Jump to content

Malwarebytes removed stuff, and now laptop doesn't boot


Recommended Posts

Beforehand, this is not my laptop, but my father's and he asked me to fix it because it was slow, but he also bought a new one. He keeps buying them, because they get full of malware, get slow, and then off to a new one. Trying to make him not waste money, I tried to fix it. It is a Windows 10 (x64), but I don't remember which version specifically.

 

Anyways, I boot it in safe mode with internet, and look for MBAM, since I installed it in his laptop months ago, but it was not there. Weird. So I download it, run it, and it found some stuff. I remember some of them called Hack.Tools but not much. I remove all of them as suggested and reboot again in safe mode. I ran Superantispyware, but it found nothing. Then I ran TDSSkiller, which found nothing, and then HitmanPro (trial version), which found other stuff, and remnants of the stuff MBAM removed. So I removed them. I also ran CCleaner with temp files and registry.

 

I tried rebooting into safe mode, after that, but it loaded the "Acer" splash screen, but could not go further than that and it started Windows start up repair and went to the start up repair screen. I ran chkdsk, sfc and dism on the appropriate drive letter, but none of them found anything, but still cannot boot into any mode. I cannot post logs because I cannot reach them in first place.

Link to post
Share on other sites

Hiya Scanzie and welcome to Malwarebytes,

See if you can access the Recovery Environment. Boot sick PC as far as Acer splash screen, hold down the shift key and reboot. If successful you should open Recovery Environment at the "Choose an Option" window, from there select "Troubleshoot" then "Advanced Options"

From that window try "Startup Repair" follow the prompts, does Windowsnow boot successfully?

Thanks,

Kevin..

Link to post
Share on other sites

It had always redirected me to the Recovery Enviroment before, without having to hold down the shift key and reboot. I had tried Start Up repair before, but it did not do anything. Anyways, I did it again based on your suggestion, and it booted succesfully, albeit very slowly.

Link to post
Share on other sites

Hiya Scanzie,

See if you can run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thanks,

Kevin..

Link to post
Share on other sites

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 10-05-2020 03
Ejecutado por Juan Munzenmayer (administrador) sobre JUAN (Acer Aspire E1-431) (10-05-2020 17:45:04)
Ejecutado desde C:\Users\Juan Munzenmayer\Desktop
Perfiles cargados: Juan Munzenmayer
Platform: Windows 10 Home Single Language Versión 1903 18362.778 (X64) Idioma: Español (España, internacional)
Navegador predeterminado: Edge
Modo de Inicio: Normal
Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc. -> Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe <2>
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [105280 2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATENCIÓN
HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Juan Munzenmayer\AppData\Local\Microsoft\Teams\Update.exe [2347880 2020-04-23] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Juan Munzenmayer\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Juan Munzenmayer\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\RunOnce: [Uninstall 19.232.1124.0012\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Juan Munzenmayer\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64"
HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\RunOnce: [Uninstall 19.232.1124.0012] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Juan Munzenmayer\AppData\Local\Microsoft\OneDrive\19.232.1124.0012"
HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\MountPoints2: {ce661da2-7489-11ea-bf77-089e0175137f} - "F:\SETUP.EXE"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-28] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{07AA0886-CC8D-4e19-A410-1C75AF686E62}] -> C:\Windows\System32\l2nacp.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{33c86cd6-705f-4ba1-9adb-67070b837775}] -> C:\Windows\System32\l2nacp.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Provider Filters: [{edd749de-2ef1-4a80-98d1-81f20e6df58e}] -> C:\Windows\System32\l2nacp.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {02527CA5-9B7F-4AE2-A6A0-2B9D974E59CE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Ningún archivo <==== ATENCIÓN
Task: {0780DB95-7C0A-4721-9094-EF7798944C5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0B5E46D0-ADB5-4D93-859E-095495E1898C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {0BE6053D-EF2B-434C-8A68-A5285BB88C15} - \WPD\SqmUpload_S-1-5-21-2145402764-1715483592-2898523831-1001 -> Ningún archivo <==== ATENCIÓN
Task: {0EA0DA5F-945F-4F4B-BD20-EE6675114AA0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-14] (Adobe Inc. -> Adobe)
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {152D835A-179F-4292-B32F-24C58F41E68D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {1CC5467D-ABC2-43C4-9249-D05B6F598391} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {20F06B7B-A240-4C17-9B09-E27A134789C5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {219FA528-D561-4D4F-ABCD-AB5DF5CEC5DA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {236874E7-6EE3-450D-9E05-BF76EC8C4681} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2AF7C6B9-F13A-48F0-9ABE-577338464499} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2E5F4B78-856B-4C0F-AAF7-7CCC0ABB95D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {41BB3E64-CA99-409F-8F5A-5C5DF8F598F3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-14] (Adobe Inc. -> Adobe)
Task: {566FFE7C-EAF9-4414-AF66-FAF556F46FE9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {583DDD00-0E60-47FD-A611-0F60D3DEBC51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {5A49EF43-A2A1-42EE-9014-FA269F044625} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {5B640E50-0BE1-4E5E-B46B-62F775327356} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Ningún archivo <==== ATENCIÓN
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {875C273C-5E66-49F6-9162-C42196C6D001} - \Microsoft\Windows\UNP\RunCampaignManager -> Ningún archivo <==== ATENCIÓN
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {8ECE8EC1-6C31-4128-9B2E-27060F643A71} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Ningún archivo <==== ATENCIÓN
Task: {930CB162-5797-419F-A267-43A30A61F1DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Ningún archivo <==== ATENCIÓN
Task: {AA432DFA-7A32-4794-AE48-5DA9B13786C8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Ningún archivo <==== ATENCIÓN
Task: {AD9A9430-3DDC-4447-B88A-7847E9BA9F77} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {BB193B5C-610F-4FB1-A36F-5BE6EF0F738A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C06CE0BD-A66F-4939-8496-E55819C5FBC1} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [4227672 2017-01-17] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {C1477C45-92AA-41A0-9B09-DC3FDD01EC6F} - System32\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001 => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupload.exe [32256 2020-04-19] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {C846A672-86E7-4D53-A119-A19C2EEE0AC4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Ningún archivo <==== ATENCIÓN
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CFEA85FB-4711-4B45-A9C9-23AB5D966519} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Ningún archivo <==== ATENCIÓN
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {E484AFBD-CD6D-4788-AA84-95976C8DC2FB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Ningún archivo <==== ATENCIÓN
Task: {F1C215E8-8D1E-47AE-8608-3FAB797FC1A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Ningún archivo <==== ATENCIÓN
Task: {F282A8A6-AD1A-4A86-BA12-76BFA0BDD888} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Ningún archivo <==== ATENCIÓN
Task: {F4EAC96E-8AA4-4812-87BD-385EBE6B278F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Ningún archivo <==== ATENCIÓN
Task: {F9447E7D-67E3-401B-99D8-362F9472BD6E} - System32\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001 => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupdate.exe [32256 2020-04-19] (LogMeIn, Inc. -> LogMeIn, Inc.)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupload.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Tcpip\Parameters: [DhcpNameServer] 200.30.192.15 190.160.0.13 200.83.1.4
Tcpip\..\Interfaces\{1549aeaf-4602-4f9e-833c-b4e648ec31bf}: [DhcpNameServer] 200.30.192.15 190.160.0.13 200.83.1.4
Tcpip\..\Interfaces\{d0d926ef-cb08-4780-8b1f-dbd715d4717b}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\S-1-5-21-2145402764-1715483592-2898523831-1001 -> DefaultScope {054245C1-D986-4A92-8A2D-21B97A43ACE5} URL =
SearchScopes: HKU\S-1-5-21-2145402764-1715483592-2898523831-1001 -> {054245C1-D986-4A92-8A2D-21B97A43ACE5} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Sin Nombre - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Ningún archivo
Toolbar: HKLM - Sin Nombre - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  Ningún archivo
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: q5y3ob57.default
FF ProfilePath: C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default [2020-05-10]
FF Extension: (IBM Security Rapport) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2020-03-23] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Facebook Container) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default\Extensions\@contain-facebook.xpi [2018-06-16]
FF Extension: (uBlock Origin) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default\Extensions\uBlock0@raymondhill.net.xpi [2018-06-16]
FF Extension: (NoScript) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-06-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => no encontrado
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2145402764-1715483592-2898523831-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Juan Munzenmayer\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-09] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Juan Munzenmayer\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-04-09]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default [2020-05-10]
CHR Notifications: Default -> hxxps://teams.microsoft.com; hxxps://www.latam.com; hxxps://www.skyairline.com; hxxps://www.youtube.com
CHR StartupUrls: Default -> "hxxp://www.google.cl/"
CHR Extension: (Documentos) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (IBM Security Rapport) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-12-01]
CHR Extension: (YouTube) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (uBlock Origin) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-04-21]
CHR Extension: (Búsqueda de Google) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Sin Nombre) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-05-10]
CHR Extension: (Sin Nombre) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-05-10]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-20]
CHR Extension: (Cisco Webex Extension) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-04-09]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-10]
CHR Profile: C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-02-07]
CHR Profile: C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-21]
CHR HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc. -> Apple Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2466448 2012-09-12] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [317416 2018-09-19] (Intel Corporation -> Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3001632 2019-10-06] (IBM -> IBM Corp.)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-01-08] (Dritek System Inc. -> Dritek System INC.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2017-01-17] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R3 AMPPAL; C:\WINDOWS\System32\drivers\AMPPAL.sys [162344 2012-09-13] (Intel Corporation-Mobile Wireless Group -> Windows (R) Win 7 DDK provider)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2019-03-19] (Microsoft Windows -> Intel Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2013-01-08] (Dritek System Inc. -> Dritek System Inc.)
S3 QRDCIO; C:\WINDOWS\System32\drivers\QRDCIO.sys [9728 2009-10-20] (Microsoft Windows Hardware Compatibility Publisher -> QUANTA)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [429112 2019-10-06] (IBM -> IBM Corp.)
R1 RapportCerberus_1950099; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1950099.sys [1466824 2019-12-11] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [542112 2019-10-06] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [395384 2019-10-06] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [445240 2019-10-06] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [560568 2019-10-06] (IBM -> IBM Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-30] (Synaptics Incorporated -> Synaptics Incorporated)
R3 VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-04-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [394680 2020-04-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-04-30] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) ===================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-05-10 17:45 - 2020-05-10 17:48 - 000028510 _____ C:\Users\Juan Munzenmayer\Desktop\FRST.txt
2020-05-10 17:44 - 2020-05-10 17:47 - 000000000 ____D C:\FRST
2020-05-10 17:42 - 2020-05-10 17:42 - 002284544 _____ (Farbar) C:\Users\Juan Munzenmayer\Desktop\FRST64.exe
2020-05-10 08:03 - 2020-05-10 08:34 - 000000000 ____D C:\Scratch
2020-05-10 01:12 - 2020-05-10 01:12 - 000000000 _____ C:\Users\Juan Munzenmayer\Desktop\Nuevo documento de texto.txt
2020-05-10 01:09 - 2020-05-10 01:09 - 000000000 ____D C:\Program Files\Avast Software
2020-05-10 00:46 - 2020-05-10 12:20 - 000000000 ____D C:\ProgramData\HitmanPro
2020-05-10 00:41 - 2020-05-10 00:44 - 000303630 _____ C:\TDSSKiller.3.1.0.28_10.05.2020_00.41.15_log.txt
2020-05-09 23:14 - 2020-05-10 12:20 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2020-05-09 23:02 - 2020-05-09 23:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Roaming\SUPERAntiSpyware.com
2020-05-09 23:02 - 2020-05-09 23:02 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2020-05-09 22:44 - 2020-05-09 22:44 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\mbamtray
2020-05-09 22:44 - 2020-05-09 22:44 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\mbam
2020-05-09 22:43 - 2020-05-09 22:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-09 22:42 - 2020-05-09 22:42 - 000000000 ____D C:\Program Files\Malwarebytes
2020-05-07 15:46 - 2020-05-07 15:46 - 000034253 _____ C:\Users\Juan Munzenmayer\Downloads\dte-39-F567132226.pdf
2020-05-07 15:45 - 2020-05-07 15:45 - 000002828 _____ C:\Users\Juan Munzenmayer\Downloads\dte-ticket-F567132226.pdf
2020-05-05 16:04 - 2020-05-05 16:04 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup (3).exe
2020-05-05 16:00 - 2020-05-05 16:00 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup (2).exe
2020-05-05 15:57 - 2020-05-05 15:57 - 000001023 _____ C:\Users\Juan Munzenmayer\Desktop\Adobe Connect.lnk
2020-05-05 15:57 - 2020-05-05 15:57 - 000001009 _____ C:\Users\Juan Munzenmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Connect.lnk
2020-05-05 15:53 - 2020-05-05 15:53 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup.exe
2020-05-05 15:53 - 2020-05-05 15:53 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup (1).exe
2020-05-03 18:53 - 2020-05-03 18:53 - 000001305 _____ C:\Users\Juan Munzenmayer\Desktop\Oral and Maxillofacial Surgery - Lars Andersson & Karl-Erik Kahnberg & M Anthony Pogrel - sep, 2010.pdf - Acceso directo.lnk
2020-05-03 18:53 - 2014-08-10 23:29 - 054460331 _____ C:\Users\Juan Munzenmayer\Desktop\Oral and Maxillofacial Surgery - Lars Andersson & Karl-Erik Kahnberg & M Anthony Pogrel - sep, 2010.pdf
2020-05-03 18:53 - 2004-05-11 17:10 - 021872230 _____ C:\Users\Juan Munzenmayer\Desktop\25 Correction of dentofacial deformities.pdf
2020-05-03 16:23 - 2020-05-10 12:20 - 000000000 ____D C:\ProgramData\KMSAuto
2020-05-03 16:19 - 2020-05-03 16:25 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\MSfree Inc
2020-05-03 16:11 - 2020-05-04 16:45 - 000000000 ____D C:\Users\Juan Munzenmayer\Desktop\KMSAUTO.2018.V1.5.3
2020-05-03 14:07 - 2020-05-03 14:07 - 000353346 _____ C:\Users\Juan Munzenmayer\Downloads\Oral and Maxillofacial Surgery - E-Book_ 3-Volume Set - Raymond J. Fonseca - Google Libros.html
2020-05-03 14:07 - 2020-05-03 14:07 - 000000000 ____D C:\Users\Juan Munzenmayer\Downloads\Oral and Maxillofacial Surgery - E-Book_ 3-Volume Set - Raymond J. Fonseca - Google Libros_files
2020-05-03 12:55 - 2020-05-03 12:55 - 000767256 _____ C:\Users\Juan Munzenmayer\Downloads\AO_CMF_COVID_Survey.pdf
2020-05-03 09:36 - 2020-05-04 19:59 - 000017873 ____H C:\Users\Juan Munzenmayer\Desktop\~WRL0003.tmp
2020-05-03 00:22 - 2020-05-03 02:17 - 654334514 _____ C:\Users\Juan Munzenmayer\Desktop\EDEMA CLASE 1.mp4
2020-05-01 21:18 - 2020-05-01 21:18 - 000321820 _____ C:\Users\Juan Munzenmayer\Downloads\anomalia dentofacial.pdf
2020-04-30 09:27 - 2020-04-30 09:27 - 000421884 _____ C:\Users\Juan Munzenmayer\Downloads\10.1016@S1134-20721470768-6-1.pdf
2020-04-29 18:54 - 2020-04-29 18:54 - 000364472 _____ (LogMeIn, Inc.) C:\Users\Juan Munzenmayer\Downloads\GoToWebinar Opener (1).exe
2020-04-27 03:03 - 2020-04-27 03:03 - 011359528 _____ (Zoom Video Communications, Inc.) C:\Users\Juan Munzenmayer\Downloads\ZoomInstaller (1).exe
2020-04-24 17:57 - 2020-04-24 17:57 - 000030292 _____ C:\Users\Juan Munzenmayer\Downloads\Mauricio Carrasco Teletrabajo HGGB.xlsx
2020-04-24 17:55 - 2020-04-24 17:55 - 000017627 _____ C:\Users\Juan Munzenmayer\Downloads\actividades de Munzenmayer, Rivas, Garrido.xlsx
2020-04-23 10:15 - 2020-04-23 10:15 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Roaming\Microsoft Teams
2020-04-23 10:13 - 2020-04-23 10:17 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\SquirrelTemp
2020-04-23 10:06 - 2020-04-23 10:07 - 097229056 _____ (Microsoft Corporation) C:\Users\Juan Munzenmayer\Downloads\Teams_windows_x64.exe
2020-04-16 08:50 - 2020-04-23 10:00 - 000000710 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job
2020-04-16 08:50 - 2020-04-23 10:00 - 000000614 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job
2020-04-16 08:50 - 2020-04-19 15:19 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting
2020-04-16 08:50 - 2020-04-19 15:18 - 000003880 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001
2020-04-16 08:50 - 2020-04-19 15:18 - 000003784 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001
2020-04-16 08:49 - 2020-04-16 08:49 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\GoTo Opener
2020-04-15 16:12 - 2020-04-15 16:12 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-15 16:12 - 2020-04-15 16:12 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-15 16:11 - 2020-04-15 16:11 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-15 16:11 - 2020-04-15 16:11 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-15 16:11 - 2020-04-15 16:11 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-15 16:11 - 2020-04-15 16:11 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-15 16:11 - 2020-04-15 16:11 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-15 16:10 - 2020-04-15 16:10 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-15 16:10 - 2020-04-15 16:10 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-15 16:10 - 2020-04-15 16:10 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-15 16:10 - 2020-04-15 16:10 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-15 16:10 - 2020-04-15 16:10 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-15 16:10 - 2020-04-15 16:10 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-15 16:09 - 2020-04-15 16:09 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-15 16:09 - 2020-04-15 16:09 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-15 13:14 - 2020-03-16 23:57 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-15 13:14 - 2020-03-16 23:56 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-14 18:21 - 2020-04-14 18:22 - 003821217 _____ C:\Users\Juan Munzenmayer\Downloads\materials-13-00592-v2.pdf
2020-04-14 17:39 - 2020-04-14 17:40 - 004523065 _____ C:\Users\Juan Munzenmayer\Downloads\SERAM2012_S-0445.pdf
2020-04-11 23:21 - 2020-04-11 23:21 - 000136827 _____ C:\Users\Juan Munzenmayer\Downloads\BLOQUEO.html
2020-04-11 23:21 - 2020-04-11 23:21 - 000000000 ____D C:\Users\Juan Munzenmayer\Downloads\BLOQUEO_files

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-05-10 17:47 - 2019-09-29 00:45 - 000004220 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{57CBA722-1D61-4F84-A209-7040C0319F68}
2020-05-10 17:37 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-05-10 17:37 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-05-10 17:35 - 2019-10-12 13:03 - 000002438 _____ C:\Users\Juan Munzenmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-05-10 17:35 - 2019-09-29 00:45 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2145402764-1715483592-2898523831-1001
2020-05-10 17:35 - 2015-08-30 21:54 - 000000000 ___RD C:\Users\Juan Munzenmayer\OneDrive
2020-05-10 17:32 - 2019-09-29 00:29 - 001773366 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-05-10 17:32 - 2019-03-19 07:59 - 000789814 _____ C:\WINDOWS\system32\perfh00A.dat
2020-05-10 17:32 - 2019-03-19 07:59 - 000156068 _____ C:\WINDOWS\system32\perfc00A.dat
2020-05-10 17:32 - 2019-03-19 00:50 - 000000000 ____D C:\WINDOWS\INF
2020-05-10 17:28 - 2015-01-01 18:50 - 000000000 __SHD C:\Users\Juan Munzenmayer\IntelGraphicsProfiles
2020-05-10 17:25 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-10 17:24 - 2019-09-29 00:16 - 000000000 ____D C:\Users\Juan Munzenmayer
2020-05-10 17:23 - 2019-09-29 00:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-10 12:21 - 2020-04-09 14:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\LocalLow\WebEx
2020-05-10 12:21 - 2020-04-09 14:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\WebEx
2020-05-10 12:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2020-05-10 12:20 - 2018-12-08 14:50 - 000000000 ____D C:\ProgramData\pctonics.com
2020-05-10 12:20 - 2018-09-07 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-05-10 12:20 - 2018-09-07 20:00 - 000000000 ____D C:\Program Files\CCleaner
2020-05-10 12:20 - 2013-01-08 14:41 - 000000000 ____D C:\ProgramData\Norton
2020-05-10 12:02 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\registration
2020-05-10 12:00 - 2013-05-17 17:34 - 000000000 ____D C:\ProgramData\AVAST Software
2020-05-10 08:34 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-05-10 00:32 - 2019-09-29 00:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-09 23:08 - 2019-09-28 19:34 - 000000000 ___DC C:\WINDOWS\Panther
2020-05-09 23:08 - 2013-05-08 23:24 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\CrashDumps
2020-05-09 22:07 - 2018-04-01 10:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\Packages
2020-05-05 15:56 - 2013-04-22 02:03 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Roaming\Adobe
2020-04-30 21:59 - 2018-06-09 23:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-04-28 09:31 - 2013-04-22 09:53 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-28 09:31 - 2013-04-22 09:53 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-24 19:08 - 2013-05-01 21:04 - 000000000 ____D C:\Users\Juan Munzenmayer\Documents\clases - charlas
2020-04-23 16:27 - 2018-06-12 15:00 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\PlaceholderTileLogoFolder
2020-04-16 10:53 - 2013-05-04 23:23 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\ElevatedDiagnostics
2020-04-16 08:37 - 2019-09-29 00:05 - 000351592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-16 00:23 - 2019-03-19 00:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-14 16:50 - 2019-09-29 00:45 - 000004626 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-14 16:50 - 2019-09-29 00:45 - 000004430 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2020-04-14 16:50 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-14 16:50 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-11 09:44 - 2020-04-03 10:26 - 000000000 ____D C:\WINDOWS\KMSServerService

==================== Archivos en la raíz de algunos directorios ========

2013-09-07 10:24 - 2013-09-25 01:00 - 000000109 _____ () C:\Users\Juan Munzenmayer\AppData\Roaming\mbam.context.scan
2013-05-14 17:56 - 2020-03-31 15:36 - 000010752 _____ () C:\Users\Juan Munzenmayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)

==================== Final de FRST.txt ========================

Addition.txt

Link to post
Share on other sites

Apologies, can you rerun FRST and post fresh logs please. First rename FRST.exe to FRSTEnglish.exe. I need the logs to be in english for my benefit...

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

user posted image
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-05-2020
Ran by Juan Munzenmayer (administrator) on JUAN (Acer Aspire E1-431) (11-05-2020 19:01:30)
Running from C:\Users\Juan Munzenmayer\Desktop
Loaded Profiles: Juan Munzenmayer
Platform: Windows 10 Home Single Language Version 1903 18362.778 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc. -> Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe <2>
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\fodhelper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.772_none_5f13f94c58ff41d3\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [105280 2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Juan Munzenmayer\AppData\Local\Microsoft\Teams\Update.exe [2347880 2020-04-23] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\...\MountPoints2: {ce661da2-7489-11ea-bf77-089e0175137f} - "F:\SETUP.EXE" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-10] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{07AA0886-CC8D-4e19-A410-1C75AF686E62}] -> C:\Windows\System32\l2nacp.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{33c86cd6-705f-4ba1-9adb-67070b837775}] -> C:\Windows\System32\l2nacp.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Provider Filters: [{edd749de-2ef1-4a80-98d1-81f20e6df58e}] -> C:\Windows\System32\l2nacp.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02527CA5-9B7F-4AE2-A6A0-2B9D974E59CE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0780DB95-7C0A-4721-9094-EF7798944C5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0B5E46D0-ADB5-4D93-859E-095495E1898C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {0BE6053D-EF2B-434C-8A68-A5285BB88C15} - \WPD\SqmUpload_S-1-5-21-2145402764-1715483592-2898523831-1001 -> No File <==== ATTENTION
Task: {0EA0DA5F-945F-4F4B-BD20-EE6675114AA0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-14] (Adobe Inc. -> Adobe)
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {152D835A-179F-4292-B32F-24C58F41E68D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {1CC5467D-ABC2-43C4-9249-D05B6F598391} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {20F06B7B-A240-4C17-9B09-E27A134789C5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {219FA528-D561-4D4F-ABCD-AB5DF5CEC5DA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {236874E7-6EE3-450D-9E05-BF76EC8C4681} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2AF7C6B9-F13A-48F0-9ABE-577338464499} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2E5F4B78-856B-4C0F-AAF7-7CCC0ABB95D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {41BB3E64-CA99-409F-8F5A-5C5DF8F598F3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-14] (Adobe Inc. -> Adobe)
Task: {566FFE7C-EAF9-4414-AF66-FAF556F46FE9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {583DDD00-0E60-47FD-A611-0F60D3DEBC51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {5A49EF43-A2A1-42EE-9014-FA269F044625} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {5B640E50-0BE1-4E5E-B46B-62F775327356} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {875C273C-5E66-49F6-9162-C42196C6D001} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {8ECE8EC1-6C31-4128-9B2E-27060F643A71} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {930CB162-5797-419F-A267-43A30A61F1DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AA432DFA-7A32-4794-AE48-5DA9B13786C8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AD9A9430-3DDC-4447-B88A-7847E9BA9F77} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {BB193B5C-610F-4FB1-A36F-5BE6EF0F738A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C06CE0BD-A66F-4939-8496-E55819C5FBC1} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [4227672 2017-01-17] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {C1477C45-92AA-41A0-9B09-DC3FDD01EC6F} - System32\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001 => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupload.exe [32256 2020-04-19] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {C846A672-86E7-4D53-A119-A19C2EEE0AC4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CFEA85FB-4711-4B45-A9C9-23AB5D966519} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {E484AFBD-CD6D-4788-AA84-95976C8DC2FB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F1C215E8-8D1E-47AE-8608-3FAB797FC1A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F282A8A6-AD1A-4A86-BA12-76BFA0BDD888} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F4EAC96E-8AA4-4812-87BD-385EBE6B278F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F9447E7D-67E3-401B-99D8-362F9472BD6E} - System32\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001 => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupdate.exe [32256 2020-04-19] (LogMeIn, Inc. -> LogMeIn, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job => C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting\17359\g2mupload.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.30.192.15 190.160.0.13 200.83.1.4
Tcpip\..\Interfaces\{1549aeaf-4602-4f9e-833c-b4e648ec31bf}: [DhcpNameServer] 200.30.192.15 190.160.0.13 200.83.1.4
Tcpip\..\Interfaces\{d0d926ef-cb08-4780-8b1f-dbd715d4717b}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\S-1-5-21-2145402764-1715483592-2898523831-1001 -> DefaultScope {054245C1-D986-4A92-8A2D-21B97A43ACE5} URL = 
SearchScopes: HKU\S-1-5-21-2145402764-1715483592-2898523831-1001 -> {054245C1-D986-4A92-8A2D-21B97A43ACE5} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: q5y3ob57.default
FF ProfilePath: C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default [2020-05-10]
FF Extension: (IBM Security Rapport) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2020-03-23] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Facebook Container) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default\Extensions\@contain-facebook.xpi [2018-06-16]
FF Extension: (uBlock Origin) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default\Extensions\uBlock0@raymondhill.net.xpi [2018-06-16]
FF Extension: (NoScript) - C:\Users\Juan Munzenmayer\AppData\Roaming\Mozilla\Firefox\Profiles\q5y3ob57.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-06-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2145402764-1715483592-2898523831-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Juan Munzenmayer\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-09] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Juan Munzenmayer\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-04-09]

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default [2020-05-10]
CHR Notifications: Default -> hxxps://teams.microsoft.com; hxxps://www.latam.com; hxxps://www.skyairline.com; hxxps://www.youtube.com
CHR StartupUrls: Default -> "hxxp://www.google.cl/"
CHR Extension: (Documentos) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (IBM Security Rapport) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-12-01]
CHR Extension: (YouTube) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (uBlock Origin) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-04-21]
CHR Extension: (Búsqueda de Google) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (No Name) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-05-10]
CHR Extension: (No Name) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-05-10]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-20]
CHR Extension: (Cisco Webex Extension) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-04-09]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-10]
CHR Profile: C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-02-07]
CHR Profile: C:\Users\Juan Munzenmayer\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-21]
CHR HKU\S-1-5-21-2145402764-1715483592-2898523831-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc. -> Apple Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2466448 2012-09-12] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [317416 2018-09-19] (Intel Corporation -> Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3001632 2019-10-06] (IBM -> IBM Corp.)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-01-08] (Dritek System Inc. -> Dritek System INC.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2017-01-17] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMPPAL; C:\WINDOWS\System32\drivers\AMPPAL.sys [162344 2012-09-13] (Intel Corporation-Mobile Wireless Group -> Windows (R) Win 7 DDK provider)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2019-03-19] (Microsoft Windows -> Intel Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2013-01-08] (Dritek System Inc. -> Dritek System Inc.)
S3 QRDCIO; C:\WINDOWS\System32\drivers\QRDCIO.sys [9728 2009-10-20] (Microsoft Windows Hardware Compatibility Publisher -> QUANTA)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [429112 2019-10-06] (IBM -> IBM Corp.)
R1 RapportCerberus_1950099; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1950099.sys [1466824 2019-12-11] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [542112 2019-10-06] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [395384 2019-10-06] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [445240 2019-10-06] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [560568 2019-10-06] (IBM -> IBM Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-30] (Synaptics Incorporated -> Synaptics Incorporated)
R3 VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-04-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [394680 2020-04-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-04-30] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-11 19:01 - 2020-05-11 19:01 - 000000000 ____D C:\Users\Juan Munzenmayer\Desktop\FRST-OlderVersion
2020-05-10 17:51 - 2020-05-10 17:55 - 000032009 _____ C:\Users\Juan Munzenmayer\Desktop\Addition.txt
2020-05-10 17:45 - 2020-05-11 19:04 - 000027609 _____ C:\Users\Juan Munzenmayer\Desktop\FRST.txt
2020-05-10 17:44 - 2020-05-11 19:02 - 000000000 ____D C:\FRST
2020-05-10 17:42 - 2020-05-11 19:01 - 002285568 _____ (Farbar) C:\Users\Juan Munzenmayer\Desktop\FRST64English.exe
2020-05-10 08:03 - 2020-05-10 08:34 - 000000000 ____D C:\Scratch
2020-05-10 01:12 - 2020-05-10 01:12 - 000000000 _____ C:\Users\Juan Munzenmayer\Desktop\Nuevo documento de texto.txt
2020-05-10 01:09 - 2020-05-10 01:09 - 000000000 ____D C:\Program Files\Avast Software
2020-05-10 00:46 - 2020-05-10 12:20 - 000000000 ____D C:\ProgramData\HitmanPro
2020-05-10 00:41 - 2020-05-10 00:44 - 000303630 _____ C:\TDSSKiller.3.1.0.28_10.05.2020_00.41.15_log.txt
2020-05-09 23:14 - 2020-05-10 12:20 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2020-05-09 23:02 - 2020-05-09 23:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Roaming\SUPERAntiSpyware.com
2020-05-09 23:02 - 2020-05-09 23:02 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2020-05-09 22:44 - 2020-05-09 22:44 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\mbamtray
2020-05-09 22:44 - 2020-05-09 22:44 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\mbam
2020-05-09 22:43 - 2020-05-09 22:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-09 22:42 - 2020-05-09 22:42 - 000000000 ____D C:\Program Files\Malwarebytes
2020-05-07 15:46 - 2020-05-07 15:46 - 000034253 _____ C:\Users\Juan Munzenmayer\Downloads\dte-39-F567132226.pdf
2020-05-07 15:45 - 2020-05-07 15:45 - 000002828 _____ C:\Users\Juan Munzenmayer\Downloads\dte-ticket-F567132226.pdf
2020-05-05 16:04 - 2020-05-05 16:04 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup (3).exe
2020-05-05 16:00 - 2020-05-05 16:00 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup (2).exe
2020-05-05 15:57 - 2020-05-05 15:57 - 000001023 _____ C:\Users\Juan Munzenmayer\Desktop\Adobe Connect.lnk
2020-05-05 15:57 - 2020-05-05 15:57 - 000001009 _____ C:\Users\Juan Munzenmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Connect.lnk
2020-05-05 15:53 - 2020-05-05 15:53 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup.exe
2020-05-05 15:53 - 2020-05-05 15:53 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Juan Munzenmayer\Downloads\ConnectSetup (1).exe
2020-05-03 18:53 - 2020-05-03 18:53 - 000001305 _____ C:\Users\Juan Munzenmayer\Desktop\Oral and Maxillofacial Surgery - Lars Andersson & Karl-Erik Kahnberg & M Anthony Pogrel - sep, 2010.pdf - Acceso directo.lnk
2020-05-03 18:53 - 2014-08-10 23:29 - 054460331 _____ C:\Users\Juan Munzenmayer\Desktop\Oral and Maxillofacial Surgery - Lars Andersson & Karl-Erik Kahnberg & M Anthony Pogrel - sep, 2010.pdf
2020-05-03 18:53 - 2004-05-11 17:10 - 021872230 _____ C:\Users\Juan Munzenmayer\Desktop\25 Correction of dentofacial deformities.pdf
2020-05-03 16:23 - 2020-05-10 12:20 - 000000000 ____D C:\ProgramData\KMSAuto
2020-05-03 16:19 - 2020-05-03 16:25 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\MSfree Inc
2020-05-03 16:11 - 2020-05-04 16:45 - 000000000 ____D C:\Users\Juan Munzenmayer\Desktop\KMSAUTO.2018.V1.5.3
2020-05-03 14:07 - 2020-05-03 14:07 - 000353346 _____ C:\Users\Juan Munzenmayer\Downloads\Oral and Maxillofacial Surgery - E-Book_ 3-Volume Set - Raymond J. Fonseca - Google Libros.html
2020-05-03 14:07 - 2020-05-03 14:07 - 000000000 ____D C:\Users\Juan Munzenmayer\Downloads\Oral and Maxillofacial Surgery - E-Book_ 3-Volume Set - Raymond J. Fonseca - Google Libros_files
2020-05-03 12:55 - 2020-05-03 12:55 - 000767256 _____ C:\Users\Juan Munzenmayer\Downloads\AO_CMF_COVID_Survey.pdf
2020-05-03 09:36 - 2020-05-04 19:59 - 000017873 ____H C:\Users\Juan Munzenmayer\Desktop\~WRL0003.tmp
2020-05-03 00:22 - 2020-05-03 02:17 - 654334514 _____ C:\Users\Juan Munzenmayer\Desktop\EDEMA CLASE 1.mp4
2020-05-01 21:18 - 2020-05-01 21:18 - 000321820 _____ C:\Users\Juan Munzenmayer\Downloads\anomalia dentofacial.pdf
2020-04-30 09:27 - 2020-04-30 09:27 - 000421884 _____ C:\Users\Juan Munzenmayer\Downloads\10.1016@S1134-20721470768-6-1.pdf
2020-04-29 18:54 - 2020-04-29 18:54 - 000364472 _____ (LogMeIn, Inc.) C:\Users\Juan Munzenmayer\Downloads\GoToWebinar Opener (1).exe
2020-04-27 03:03 - 2020-04-27 03:03 - 011359528 _____ (Zoom Video Communications, Inc.) C:\Users\Juan Munzenmayer\Downloads\ZoomInstaller (1).exe
2020-04-24 17:57 - 2020-04-24 17:57 - 000030292 _____ C:\Users\Juan Munzenmayer\Downloads\Mauricio Carrasco Teletrabajo HGGB.xlsx
2020-04-24 17:55 - 2020-04-24 17:55 - 000017627 _____ C:\Users\Juan Munzenmayer\Downloads\actividades de Munzenmayer, Rivas, Garrido.xlsx
2020-04-23 10:15 - 2020-04-23 10:15 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Roaming\Microsoft Teams
2020-04-23 10:13 - 2020-04-23 10:17 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\SquirrelTemp
2020-04-23 10:06 - 2020-04-23 10:07 - 097229056 _____ (Microsoft Corporation) C:\Users\Juan Munzenmayer\Downloads\Teams_windows_x64.exe
2020-04-16 08:50 - 2020-04-23 10:00 - 000000710 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job
2020-04-16 08:50 - 2020-04-23 10:00 - 000000614 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001.job
2020-04-16 08:50 - 2020-04-19 15:19 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\GoToMeeting
2020-04-16 08:50 - 2020-04-19 15:18 - 000003880 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2145402764-1715483592-2898523831-1001
2020-04-16 08:50 - 2020-04-19 15:18 - 000003784 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2145402764-1715483592-2898523831-1001
2020-04-16 08:49 - 2020-04-16 08:49 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\GoTo Opener
2020-04-15 16:12 - 2020-04-15 16:12 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-15 16:12 - 2020-04-15 16:12 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-15 16:12 - 2020-04-15 16:12 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-15 16:11 - 2020-04-15 16:11 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-15 16:11 - 2020-04-15 16:11 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-15 16:11 - 2020-04-15 16:11 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-15 16:11 - 2020-04-15 16:11 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-15 16:11 - 2020-04-15 16:11 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-15 16:11 - 2020-04-15 16:11 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-15 16:11 - 2020-04-15 16:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-15 16:10 - 2020-04-15 16:10 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-15 16:10 - 2020-04-15 16:10 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-15 16:10 - 2020-04-15 16:10 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-15 16:10 - 2020-04-15 16:10 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-15 16:10 - 2020-04-15 16:10 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-15 16:10 - 2020-04-15 16:10 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-15 16:10 - 2020-04-15 16:10 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-15 16:09 - 2020-04-15 16:09 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-15 16:09 - 2020-04-15 16:09 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-15 16:09 - 2020-04-15 16:09 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-15 16:09 - 2020-04-15 16:09 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-15 16:09 - 2020-04-15 16:09 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-15 16:08 - 2020-04-15 16:08 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-15 16:08 - 2020-04-15 16:08 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-15 16:08 - 2020-04-15 16:08 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-15 13:14 - 2020-03-16 23:57 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-15 13:14 - 2020-03-16 23:56 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-14 18:21 - 2020-04-14 18:22 - 003821217 _____ C:\Users\Juan Munzenmayer\Downloads\materials-13-00592-v2.pdf
2020-04-14 17:39 - 2020-04-14 17:40 - 004523065 _____ C:\Users\Juan Munzenmayer\Downloads\SERAM2012_S-0445.pdf
2020-04-11 23:21 - 2020-04-11 23:21 - 000136827 _____ C:\Users\Juan Munzenmayer\Downloads\BLOQUEO.html
2020-04-11 23:21 - 2020-04-11 23:21 - 000000000 ____D C:\Users\Juan Munzenmayer\Downloads\BLOQUEO_files

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-11 19:00 - 2019-09-29 00:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-11 19:00 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-11 12:34 - 2019-09-29 00:45 - 000004220 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{57CBA722-1D61-4F84-A209-7040C0319F68}
2020-05-11 12:31 - 2015-01-01 18:50 - 000000000 __SHD C:\Users\Juan Munzenmayer\IntelGraphicsProfiles
2020-05-10 22:56 - 2013-04-22 09:53 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-10 22:56 - 2013-04-22 09:53 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-05-10 22:01 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-05-10 22:01 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-05-10 17:55 - 2019-03-19 00:50 - 000000000 ____D C:\WINDOWS\INF
2020-05-10 17:35 - 2019-10-12 13:03 - 000002438 _____ C:\Users\Juan Munzenmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-05-10 17:35 - 2019-09-29 00:45 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2145402764-1715483592-2898523831-1001
2020-05-10 17:35 - 2015-08-30 21:54 - 000000000 ___RD C:\Users\Juan Munzenmayer\OneDrive
2020-05-10 17:32 - 2019-09-29 00:29 - 001773366 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-05-10 17:32 - 2019-03-19 07:59 - 000789814 _____ C:\WINDOWS\system32\perfh00A.dat
2020-05-10 17:32 - 2019-03-19 07:59 - 000156068 _____ C:\WINDOWS\system32\perfc00A.dat
2020-05-10 17:24 - 2019-09-29 00:16 - 000000000 ____D C:\Users\Juan Munzenmayer
2020-05-10 17:23 - 2019-09-29 00:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-10 12:21 - 2020-04-09 14:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\LocalLow\WebEx
2020-05-10 12:21 - 2020-04-09 14:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\WebEx
2020-05-10 12:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2020-05-10 12:20 - 2018-12-08 14:50 - 000000000 ____D C:\ProgramData\pctonics.com
2020-05-10 12:20 - 2018-09-07 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-05-10 12:20 - 2018-09-07 20:00 - 000000000 ____D C:\Program Files\CCleaner
2020-05-10 12:20 - 2013-01-08 14:41 - 000000000 ____D C:\ProgramData\Norton
2020-05-10 12:02 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\registration
2020-05-10 12:00 - 2013-05-17 17:34 - 000000000 ____D C:\ProgramData\AVAST Software
2020-05-10 08:34 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-05-09 23:08 - 2019-09-28 19:34 - 000000000 ___DC C:\WINDOWS\Panther
2020-05-09 23:08 - 2013-05-08 23:24 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\CrashDumps
2020-05-09 22:07 - 2018-04-01 10:02 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\Packages
2020-05-05 15:56 - 2013-04-22 02:03 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Roaming\Adobe
2020-04-30 21:59 - 2018-06-09 23:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-04-24 19:08 - 2013-05-01 21:04 - 000000000 ____D C:\Users\Juan Munzenmayer\Documents\clases - charlas
2020-04-23 16:27 - 2018-06-12 15:00 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\PlaceholderTileLogoFolder
2020-04-16 10:53 - 2013-05-04 23:23 - 000000000 ____D C:\Users\Juan Munzenmayer\AppData\Local\ElevatedDiagnostics
2020-04-16 08:37 - 2019-09-29 00:05 - 000351592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-16 00:23 - 2019-03-19 00:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-16 00:21 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-14 16:50 - 2019-09-29 00:45 - 000004626 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-14 16:50 - 2019-09-29 00:45 - 000004430 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2020-04-14 16:50 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-14 16:50 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-11 09:44 - 2020-04-03 10:26 - 000000000 ____D C:\WINDOWS\KMSServerService

==================== Files in the root of some directories ========

2013-09-07 10:24 - 2013-09-25 01:00 - 000000109 _____ () C:\Users\Juan Munzenmayer\AppData\Roaming\mbam.context.scan
2013-05-14 17:56 - 2020-03-31 15:36 - 000010752 _____ () C:\Users\Juan Munzenmayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

Addition.txt

Link to post
Share on other sites

Hello Scanzie,

Thanks for those logs, continue please:

Download Malwarebytes from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

or,

https://downloads.malwarebytes.com/file/mb4_offline

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "security tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Single click on the target sight above scanner window.
  • In the new window select Report
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Export to Txt" then attach the log to your reply...


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

What's that fixlist for?

 

When I was installing MBAM from that link, I went somewhere else, and finished and started scanning before I could put the setting you said. It had found stuff. I stopped, quarantined them, and then started another scan with the settings, finding more stuff, and MBAM wanted to make a reboot after quarantine, so there are 2 logs. It found the very same stuff that had already found, quarantined and deleted referenced in the first post.

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-12-2020
# Duration: 00:00:13
# OS:       Windows 10 Home Single Language
# Cleaned:  2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\pctonics.com

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.AcerGames   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent acer Master Uninstall


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1563 octets] - [12/05/2020 12:40:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

When typing that command into Run, it says it does not find it and to create a new notepad file. Looking up that folder there is this log called msert.log

 


---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.315.501.0)
Started On Tue May 12 12:54:22 2020
->Scan ERROR: resource process://pid:88,ProcessStart:132337756395371174 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:392,ProcessStart:132337756476063556 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:672,ProcessStart:132337756713782116 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:744,ProcessStart:132337756718298475 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:756,ProcessStart:132337756718415762 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:872,ProcessStart:132337756719989781 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2272,ProcessStart:132337756762917059 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4196,ProcessStart:132337756839069951 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4528,ProcessStart:132337756953063742 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1748,ProcessStart:132337758063586362 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:8936,ProcessStart:132337758620928471 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:6784,ProcessStart:132337758676975616 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:7276,ProcessStart:132337759063404843 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:9808,ProcessStart:132337759425160681 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:10192,ProcessStart:132337759846312137 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:10480,ProcessStart:132337760410973084 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:10856,ProcessStart:132337760576129472 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4528,ProcessStart:132337756953063742 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1748,ProcessStart:132337758063586362 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4196,ProcessStart:132337756839069951 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:6784,ProcessStart:132337758676975616 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:8936,ProcessStart:132337758620928471 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:10856,ProcessStart:132337760576129472 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33))
->Scan ERROR: resource process://pid:4196,ProcessStart:132337756839069951 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4196,ProcessStart:132337756839069951 (code 0x00000005 (5))

Quick Scan Results for 529D552A-8B06-4DEB-BD2D-C667F2834BA1:
----------------
Threat detected: VirTool:Win32/DefenderTamperingRestore
    regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware
        SigSeq: 0x0000055555C57273

Quick Scan Removal Results
----------------
Start 'remove' for regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware
Operation succeeded !


Results Summary:
----------------
Found VirTool:Win32/DefenderTamperingRestore and Removed!
Microsoft Safety Scanner Finished On Tue May 12 13:10:27 2020


Return code: 6 (0x6)
 

MBAM log 2.txt MBAM log 1.txt

Link to post
Share on other sites

The fixlist removed several remnants from Windows 10 upgrade, remnants from uninstalled or removed toolbars. Emptied all of the temp caches, also some basic function checks... Do you intend running the fix?

Next,

I would like to see if I can identify the processes where Microsoft Safety Scanner failed to complete the scan and raised errors showing PID numbers...

From an elevated command prompt copy and paste or type the following

tasklist /svc > 0 & notepad 0

Select enter, Notepad will open, let me see that list.

Next,

Run another scan with Malwarebytes and post that log..
Link to post
Share on other sites

1 hour ago, kevinf80 said:

he fixlist removed several remnants from Windows 10 upgrade, remnants from uninstalled or removed toolbars. Emptied all of the temp caches, also some basic function checks... Do you intend running the fix?

I ran it as the first thing. It said it was succesfully applied and needed a restart. So it shut down, but got stuck in "Preparing Windows. Do not turn off", and has been like that for hours now.

Link to post
Share on other sites


Nombre de imagen               PID Servicios                                    
========================= ======== =============================================
System Idle Process              0 N/D                                          
System                           4 N/D                                          
Registry                        88 N/D                                          
smss.exe                       392 N/D                                          
csrss.exe                      672 N/D                                          
wininit.exe                    748 N/D                                          
csrss.exe                      760 N/D                                          
services.exe                   840 N/D                                          
winlogon.exe                   848 N/D                                          
lsass.exe                      856 KeyIso, SamSs, VaultSvc                      
svchost.exe                    992 PlugPlay                                     
fontdrvhost.exe               1000 N/D                                          
fontdrvhost.exe               1008 N/D                                          
svchost.exe                    596 BrokerInfrastructure, DcomLaunch, Power,     
                                   SystemEventsBroker                           
svchost.exe                    740 RpcEptMapper, RpcSs                          
svchost.exe                    744 LSM                                          
dwm.exe                       1100 N/D                                          
svchost.exe                   1184 NcbService                                   
svchost.exe                   1236 DisplayEnhancementService                    
svchost.exe                   1288 hidserv                                      
svchost.exe                   1312 CoreMessagingRegistrar                       
svchost.exe                   1328 TimeBrokerSvc                                
svchost.exe                   1384 EventLog                                     
svchost.exe                   1532 StateRepository                              
svchost.exe                   1544 DispBrokerDesktopSvc                         
svchost.exe                   1576 camsvc                                       
svchost.exe                   1604 nsi                                          
RapportMgmtService.exe        1696 RapportMgmtService                           
svchost.exe                   1708 Dhcp                                         
svchost.exe                   1832 ProfSvc                                      
svchost.exe                   1856 NlaSvc                                       
svchost.exe                   1868 Schedule                                     
svchost.exe                   1896 SEMgrSvc                                     
svchost.exe                   1948 UserManager                                  
svchost.exe                   2036 FontCache                                    
svchost.exe                   1808 Dnscache                                     
svchost.exe                   2152 EventSystem                                  
svchost.exe                   2168 SysMain                                      
svchost.exe                   2184 Themes                                       
svchost.exe                   2212 netprofm                                     
Memory Compression            2272 N/D                                          
svchost.exe                   2292 SENS                                         
igfxCUIService.exe            2364 igfxCUIService1.0.0.0                        
svchost.exe                   2404 AudioEndpointBuilder                         
svchost.exe                   2464 Audiosrv                                     
svchost.exe                   2584 DusmSvc                                      
svchost.exe                   2592 Wcmsvc                                       
svchost.exe                   2732 WinHttpAutoProxySvc                          
svchost.exe                   2796 WlanSvc                                      
svchost.exe                   2852 ShellHWDetection                             
spoolsv.exe                   2948 Spooler                                      
svchost.exe                   2992 BFE, mpssvc                                  
svchost.exe                   3032 LanmanWorkstation                            
svchost.exe                   2500 DeviceAssociationService                     
dasHost.exe                   2748 N/D                                          
svchost.exe                   3088 SSDPSRV                                      
mDNSResponder.exe             3208 Bonjour Service                              
svchost.exe                   3216 CryptSvc                                     
svchost.exe                   3228 DiagTrack                                    
svchost.exe                   3248 DPS                                          
RIconMan.exe                  3272 IconMan_R                                    
dsiwmis.exe                   3280 DsiWMIService                                
svchost.exe                   3296 Winmgmt                                      
HeciServer.exe                3324 Intel(R) Capability Licensing Service Interfa
                                   ce                                           
Jhi_service.exe               3344 jhi_service                                  
svchost.exe                   3404 LanmanServer                                 
RfBtnSvc64.exe                3420 RfButtonDriverService                        
SynTPEnhService.exe           3444 SynTPEnhService                              
svchost.exe                   3484 stisvc                                       
svchost.exe                   3504 SstpSvc                                      
svchost.exe                   3548 TrkWks                                       
svchost.exe                   3572 WpnService                                   
svchost.exe                   3664 iphlpsvc                                     
svchost.exe                   3760 WdiServiceHost                               
svchost.exe                   3876 lmhosts                                      
svchost.exe                   3948 RasMan                                       
MBAMService.exe               4088 MBAMService                                  
svchost.exe                   3564 fdPHost                                      
svchost.exe                   4120 NcdAutoSetup                                 
WmiPrvSE.exe                  4440 N/D                                          
svchost.exe                   4476 FDResPub                                     
SynTPEnh.exe                  5036 N/D                                          
LMutilps32.exe                4212 N/D                                          
sihost.exe                    5176 N/D                                          
svchost.exe                   5224 CDPUserSvc_61f0e                             
svchost.exe                   5304 WpnUserService_61f0e                         
taskhostw.exe                 5376 N/D                                          
GoogleUpdate.exe              5532 N/D                                          
svchost.exe                   5636 TokenBroker                                  
svchost.exe                   5684 TabletInputService                           
ctfmon.exe                    5828 N/D                                          
svchost.exe                   6076 CDPSvc                                       
svchost.exe                   6120 Appinfo                                      
SynTPHelper.exe               5280 N/D                                          
explorer.exe                  5260 N/D                                          
svchost.exe                   6028 PcaSvc                                       
LManager.exe                  5564 N/D                                          
svchost.exe                   5268 cbdhsvc_61f0e                                
unsecapp.exe                  1028 N/D                                          
MMDx64Fx.exe                  6348 N/D                                          
mbamtray.exe                  6404 N/D                                          
igfxEM.exe                    6496 N/D                                          
igfxext.exe                   6520 N/D                                          
igfxHK.exe                    6584 N/D                                          
igfxTray.exe                  6616 N/D                                          
AppleMobileDeviceService.     6828 Apple Mobile Device Service                  
RapportInjService_x64.exe     6924 N/D                                          
StartMenuExperienceHost.e     2808 N/D                                          
RuntimeBroker.exe             6792 N/D                                          
IntelMeFWService.exe          4064 Intel(R) ME Service                          
svchost.exe                   6740 OneSyncSvc_61f0e                             
RapportService.exe            6372 N/D                                          
LMS.exe                       7140 LMS                                          
SearchUI.exe                  4028 N/D                                          
svchost.exe                   6624 LicenseManager                               
RapportInjService_x64.exe     5572 N/D                                          
ApplicationFrameHost.exe      6472 N/D                                          
MicrosoftEdge.exe             6460 N/D                                          
SkypeBackgroundHost.exe       6388 N/D                                          
YourPhone.exe                 7200 N/D                                          
RuntimeBroker.exe             7276 N/D                                          
SkypeApp.exe                  7592 N/D                                          
browser_broker.exe            7660 N/D                                          
SearchIndexer.exe             7840 WSearch                                      
dllhost.exe                   7860 N/D                                          
RuntimeBroker.exe             3380 N/D                                          
RuntimeBroker.exe             7948 N/D                                          
RuntimeBroker.exe             8560 N/D                                          
smartscreen.exe               8776 N/D                                          
SecurityHealthSystray.exe     8916 N/D                                          
SecurityHealthService.exe     9076 SecurityHealthService                        
RAVCpl64.exe                  9108 N/D                                          
svchost.exe                   7120 WdiSystemHost                                
RuntimeBroker.exe             8816 N/D                                          
SgrmBroker.exe                9184 SgrmBroker                                   
MicrosoftEdgeSH.exe           8904 N/D                                          
MicrosoftEdgeCP.exe           8444 N/D                                          
svchost.exe                   8196 InstallService                               
MicrosoftEdgeCP.exe           9000 N/D                                          
svchost.exe                   8296 UsoSvc                                       
svchost.exe                   5600 wscsvc                                       
UNS.exe                       9816 UNS                                          
svchost.exe                  10096 StorSvc                                      
svchost.exe                   8592 ClipSVC                                      
Video.UI.exe                  1224 N/D                                          
RuntimeBroker.exe             2688 N/D                                          
ShellExperienceHost.exe       7900 N/D                                          
RuntimeBroker.exe             6532 N/D                                          
chrome.exe                    6548 N/D                                          
chrome.exe                    2980 N/D                                          
chrome.exe                    4236 N/D                                          
chrome.exe                    6956 N/D                                          
chrome.exe                    6712 N/D                                          
chrome.exe                    3500 N/D                                          
chrome.exe                    2176 N/D                                          
chrome.exe                    2228 N/D                                          
cmd.exe                       4224 N/D                                          
conhost.exe                   8932 N/D                                          
RapportHelper.exe             2624 N/D                                          
chrome.exe                    6940 N/D                                          
chrome.exe                    3740 N/D                                          
chrome.exe                    7896 N/D                                          
chrome.exe                    7800 N/D                                          
audiodg.exe                   6240 N/D                                          
svchost.exe                   7872 BITS                                         
backgroundTaskHost.exe        8556 N/D                                          
RuntimeBroker.exe             4380 N/D                                          
RuntimeBroker.exe             8288 N/D                                          
svchost.exe                   4668 wuauserv                                     
WmiPrvSE.exe                  9460 N/D                                          
backgroundTaskHost.exe       10156 N/D                                          
cmd.exe                       9564 N/D                                          
conhost.exe                   7820 N/D                                          
WindowsInternal.Composabl     9352 N/D                                          
tasklist.exe                  4972 N/D                                          
 

Link to post
Share on other sites

MBAM scan did not find anything. Here is the log in case:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 12/5/20
Hora del análisis: 18:51
Archivo de registro: 26f45a5c-94a3-11ea-b62c-089e0175137f.json

-Información del software-
Versión: 4.1.0.56
Versión de los componentes: 1.0.896
Versión del paquete de actualización: 1.0.23734
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 18362.778)
CPU: x64
Sistema de archivos: NTFS
Usuario: Juan\Juan Munzenmayer

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 309052
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 22 min, 36 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Link to post
Share on other sites

Thanks for those logs Scanzie, continue please:

Open an elevated command prompt.

At the Command prompt, type

CHKDSK X: /F      Replace X with the OS drive letter, usually C

hit the Enter key.

You will get a message that the drive cannot be locked, but that the command can be scheduled to run at the next boot - hit the Y key, press Enter, and then reboot.

The CHKDSK may take a few hours depending on the size of the drive, so be patient!

After the CHKDSK has run use the following instructions to find the log:

Check Disk report:
 
  • Press the WindowsKey + R on your keyboard at the same time. Type eventvwr into the run box and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, (expand the drop down arrow) check only Wininit and click OK.
  • You mayl be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.



Next,

Open an elevated command prompt.

At the Command prompt, type

SFC /SCANNOW

hit the Enter key

Wait for the scan to finish - make a note of any error messages - and then reboot.

Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload the zip file to your reply.

Thank you,

Kevin...

Edited by kevinf80
Link to post
Share on other sites

CHKDSK log said it found nothing, and it was okay. Here it is the report, but in Spanish:

Quote

 

Nombre de registro:Application
Origen:        Microsoft-Windows-Wininit
Fecha:         13-05-2020 14:51:08
Id. del evento:1001
Categoría de la tarea:Ninguno
Nivel:         Información
Palabras clave:Clásico
Usuario:       No disponible
Equipo:        Juan
Descripción:


Comprobando el sistema de archivos en C:
El tipo del sistema de archivos es NTFS.
La etiqueta de volumen es Acer.

Se ha programado una comprobación del disco.
Windows comprobará ahora el disco.                                        

Etapa 1: Examen de la estructura básica del sistema de archivos...
  595712 registros de archivos procesados.                                                        

Comprobación de archivos completada.
  6316 registros de archivos grandes procesados.                      

  0 registros de archivos no válidos procesados.                    


Etapa 2: Examen de la vinculación de nombres de archivos...
  47886 registros de análisis procesados.                              

  780840 entradas de índice procesadas.                                                      

Comprobación de índices completada.
  0 archivos no indizados examinados.                              

  0 archivos no indizados recuperados en objetos perdidos.                  

  47886 registros de análisis procesados.                              


Etapa 3: Examen de los descriptores de seguridad...
Liberando 1627 entradas de índice no usadas del índice $SII del archivo 0x9.
Liberando 1627 entradas de índice no usadas del índice $SDH del archivo 0x9.
Liberando 1627 descriptores de seguridad no usados.
Comprobación de descriptores de seguridad completada.
  92565 archivos de datos procesados.                                  

CHKDSK está comprobando el diario USN...
  41234216 bytes de USN procesados.                                                          

Se ha completado la comprobación del diario USN.

Etapa 4: Búsqueda de clústeres incorrectos en los datos del archivo de usuario...
  595696 archivos procesados.                                                              

Comprobación de datos de archivo completada.

Etapa 5: Búsqueda de clústeres incorrectos disponibles...
  43335199 clústeres disponibles procesados.                                                      

La comprobación del espacio disponible se completó.

Se examinó el sistema de archivos sin encontrar problemas.
No se requieren más acciones.

 469717094 KB de espacio total en disco.
 295388256 KB en 423149 archivos.
    267748 KB en 92566 índices.
         0 KB en sectores defectuosos.
    720294 KB en uso por el sistema.
El archivo de registro ha ocupado      65536 kilobytes.
 173340796 KB disponibles en disco.

      4096 bytes en cada unidad de asignación.
 117429273 unidades de asignación en disco en total.
  43335199 unidades de asignación disponibles en disco.

Información interna:
00 17 09 00 5d de 07 00 28 fd 0d 00 00 00 00 00  ....]...(.......
b9 ba 00 00 55 00 00 00 00 00 00 00 00 00 00 00  ....U...........

Windows ha finalizado la comprobación del disco.
Espere mientras se reinicia el sistema.

XML de evento:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2020-05-13T18:51:08.239006900Z" />
    <EventRecordID>14700</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Juan</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Comprobando el sistema de archivos en C:
El tipo del sistema de archivos es NTFS.
La etiqueta de volumen es Acer.

Se ha programado una comprobación del disco.
Windows comprobará ahora el disco.                                        

Etapa 1: Examen de la estructura básica del sistema de archivos...
  595712 registros de archivos procesados.                                                        

Comprobación de archivos completada.
  6316 registros de archivos grandes procesados.                      

  0 registros de archivos no válidos procesados.                    


Etapa 2: Examen de la vinculación de nombres de archivos...
  47886 registros de análisis procesados.                              

  780840 entradas de índice procesadas.                                                      

Comprobación de índices completada.
  0 archivos no indizados examinados.                              

  0 archivos no indizados recuperados en objetos perdidos.                  

  47886 registros de análisis procesados.                              


Etapa 3: Examen de los descriptores de seguridad...
Liberando 1627 entradas de índice no usadas del índice $SII del archivo 0x9.
Liberando 1627 entradas de índice no usadas del índice $SDH del archivo 0x9.
Liberando 1627 descriptores de seguridad no usados.
Comprobación de descriptores de seguridad completada.
  92565 archivos de datos procesados.                                  

CHKDSK está comprobando el diario USN...
  41234216 bytes de USN procesados.                                                          

Se ha completado la comprobación del diario USN.

Etapa 4: Búsqueda de clústeres incorrectos en los datos del archivo de usuario...
  595696 archivos procesados.                                                              

Comprobación de datos de archivo completada.

Etapa 5: Búsqueda de clústeres incorrectos disponibles...
  43335199 clústeres disponibles procesados.                                                      

La comprobación del espacio disponible se completó.

Se examinó el sistema de archivos sin encontrar problemas.
No se requieren más acciones.

 469717094 KB de espacio total en disco.
 295388256 KB en 423149 archivos.
    267748 KB en 92566 índices.
         0 KB en sectores defectuosos.
    720294 KB en uso por el sistema.
El archivo de registro ha ocupado      65536 kilobytes.
 173340796 KB disponibles en disco.

      4096 bytes en cada unidad de asignación.
 117429273 unidades de asignación en disco en total.
  43335199 unidades de asignación disponibles en disco.

Información interna:
00 17 09 00 5d de 07 00 28 fd 0d 00 00 00 00 00  ....]...(.......
b9 ba 00 00 55 00 00 00 00 00 00 00 00 00 00 00  ....U...........

Windows ha finalizado la comprobación del disco.
Espere mientras se reinicia el sistema.
</Data>
  </EventData>
</Event>

 

As for the CBS log, SFC did find and fix stuff. Interestingly, the lastest CBS log of that SFC was tiny compared to other previous logs, one from a few hours before, and one from yesterday. I put them in the zip just in case, and with the lastest log.

Nuevo Archivo WinRAR ZIP.zip

Link to post
Share on other sites

It loads up much faster, it boots correctly, no redirects. Malwarebytes did a scan and did not find anything.

But I noticed a desktop.ini appearing in downloads out of nowhere. The malware MBAM removed, has been removed at least twice and it has kept popping up. Right now it has not, but I don't know if it can keep reappearing. The laptop also has plenty of folders all around that get an Access Denied popup if tried to open.

Link to post
Share on other sites

A desktop.ini is a file that determines the way a folder is displayed by Windows. While usually hidden, these files can be found in any folder, anywhere on your computer, and they contain information and settings pertaining to that folder.
If you have that file showing in your downloads folder it should also be showing on your Desktop. Select a folder that you can open or look to your Desktop and right click on any desktop.ini file, from there select "Properties" in the new window select "Security" tab.
Select the Admin account you normally use, what options are showing (ticked) as allowed..

I`ve attached an image of my Documents folder header. It shows view tab selected, from there you can see "Hidden Items" is selected (ticked) if you untick that box all desktop.ini files will be hidden again..

folder.JPG

Edited by kevinf80
Link to post
Share on other sites

I've noticed that Avast antivirus and the main .exe file keeps disappearing, as in, the files go missing and the service does not exist. I did install it on request because when I got asked to fix the computer, it had disappeared, installed it, and disappeared again now.

Link to post
Share on other sites

Avast was not showing as installed in FRST logs, there were two remnant folders and nothing else. Did not show in the Installed Programs list or Security Center list... The two remnant folders follow:

2020-05-10 01:09 - 2020-05-10 01:09 - 000000000 ____D C:\Program Files\Avast Software
2020-05-10 12:00 - 2013-05-17 17:34 - 000000000 ____D C:\ProgramData\AVAST Software

Very odd that an installed program just disappears for no reason... Have you installed avast after running CHKDSK and SFC.

Link to post
Share on other sites

  • kevinf80 unlocked and locked this topic
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.