProcessStart:132337756839069951 (code 0x00000005 (5)) Quick Scan Results for 529D552A-8B06-4DEB-BD2D-C667F2834BA1: ---------------- Threat detected: VirTool:Win32/DefenderTamperingRestore regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware SigSeq: 0x0000055555C57273 Quick Scan Removal Results ---------------- Start 'remove' for regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware Operation succeeded ! Results Summary: ---------------- Found VirTool:Win32/DefenderTamperingRestore and Removed! Microsoft Safety Scanner Finished On Tue May 12 13:10:27 2020 Return code: 6 (0x6) MBAM log 2.txt MBAM log 1.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-05-2020 Ran by Juan Munzenmayer (administrator) on JUAN (Acer Aspire E1-431) (11-05-2020 19:01:30) Running from C:\Users\Juan Munzenmayer\Desktop Loaded Profiles: Juan Munzenmayer Platform: Windows 10 Home Single Language Version 1903 18362.778 (X64) Language: Español (España, internacional) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc. -> Dritek System INC.) C:\Windows\RfBtnSvc64.exe (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe <2> (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxTray.exe (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\fodhelper.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.772_none_5f13f94c58ff41d3\TiWorker.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\NisSrv.exe (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [105280 2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Juan Munzenmayer\AppData\Local\Microsoft\Teams\Update.exe [2347880 2020-04-23] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\MountPoints2: {ce661da2-7489-11ea-bf77-089e0175137f} - "F:\SETUP.EXE" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-10] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{07AA0886-CC8D-4e19-A410-1C75AF686E62}] -> C:\Windows\System32\l2nacp.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Authentication\Credential Providers: [{33c86cd6-705f-4ba1-9adb-67070b837775}] -> C:\Windows\System32\l2nacp.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Authentication\Credential Provider Filters: [{edd749de-2ef1-4a80-98d1-81f20e6df58e}] -> C:\Windows\System32\l2nacp.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02527CA5-9B7F-4AE2-A6A0-2B9D974E59CE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {0780DB95-7C0A-4721-9094-EF7798944C5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {0B5E46D0-ADB5-4D93-859E-095495E1898C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software) Task: {0BE6053D-EF2B-434C-8A68-A5285BB88C15} - \WPD\SqmUpload_S-1-5-21-2145402764-1715483592-2898523831-1001 -> No File <==== ATTENTION Task: {0EA0DA5F-945F-4F4B-BD20-EE6675114AA0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-14] (Adobe Inc. -> Adobe) Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {152D835A-179F-4292-B32F-24C58F41E68D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.) Task: {1CC5467D-ABC2-43C4-9249-D05B6F598391} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {20F06B7B-A240-4C17-9B09-E27A134789C5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-10] (Piriform Software Ltd -> Piriform Software Ltd) Task: {219FA528-D561-4D4F-ABCD-AB5DF5CEC5DA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {236874E7-6EE3-450D-9E05-BF76EC8C4681} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {2AF7C6B9-F13A-48F0-9ABE-577338464499} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd) Task: {2E5F4B78-856B-4C0F-AAF7-7CCC0ABB95D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {41BB3E64-CA99-409F-8F5A-5C5DF8F598F3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-14] (Adobe Inc. -> Adobe) Task: {566FFE7C-EAF9-4414-AF66-FAF556F46FE9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {583DDD00-0E60-47FD-A611-0F60D3DEBC51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Task: {5A49EF43-A2A1-42EE-9014-FA269F044625} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) Task: {5B640E50-0BE1-4E5E-B46B-62F775327356} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {875C273C-5E66-49F6-9162-C42196C6D001} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {8ECE8EC1-6C31-4128-9B2E-27060F643A71} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {930CB162-5797-419F-A267-43A30A61F1DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {AA432DFA-7A32-4794-AE48-5DA9B13786C8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {AD9A9430-3DDC-4447-B88A-7847E9BA9F77} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {BB193B5C-610F-4FB1-A36F-5BE6EF0F738A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C06CE0BD-A66F-4939-8496-E55819C5FBC1} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [4227672 2017-01-17] (Synaptics Incorporated -> Synaptics Incorporated) Task: {C1477C45-92AA-41A0-9B09-DC3FDD01EC6F} - System32\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001 => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupload.exe [32256 2020-04-19] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {C846A672-86E7-4D53-A119-A19C2EEE0AC4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {CFEA85FB-4711-4B45-A9C9-23AB5D966519} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {E484AFBD-CD6D-4788-AA84-95976C8DC2FB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {F1C215E8-8D1E-47AE-8608-3FAB797FC1A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {F282A8A6-AD1A-4A86-BA12-76BFA0BDD888} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {F4EAC96E-8AA4-4812-87BD-385EBE6B278F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {F9447E7D-67E3-401B-99D8-362F9472BD6E} - System32\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001 => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupdate.exe [32256 2020-04-19] (LogMeIn, Inc. -> LogMeIn, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupload.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 200.30.192.15 190.160.0.13 200.83.1.4 Tcpip\..\Interfaces\{1549aeaf-4602-4f9e-833c-b4e648ec31bf}: [DhcpNameServer] 200.30.192.15 190.160.0.13 200.83.1.4 Tcpip\..\Interfaces\{d0d926ef-cb08-4780-8b1f-dbd715d4717b}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKU\S-1-5-21-2145402764-1715483592-2898523831-1001 -> DefaultScope {054245C1-D986-4A92-8A2D-21B97A43ACE5} URL = SearchScopes: HKU\S-1-5-21-2145402764-1715483592-2898523831-1001 -> {054245C1-D986-4A92-8A2D-21B97A43ACE5} URL = BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: q5y3ob57.default FF ProfilePath: C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default [2020-05-10] FF Extension: (IBM Security Rapport) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2020-03-23] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx] FF Extension: (Facebook Container) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default\Extensions\@contain-facebook.xpi [2018-06-16] FF Extension: (uBlock Origin) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default\Extensions\uBlock0@raymondhill.net.xpi [2018-06-16] FF Extension: (NoScript) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-06-16] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN) FF Plugin HKU\S-1-5-21-2145402764-1715483592-2898523831-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Juan Munzenmayer\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-09] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Juan Munzenmayer\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-04-09] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default [2020-05-10] CHR Notifications: Default -> hxxps://teams.microsoft.com; hxxps://www.latam.com; hxxps://www.skyairline.com; hxxps://www.youtube.com CHR StartupUrls: Default -> "hxxp://www.google.cl/" CHR Extension: (Documentos) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16] CHR Extension: (Google Drive) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (IBM Security Rapport) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-12-01] CHR Extension: (YouTube) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (uBlock Origin) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-04-21] CHR Extension: (Búsqueda de Google) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01] CHR Extension: (No Name) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-05-10] CHR Extension: (No Name) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-05-10] CHR Extension: (Documentos de Google sin conexión) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-20] CHR Extension: (Cisco Webex Extension) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-04-09] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05] CHR Extension: (Gmail) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01] CHR Extension: (Chrome Media Router) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-10] CHR Profile: C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-02-07] CHR Profile: C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-21] CHR HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc. -> Apple Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2466448 2012-09-12] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [317416 2018-09-19] (Intel Corporation -> Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation -> Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation) R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3001632 2019-10-06] (IBM -> IBM Corp.) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-01-08] (Dritek System Inc. -> Dritek System INC.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2017-01-17] (Synaptics Incorporated -> Synaptics Incorporated) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AMPPAL; C:\WINDOWS\System32\drivers\AMPPAL.sys [162344 2012-09-13] (Intel Corporation-Mobile Wireless Group -> Windows (R) Win 7 DDK provider) R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG) R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.) R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2019-03-19] (Microsoft Windows -> Intel Corporation) R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2013-01-08] (Dritek System Inc. -> Dritek System Inc.) S3 QRDCIO; C:\WINDOWS\System32\drivers\QRDCIO.sys [9728 2009-10-20] (Microsoft Windows Hardware Compatibility Publisher -> QUANTA) R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [429112 2019-10-06] (IBM -> IBM Corp.) R1 RapportCerberus_1950099; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1950099.sys [1466824 2019-12-11] (IBM -> IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [542112 2019-10-06] (IBM -> IBM Corp.) R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [395384 2019-10-06] (IBM -> IBM Corp.) R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [445240 2019-10-06] (IBM -> IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [560568 2019-10-06] (IBM -> IBM Corp.) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-30] (Synaptics Incorporated -> Synaptics Incorporated) R3 VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-04-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [394680 2020-04-30] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-04-30] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-05-11 19:01 - 2020-05-11 19:01 - 000000000 ____D C:\Users\Juan Munzenmayer\Desktop\FRST-OlderVersion 2020-05-10 17:51 - 2020-05-10 17:55 - 000032009 _____ C:\Users\Juan Munzenmayer\Desktop\Addition.txt 2020-05-10 17:45 - 2020-05-11 19:04 - 000027609 _____ C:\Users\Juan Munzenmayer\Desktop\FRST.txt 2020-05-10 17:44 - 2020-05-11 19:02 - 000000000 ____D C:\FRST 2020-05-10 17:42 - 2020-05-11 19:01 - 002285568 _____ (Farbar) C:\Users\Juan Munzenmayer\Desktop\FRST64English.exe 2020-05-10 08:03 - 2020-05-10 08:34 - 000000000 ____D C:\Scratch 2020-05-10 01:12 - 2020-05-10 01:12 - 000000000 _____ C:\Users\Juan Munzenmayer\Desktop\Nuevo documento de texto.txt 2020-05-10 01:09 - 2020-05-10 01:09 - 000000000 ____D C:\Program Files\Avast Software 2020-05-10 00:46 - 2020-05-10 12:20 - 000000000 ____D C:\ProgramData\HitmanPro 2020-05-10 00:41 - 2020-05-10 00:44 - 000303630 _____ C:\TDSSKiller.3.1.0.28_10.05.2020_00.41.15_log.txt 2020-05-09 23:14 - 2020-05-10 12:20 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2020-05-09 23:02 - 2020-05-09 23:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Roaming\SUPERAntiSpyware.com 2020-05-09 23:02 - 2020-05-09 23:02 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2020-05-09 22:44 - 2020-05-09 22:44 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\mbamtray 2020-05-09 22:44 - 2020-05-09 22:44 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\mbam 2020-05-09 22:43 - 2020-05-09 22:43 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-05-09 22:42 - 2020-05-09 22:42 - 000000000 ____D C:\Program Files\Malwarebytes 2020-05-07 15:46 - 2020-05-07 15:46 - 000034253 _____ C:\Users\Juan Munzenmayer\Downloads\dte-39-F567132226.pdf 2020-05-07 15:45 - 2020-05-07 15:45 - 000002828 _____ C:\Users\Juan Munzenmayer\Downloads\dte-ticket-F567132226.pdf 2020-05-05 16:04 - 2020-05-05 16:04 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup (3).exe 2020-05-05 16:00 - 2020-05-05 16:00 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup (2).exe 2020-05-05 15:57 - 2020-05-05 15:57 - 000001023 _____ C:\Users\Juan Munzenmayer\Desktop\Adobe Connect.lnk 2020-05-05 15:57 - 2020-05-05 15:57 - 000001009 _____ C:\Users\Juan Munzenmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Connect.lnk 2020-05-05 15:53 - 2020-05-05 15:53 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup.exe 2020-05-05 15:53 - 2020-05-05 15:53 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup (1).exe 2020-05-03 18:53 - 2020-05-03 18:53 - 000001305 _____ C:\Users\Juan Munzenmayer\Desktop\Oral and Maxillofacial Surgery - Lars Andersson & Karl-Erik Kahnberg & M Anthony Pogrel - sep, 2010.pdf - Acceso directo.lnk 2020-05-03 18:53 - 2014-08-10 23:29 - 054460331 _____ C:\Users\Juan Munzenmayer\Desktop\Oral and Maxillofacial Surgery - Lars Andersson & Karl-Erik Kahnberg & M Anthony Pogrel - sep, 2010.pdf 2020-05-03 18:53 - 2004-05-11 17:10 - 021872230 _____ C:\Users\Juan Munzenmayer\Desktop\25 Correction of dentofacial deformities.pdf 2020-05-03 16:23 - 2020-05-10 12:20 - 000000000 ____D C:\ProgramData\KMSAuto 2020-05-03 16:19 - 2020-05-03 16:25 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\MSfree Inc 2020-05-03 16:11 - 2020-05-04 16:45 - 000000000 ____D C:\Users\Juan Munzenmayer\Desktop\KMSAUTO.2018.V1.5.3 2020-05-03 14:07 - 2020-05-03 14:07 - 000353346 _____ C:\Users\Juan Munzenmayer\Downloads\Oral and Maxillofacial Surgery - E-Book_ 3-Volume Set - Raymond J. Fonseca - Google Libros.html 2020-05-03 14:07 - 2020-05-03 14:07 - 000000000 ____D C:\Users\Juan Munzenmayer\Downloads\Oral and Maxillofacial Surgery - E-Book_ 3-Volume Set - Raymond J. Fonseca - Google Libros_files 2020-05-03 12:55 - 2020-05-03 12:55 - 000767256 _____ C:\Users\Juan Munzenmayer\Downloads\AO_CMF_COVID_Survey.pdf 2020-05-03 09:36 - 2020-05-04 19:59 - 000017873 ____H C:\Users\Juan Munzenmayer\Desktop\~WRL0003.tmp 2020-05-03 00:22 - 2020-05-03 02:17 - 654334514 _____ C:\Users\Juan Munzenmayer\Desktop\EDEMA CLASE 1.mp4 2020-05-01 21:18 - 2020-05-01 21:18 - 000321820 _____ C:\Users\Juan Munzenmayer\Downloads\anomalia dentofacial.pdf 2020-04-30 09:27 - 2020-04-30 09:27 - 000421884 _____ C:\Users\Juan Munzenmayer\Downloads\10.1016@S1134-20721470768-6-1.pdf 2020-04-29 18:54 - 2020-04-29 18:54 - 000364472 _____ (LogMeIn, Inc.) C:\Users\Juan Munzenmayer\Downloads\GoToWebinar Opener (1).exe 2020-04-27 03:03 - 2020-04-27 03:03 - 011359528 _____ (Zoom Video Communications, Inc.) C:\Users\Juan Munzenmayer\Downloads\ZoomInstaller (1).exe 2020-04-24 17:57 - 2020-04-24 17:57 - 000030292 _____ C:\Users\Juan Munzenmayer\Downloads\Mauricio Carrasco Teletrabajo HGGB.xlsx 2020-04-24 17:55 - 2020-04-24 17:55 - 000017627 _____ C:\Users\Juan Munzenmayer\Downloads\actividades de Munzenmayer, Rivas, Garrido.xlsx 2020-04-23 10:15 - 2020-04-23 10:15 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Roaming\Microsoft Teams 2020-04-23 10:13 - 2020-04-23 10:17 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\SquirrelTemp 2020-04-23 10:06 - 2020-04-23 10:07 - 097229056 _____ (Microsoft Corporation) C:\Users\Juan Munzenmayer\Downloads\Teams_windows_x64.exe 2020-04-16 08:50 - 2020-04-23 10:00 - 000000710 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job 2020-04-16 08:50 - 2020-04-23 10:00 - 000000614 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job 2020-04-16 08:50 - 2020-04-19 15:19 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting 2020-04-16 08:50 - 2020-04-19 15:18 - 000003880 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001 2020-04-16 08:50 - 2020-04-19 15:18 - 000003784 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001 2020-04-16 08:49 - 2020-04-16 08:49 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\GoTo Opener 2020-04-15 16:12 - 2020-04-15 16:12 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe 2020-04-15 16:12 - 2020-04-15 16:12 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2020-04-15 16:11 - 2020-04-15 16:11 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2020-04-15 16:11 - 2020-04-15 16:11 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2020-04-15 16:11 - 2020-04-15 16:11 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2020-04-15 16:11 - 2020-04-15 16:11 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2020-04-15 16:11 - 2020-04-15 16:11 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin 2020-04-15 16:10 - 2020-04-15 16:10 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2020-04-15 16:10 - 2020-04-15 16:10 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe 2020-04-15 16:10 - 2020-04-15 16:10 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe 2020-04-15 16:10 - 2020-04-15 16:10 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe 2020-04-15 16:10 - 2020-04-15 16:10 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe 2020-04-15 16:10 - 2020-04-15 16:10 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2020-04-15 16:09 - 2020-04-15 16:09 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2020-04-15 16:09 - 2020-04-15 16:09 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys 2020-04-15 13:14 - 2020-03-16 23:57 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2020-04-15 13:14 - 2020-03-16 23:56 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2020-04-14 18:21 - 2020-04-14 18:22 - 003821217 _____ C:\Users\Juan Munzenmayer\Downloads\materials-13-00592-v2.pdf 2020-04-14 17:39 - 2020-04-14 17:40 - 004523065 _____ C:\Users\Juan Munzenmayer\Downloads\SERAM2012_S-0445.pdf 2020-04-11 23:21 - 2020-04-11 23:21 - 000136827 _____ C:\Users\Juan Munzenmayer\Downloads\BLOQUEO.html 2020-04-11 23:21 - 2020-04-11 23:21 - 000000000 ____D C:\Users\Juan Munzenmayer\Downloads\BLOQUEO_files ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-05-11 19:00 - 2019-09-29 00:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-05-11 19:00 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-05-11 12:34 - 2019-09-29 00:45 - 000004220 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{57CBA722-1D61-4F84-A209-7040C0319F68} 2020-05-11 12:31 - 2015-01-01 18:50 - 000000000 __SHD C:\Users\Juan Munzenmayer\IntelGraphicsProfiles 2020-05-10 22:56 - 2013-04-22 09:53 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-05-10 22:56 - 2013-04-22 09:53 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-05-10 22:01 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-05-10 22:01 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-05-10 17:55 - 2019-03-19 00:50 - 000000000 ____D C:\WINDOWS\INF 2020-05-10 17:35 - 2019-10-12 13:03 - 000002438 _____ C:\Users\Juan Munzenmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-05-10 17:35 - 2019-09-29 00:45 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2145402764-1715483592-2898523831-1001 2020-05-10 17:35 - 2015-08-30 21:54 - 000000000 ___RD C:\Users\Juan Munzenmayer\OneDrive 2020-05-10 17:32 - 2019-09-29 00:29 - 001773366 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-05-10 17:32 - 2019-03-19 07:59 - 000789814 _____ C:\WINDOWS\system32\perfh00A.dat 2020-05-10 17:32 - 2019-03-19 07:59 - 000156068 _____ C:\WINDOWS\system32\perfc00A.dat 2020-05-10 17:24 - 2019-09-29 00:16 - 000000000 ____D C:\Users\Juan Munzenmayer 2020-05-10 17:23 - 2019-09-29 00:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-05-10 12:21 - 2020-04-09 14:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\LocalLow\WebEx 2020-05-10 12:21 - 2020-04-09 14:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\WebEx 2020-05-10 12:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2020-05-10 12:20 - 2018-12-08 14:50 - 000000000 ____D C:\ProgramData\pctonics.com 2020-05-10 12:20 - 2018-09-07 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2020-05-10 12:20 - 2018-09-07 20:00 - 000000000 ____D C:\Program Files\CCleaner 2020-05-10 12:20 - 2013-01-08 14:41 - 000000000 ____D C:\ProgramData\Norton 2020-05-10 12:02 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\registration 2020-05-10 12:00 - 2013-05-17 17:34 - 000000000 ____D C:\ProgramData\AVAST Software 2020-05-10 08:34 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-05-09 23:08 - 2019-09-28 19:34 - 000000000 ___DC C:\WINDOWS\Panther 2020-05-09 23:08 - 2013-05-08 23:24 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\CrashDumps 2020-05-09 22:07 - 2018-04-01 10:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\Packages 2020-05-05 15:56 - 2013-04-22 02:03 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Roaming\Adobe 2020-04-30 21:59 - 2018-06-09 23:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2020-04-24 19:08 - 2013-05-01 21:04 - 000000000 ____D C:\Users\Juan Munzenmayer\Documents\clases - charlas 2020-04-23 16:27 - 2018-06-12 15:00 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\PlaceholderTileLogoFolder 2020-04-16 10:53 - 2013-05-04 23:23 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\ElevatedDiagnostics 2020-04-16 08:37 - 2019-09-29 00:05 - 000351592 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-04-16 00:23 - 2019-03-19 00:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SystemResources 2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\migwiz 2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Provisioning 2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2020-04-14 16:50 - 2019-09-29 00:45 - 000004626 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier 2020-04-14 16:50 - 2019-09-29 00:45 - 000004430 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater 2020-04-14 16:50 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2020-04-14 16:50 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Macromed 2020-04-11 09:44 - 2020-04-03 10:26 - 000000000 ____D C:\WINDOWS\KMSServerService ==================== Files in the root of some directories ======== 2013-09-07 10:24 - 2013-09-25 01:00 - 000000109 _____ () C:\Users\Juan Munzenmayer\AppData\Roaming\mbam.context.scan 2013-05-14 17:56 - 2020-03-31 15:36 - 000010752 _____ () C:\Users\Juan Munzenmayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Addition.txt

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 10-05-2020 03 Ejecutado por Juan Munzenmayer (administrador) sobre JUAN (Acer Aspire E1-431) (10-05-2020 17:45:04) Ejecutado desde C:\Users\Juan Munzenmayer\Desktop Perfiles cargados: Juan Munzenmayer Platform: Windows 10 Home Single Language Versión 1903 18362.778 (X64) Idioma: Español (España, internacional) Navegador predeterminado: Edge Modo de Inicio: Normal Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesos (Lista blanca) ================= (Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc. -> Dritek System INC.) C:\Windows\RfBtnSvc64.exe (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe <2> (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxTray.exe (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe <5> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\NisSrv.exe (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registro (Lista blanca) =================== (Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [105280 2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATENCIÓN HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Juan Munzenmayer\AppData\Local\Microsoft\Teams\Update.exe [2347880 2020-04-23] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Juan Munzenmayer\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Juan Munzenmayer\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\RunOnce: [Uninstall 19.232.1124.0012\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Juan Munzenmayer\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64" HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\RunOnce: [Uninstall 19.232.1124.0012] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Juan Munzenmayer\AppData\Local\Microsoft\OneDrive\19.232.1124.0012" HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\MountPoints2: {ce661da2-7489-11ea-bf77-089e0175137f} - "F:\SETUP.EXE" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-28] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{07AA0886-CC8D-4e19-A410-1C75AF686E62}] -> C:\Windows\System32\l2nacp.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Authentication\Credential Providers: [{33c86cd6-705f-4ba1-9adb-67070b837775}] -> C:\Windows\System32\l2nacp.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Authentication\Credential Provider Filters: [{edd749de-2ef1-4a80-98d1-81f20e6df58e}] -> C:\Windows\System32\l2nacp.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) ==================== Tareas programadas (Lista blanca) ============ (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.) Task: {02527CA5-9B7F-4AE2-A6A0-2B9D974E59CE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Ningún archivo <==== ATENCIÓN Task: {0780DB95-7C0A-4721-9094-EF7798944C5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {0B5E46D0-ADB5-4D93-859E-095495E1898C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software) Task: {0BE6053D-EF2B-434C-8A68-A5285BB88C15} - \WPD\SqmUpload_S-1-5-21-2145402764-1715483592-2898523831-1001 -> Ningún archivo <==== ATENCIÓN Task: {0EA0DA5F-945F-4F4B-BD20-EE6675114AA0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-14] (Adobe Inc. -> Adobe) Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {152D835A-179F-4292-B32F-24C58F41E68D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.) Task: {1CC5467D-ABC2-43C4-9249-D05B6F598391} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {20F06B7B-A240-4C17-9B09-E27A134789C5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-10] (Piriform Software Ltd -> Piriform Software Ltd) Task: {219FA528-D561-4D4F-ABCD-AB5DF5CEC5DA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {236874E7-6EE3-450D-9E05-BF76EC8C4681} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {2AF7C6B9-F13A-48F0-9ABE-577338464499} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd) Task: {2E5F4B78-856B-4C0F-AAF7-7CCC0ABB95D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {41BB3E64-CA99-409F-8F5A-5C5DF8F598F3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-14] (Adobe Inc. -> Adobe) Task: {566FFE7C-EAF9-4414-AF66-FAF556F46FE9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {583DDD00-0E60-47FD-A611-0F60D3DEBC51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Task: {5A49EF43-A2A1-42EE-9014-FA269F044625} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) Task: {5B640E50-0BE1-4E5E-B46B-62F775327356} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Ningún archivo <==== ATENCIÓN Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {875C273C-5E66-49F6-9162-C42196C6D001} - \Microsoft\Windows\UNP\RunCampaignManager -> Ningún archivo <==== ATENCIÓN Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {8ECE8EC1-6C31-4128-9B2E-27060F643A71} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Ningún archivo <==== ATENCIÓN Task: {930CB162-5797-419F-A267-43A30A61F1DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Ningún archivo <==== ATENCIÓN Task: {AA432DFA-7A32-4794-AE48-5DA9B13786C8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Ningún archivo <==== ATENCIÓN Task: {AD9A9430-3DDC-4447-B88A-7847E9BA9F77} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {BB193B5C-610F-4FB1-A36F-5BE6EF0F738A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C06CE0BD-A66F-4939-8496-E55819C5FBC1} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [4227672 2017-01-17] (Synaptics Incorporated -> Synaptics Incorporated) Task: {C1477C45-92AA-41A0-9B09-DC3FDD01EC6F} - System32\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001 => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupload.exe [32256 2020-04-19] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {C846A672-86E7-4D53-A119-A19C2EEE0AC4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Ningún archivo <==== ATENCIÓN Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {CFEA85FB-4711-4B45-A9C9-23AB5D966519} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Ningún archivo <==== ATENCIÓN Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {E484AFBD-CD6D-4788-AA84-95976C8DC2FB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Ningún archivo <==== ATENCIÓN Task: {F1C215E8-8D1E-47AE-8608-3FAB797FC1A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Ningún archivo <==== ATENCIÓN Task: {F282A8A6-AD1A-4A86-BA12-76BFA0BDD888} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Ningún archivo <==== ATENCIÓN Task: {F4EAC96E-8AA4-4812-87BD-385EBE6B278F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Ningún archivo <==== ATENCIÓN Task: {F9447E7D-67E3-401B-99D8-362F9472BD6E} - System32\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001 => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupdate.exe [32256 2020-04-19] (LogMeIn, Inc. -> LogMeIn, Inc.) (Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupload.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Internet (Lista blanca) ==================== (Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.) Tcpip\Parameters: [DhcpNameServer] 200.30.192.15 190.160.0.13 200.83.1.4 Tcpip\..\Interfaces\{1549aeaf-4602-4f9e-833c-b4e648ec31bf}: [DhcpNameServer] 200.30.192.15 190.160.0.13 200.83.1.4 Tcpip\..\Interfaces\{d0d926ef-cb08-4780-8b1f-dbd715d4717b}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKU\S-1-5-21-2145402764-1715483592-2898523831-1001 -> DefaultScope {054245C1-D986-4A92-8A2D-21B97A43ACE5} URL = SearchScopes: HKU\S-1-5-21-2145402764-1715483592-2898523831-1001 -> {054245C1-D986-4A92-8A2D-21B97A43ACE5} URL = BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation) Toolbar: HKLM - Sin Nombre - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Ningún archivo Toolbar: HKLM - Sin Nombre - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Ningún archivo Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: q5y3ob57.default FF ProfilePath: C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default [2020-05-10] FF Extension: (IBM Security Rapport) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2020-03-23] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx] FF Extension: (Facebook Container) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default\Extensions\@contain-facebook.xpi [2018-06-16] FF Extension: (uBlock Origin) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default\Extensions\uBlock0@raymondhill.net.xpi [2018-06-16] FF Extension: (NoScript) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-06-16] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => no encontrado FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN) FF Plugin HKU\S-1-5-21-2145402764-1715483592-2898523831-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Juan Munzenmayer\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-09] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Juan Munzenmayer\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-04-09] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default [2020-05-10] CHR Notifications: Default -> hxxps://teams.microsoft.com; hxxps://www.latam.com; hxxps://www.skyairline.com; hxxps://www.youtube.com CHR StartupUrls: Default -> "hxxp://www.google.cl/" CHR Extension: (Documentos) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16] CHR Extension: (Google Drive) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (IBM Security Rapport) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-12-01] CHR Extension: (YouTube) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (uBlock Origin) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-04-21] CHR Extension: (Búsqueda de Google) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01] CHR Extension: (Sin Nombre) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-05-10] CHR Extension: (Sin Nombre) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-05-10] CHR Extension: (Documentos de Google sin conexión) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-20] CHR Extension: (Cisco Webex Extension) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-04-09] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05] CHR Extension: (Gmail) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01] CHR Extension: (Chrome Media Router) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-10] CHR Profile: C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-02-07] CHR Profile: C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-21] CHR HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] ==================== Servicios (Lista blanca) =================== (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc. -> Apple Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2466448 2012-09-12] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [317416 2018-09-19] (Intel Corporation -> Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation -> Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation) R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3001632 2019-10-06] (IBM -> IBM Corp.) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-01-08] (Dritek System Inc. -> Dritek System INC.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2017-01-17] (Synaptics Incorporated -> Synaptics Incorporated) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Controladores (Lista blanca) =================== (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.) R3 AMPPAL; C:\WINDOWS\System32\drivers\AMPPAL.sys [162344 2012-09-13] (Intel Corporation-Mobile Wireless Group -> Windows (R) Win 7 DDK provider) R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG) R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.) R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2019-03-19] (Microsoft Windows -> Intel Corporation) R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2013-01-08] (Dritek System Inc. -> Dritek System Inc.) S3 QRDCIO; C:\WINDOWS\System32\drivers\QRDCIO.sys [9728 2009-10-20] (Microsoft Windows Hardware Compatibility Publisher -> QUANTA) R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [429112 2019-10-06] (IBM -> IBM Corp.) R1 RapportCerberus_1950099; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1950099.sys [1466824 2019-12-11] (IBM -> IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [542112 2019-10-06] (IBM -> IBM Corp.) R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [395384 2019-10-06] (IBM -> IBM Corp.) R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [445240 2019-10-06] (IBM -> IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [560568 2019-10-06] (IBM -> IBM Corp.) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-30] (Synaptics Incorporated -> Synaptics Incorporated) R3 VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-04-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [394680 2020-04-30] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-04-30] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Lista blanca) =================== (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.) ==================== Un mes (creado) =================== (Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.) 2020-05-10 17:45 - 2020-05-10 17:48 - 000028510 _____ C:\Users\Juan Munzenmayer\Desktop\FRST.txt 2020-05-10 17:44 - 2020-05-10 17:47 - 000000000 ____D C:\FRST 2020-05-10 17:42 - 2020-05-10 17:42 - 002284544 _____ (Farbar) C:\Users\Juan Munzenmayer\Desktop\FRST64.exe 2020-05-10 08:03 - 2020-05-10 08:34 - 000000000 ____D C:\Scratch 2020-05-10 01:12 - 2020-05-10 01:12 - 000000000 _____ C:\Users\Juan Munzenmayer\Desktop\Nuevo documento de texto.txt 2020-05-10 01:09 - 2020-05-10 01:09 - 000000000 ____D C:\Program Files\Avast Software 2020-05-10 00:46 - 2020-05-10 12:20 - 000000000 ____D C:\ProgramData\HitmanPro 2020-05-10 00:41 - 2020-05-10 00:44 - 000303630 _____ C:\TDSSKiller.3.1.0.28_10.05.2020_00.41.15_log.txt 2020-05-09 23:14 - 2020-05-10 12:20 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2020-05-09 23:02 - 2020-05-09 23:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Roaming\SUPERAntiSpyware.com 2020-05-09 23:02 - 2020-05-09 23:02 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2020-05-09 22:44 - 2020-05-09 22:44 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\mbamtray 2020-05-09 22:44 - 2020-05-09 22:44 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\mbam 2020-05-09 22:43 - 2020-05-09 22:43 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-05-09 22:42 - 2020-05-09 22:42 - 000000000 ____D C:\Program Files\Malwarebytes 2020-05-07 15:46 - 2020-05-07 15:46 - 000034253 _____ C:\Users\Juan Munzenmayer\Downloads\dte-39-F567132226.pdf 2020-05-07 15:45 - 2020-05-07 15:45 - 000002828 _____ C:\Users\Juan Munzenmayer\Downloads\dte-ticket-F567132226.pdf 2020-05-05 16:04 - 2020-05-05 16:04 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup (3).exe 2020-05-05 16:00 - 2020-05-05 16:00 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup (2).exe 2020-05-05 15:57 - 2020-05-05 15:57 - 000001023 _____ C:\Users\Juan Munzenmayer\Desktop\Adobe Connect.lnk 2020-05-05 15:57 - 2020-05-05 15:57 - 000001009 _____ C:\Users\Juan Munzenmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Connect.lnk 2020-05-05 15:53 - 2020-05-05 15:53 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup.exe 2020-05-05 15:53 - 2020-05-05 15:53 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup (1).exe 2020-05-03 18:53 - 2020-05-03 18:53 - 000001305 _____ C:\Users\Juan Munzenmayer\Desktop\Oral and Maxillofacial Surgery - Lars Andersson & Karl-Erik Kahnberg & M Anthony Pogrel - sep, 2010.pdf - Acceso directo.lnk 2020-05-03 18:53 - 2014-08-10 23:29 - 054460331 _____ C:\Users\Juan Munzenmayer\Desktop\Oral and Maxillofacial Surgery - Lars Andersson & Karl-Erik Kahnberg & M Anthony Pogrel - sep, 2010.pdf 2020-05-03 18:53 - 2004-05-11 17:10 - 021872230 _____ C:\Users\Juan Munzenmayer\Desktop\25 Correction of dentofacial deformities.pdf 2020-05-03 16:23 - 2020-05-10 12:20 - 000000000 ____D C:\ProgramData\KMSAuto 2020-05-03 16:19 - 2020-05-03 16:25 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\MSfree Inc 2020-05-03 16:11 - 2020-05-04 16:45 - 000000000 ____D C:\Users\Juan Munzenmayer\Desktop\KMSAUTO.2018.V1.5.3 2020-05-03 14:07 - 2020-05-03 14:07 - 000353346 _____ C:\Users\Juan Munzenmayer\Downloads\Oral and Maxillofacial Surgery - E-Book_ 3-Volume Set - Raymond J. Fonseca - Google Libros.html 2020-05-03 14:07 - 2020-05-03 14:07 - 000000000 ____D C:\Users\Juan Munzenmayer\Downloads\Oral and Maxillofacial Surgery - E-Book_ 3-Volume Set - Raymond J. Fonseca - Google Libros_files 2020-05-03 12:55 - 2020-05-03 12:55 - 000767256 _____ C:\Users\Juan Munzenmayer\Downloads\AO_CMF_COVID_Survey.pdf 2020-05-03 09:36 - 2020-05-04 19:59 - 000017873 ____H C:\Users\Juan Munzenmayer\Desktop\~WRL0003.tmp 2020-05-03 00:22 - 2020-05-03 02:17 - 654334514 _____ C:\Users\Juan Munzenmayer\Desktop\EDEMA CLASE 1.mp4 2020-05-01 21:18 - 2020-05-01 21:18 - 000321820 _____ C:\Users\Juan Munzenmayer\Downloads\anomalia dentofacial.pdf 2020-04-30 09:27 - 2020-04-30 09:27 - 000421884 _____ C:\Users\Juan Munzenmayer\Downloads\10.1016@S1134-20721470768-6-1.pdf 2020-04-29 18:54 - 2020-04-29 18:54 - 000364472 _____ (LogMeIn, Inc.) C:\Users\Juan Munzenmayer\Downloads\GoToWebinar Opener (1).exe 2020-04-27 03:03 - 2020-04-27 03:03 - 011359528 _____ (Zoom Video Communications, Inc.) C:\Users\Juan Munzenmayer\Downloads\ZoomInstaller (1).exe 2020-04-24 17:57 - 2020-04-24 17:57 - 000030292 _____ C:\Users\Juan Munzenmayer\Downloads\Mauricio Carrasco Teletrabajo HGGB.xlsx 2020-04-24 17:55 - 2020-04-24 17:55 - 000017627 _____ C:\Users\Juan Munzenmayer\Downloads\actividades de Munzenmayer, Rivas, Garrido.xlsx 2020-04-23 10:15 - 2020-04-23 10:15 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Roaming\Microsoft Teams 2020-04-23 10:13 - 2020-04-23 10:17 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\SquirrelTemp 2020-04-23 10:06 - 2020-04-23 10:07 - 097229056 _____ (Microsoft Corporation) C:\Users\Juan Munzenmayer\Downloads\Teams_windows_x64.exe 2020-04-16 08:50 - 2020-04-23 10:00 - 000000710 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job 2020-04-16 08:50 - 2020-04-23 10:00 - 000000614 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job 2020-04-16 08:50 - 2020-04-19 15:19 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting 2020-04-16 08:50 - 2020-04-19 15:18 - 000003880 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001 2020-04-16 08:50 - 2020-04-19 15:18 - 000003784 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001 2020-04-16 08:49 - 2020-04-16 08:49 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\GoTo Opener 2020-04-15 16:12 - 2020-04-15 16:12 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe 2020-04-15 16:12 - 2020-04-15 16:12 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll 2020-04-15 16:12 - 2020-04-15 16:12 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2020-04-15 16:11 - 2020-04-15 16:11 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2020-04-15 16:11 - 2020-04-15 16:11 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2020-04-15 16:11 - 2020-04-15 16:11 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2020-04-15 16:11 - 2020-04-15 16:11 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe 2020-04-15 16:11 - 2020-04-15 16:11 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2020-04-15 16:11 - 2020-04-15 16:11 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin 2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin 2020-04-15 16:10 - 2020-04-15 16:10 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2020-04-15 16:10 - 2020-04-15 16:10 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe 2020-04-15 16:10 - 2020-04-15 16:10 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe 2020-04-15 16:10 - 2020-04-15 16:10 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe 2020-04-15 16:10 - 2020-04-15 16:10 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll 2020-04-15 16:10 - 2020-04-15 16:10 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe 2020-04-15 16:10 - 2020-04-15 16:10 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2020-04-15 16:09 - 2020-04-15 16:09 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2020-04-15 16:09 - 2020-04-15 16:09 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys 2020-04-15 16:09 - 2020-04-15 16:09 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe 2020-04-15 16:09 - 2020-04-15 16:09 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll 2020-04-15 16:09 - 2020-04-15 16:09 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe 2020-04-15 16:08 - 2020-04-15 16:08 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys 2020-04-15 16:08 - 2020-04-15 16:08 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll 2020-04-15 16:08 - 2020-04-15 16:08 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys 2020-04-15 13:14 - 2020-03-16 23:57 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2020-04-15 13:14 - 2020-03-16 23:56 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2020-04-14 18:21 - 2020-04-14 18:22 - 003821217 _____ C:\Users\Juan Munzenmayer\Downloads\materials-13-00592-v2.pdf 2020-04-14 17:39 - 2020-04-14 17:40 - 004523065 _____ C:\Users\Juan Munzenmayer\Downloads\SERAM2012_S-0445.pdf 2020-04-11 23:21 - 2020-04-11 23:21 - 000136827 _____ C:\Users\Juan Munzenmayer\Downloads\BLOQUEO.html 2020-04-11 23:21 - 2020-04-11 23:21 - 000000000 ____D C:\Users\Juan Munzenmayer\Downloads\BLOQUEO_files ==================== Un mes (modificado) ================== (Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.) 2020-05-10 17:47 - 2019-09-29 00:45 - 000004220 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{57CBA722-1D61-4F84-A209-7040C0319F68} 2020-05-10 17:37 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-05-10 17:37 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-05-10 17:35 - 2019-10-12 13:03 - 000002438 _____ C:\Users\Juan Munzenmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-05-10 17:35 - 2019-09-29 00:45 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2145402764-1715483592-2898523831-1001 2020-05-10 17:35 - 2015-08-30 21:54 - 000000000 ___RD C:\Users\Juan Munzenmayer\OneDrive 2020-05-10 17:32 - 2019-09-29 00:29 - 001773366 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-05-10 17:32 - 2019-03-19 07:59 - 000789814 _____ C:\WINDOWS\system32\perfh00A.dat 2020-05-10 17:32 - 2019-03-19 07:59 - 000156068 _____ C:\WINDOWS\system32\perfc00A.dat 2020-05-10 17:32 - 2019-03-19 00:50 - 000000000 ____D C:\WINDOWS\INF 2020-05-10 17:28 - 2015-01-01 18:50 - 000000000 __SHD C:\Users\Juan Munzenmayer\IntelGraphicsProfiles 2020-05-10 17:25 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-05-10 17:24 - 2019-09-29 00:16 - 000000000 ____D C:\Users\Juan Munzenmayer 2020-05-10 17:23 - 2019-09-29 00:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-05-10 12:21 - 2020-04-09 14:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\LocalLow\WebEx 2020-05-10 12:21 - 2020-04-09 14:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\WebEx 2020-05-10 12:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2020-05-10 12:20 - 2018-12-08 14:50 - 000000000 ____D C:\ProgramData\pctonics.com 2020-05-10 12:20 - 2018-09-07 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2020-05-10 12:20 - 2018-09-07 20:00 - 000000000 ____D C:\Program Files\CCleaner 2020-05-10 12:20 - 2013-01-08 14:41 - 000000000 ____D C:\ProgramData\Norton 2020-05-10 12:02 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\registration 2020-05-10 12:00 - 2013-05-17 17:34 - 000000000 ____D C:\ProgramData\AVAST Software 2020-05-10 08:34 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-05-10 00:32 - 2019-09-29 00:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-05-09 23:08 - 2019-09-28 19:34 - 000000000 ___DC C:\WINDOWS\Panther 2020-05-09 23:08 - 2013-05-08 23:24 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\CrashDumps 2020-05-09 22:07 - 2018-04-01 10:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\Packages 2020-05-05 15:56 - 2013-04-22 02:03 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Roaming\Adobe 2020-04-30 21:59 - 2018-06-09 23:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2020-04-28 09:31 - 2013-04-22 09:53 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-04-28 09:31 - 2013-04-22 09:53 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-04-24 19:08 - 2013-05-01 21:04 - 000000000 ____D C:\Users\Juan Munzenmayer\Documents\clases - charlas 2020-04-23 16:27 - 2018-06-12 15:00 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\PlaceholderTileLogoFolder 2020-04-16 10:53 - 2013-05-04 23:23 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\ElevatedDiagnostics 2020-04-16 08:37 - 2019-09-29 00:05 - 000351592 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-04-16 00:23 - 2019-03-19 00:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SystemResources 2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\migwiz 2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Provisioning 2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2020-04-14 16:50 - 2019-09-29 00:45 - 000004626 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier 2020-04-14 16:50 - 2019-09-29 00:45 - 000004430 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater 2020-04-14 16:50 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2020-04-14 16:50 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Macromed 2020-04-11 09:44 - 2020-04-03 10:26 - 000000000 ____D C:\WINDOWS\KMSServerService ==================== Archivos en la raíz de algunos directorios ======== 2013-09-07 10:24 - 2013-09-25 01:00 - 000000109 _____ () C:\Users\Juan Munzenmayer\AppData\Roaming\mbam.context.scan 2013-05-14 17:56 - 2020-03-31 15:36 - 000010752 _____ () C:\Users\Juan Munzenmayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== SigCheck ============================ (No existe una corrección automática para los archivos que no pasan la verificación.) ==================== Final de FRST.txt ======================== Addition.txt

For some reason, I cannot post anything at all.

Should I run it in normal or safe mode?

It had always redirected me to the Recovery Enviroment before, without having to hold down the shift key and reboot. I had tried Start Up repair before, but it did not do anything. Anyways, I did it again based on your suggestion, and it booted succesfully, albeit very slowly.

Beforehand, this is not my laptop, but my father's and he asked me to fix it because it was slow, but he also bought a new one. He keeps buying them, because they get full of malware, get slow, and then off to a new one. Trying to make him not waste money, I tried to fix it. It is a Windows 10 (x64), but I don't remember which version specifically. Anyways, I boot it in safe mode with internet, and look for MBAM, since I installed it in his laptop months ago, but it was not there. Weird. So I download it, run it, and it found some stuff. I remember some of them called Hack.Tools but not much. I remove all of them as suggested and reboot again in safe mode. I ran Superantispyware, but it found nothing. Then I ran TDSSkiller, which found nothing, and then HitmanPro (trial version), which found other stuff, and remnants of the stuff MBAM removed. So I removed them. I also ran CCleaner with temp files and registry. I tried rebooting into safe mode, after that, but it loaded the "Acer" splash screen, but could not go further than that and it started Windows start up repair and went to the start up repair screen. I ran chkdsk, sfc and dism on the appropriate drive letter, but none of them found anything, but still cannot boot into any mode. I cannot post logs because I cannot reach them in first place.