Ataque virtual, hacking or virus .LNK /Caphyon


#1

Hace unas semanas mi computadora había sido pirateada y alguien se había conectado desde el escritorio remoto. Después de algunas revisiones el sistema estaba limpio.

Sin embargo, el extraño comportamiento ha continuado como el 18 de noviembre pasado alrededor de las 23:30, cuando estaba cerrando mi computadora. Había abierto Firefox 4 pestañas, tijeras y administrador de tareas. Cuando la computadora se congela por completo y no se puede cerrar nada, ni siquiera con CTRL ALT SUPR, y luego apagarlo

Al día siguiente, reviso el visor de eventos, pero no pude encontrar nada extraño en ese período de tiempo. Esa tarde estuve en Firefox con Hotmail, el banco y otra pestaña, cuando incluso sucedió lo mismo. La computadora se apaga y se apaga como si fuera un problema de alimentación. No presiono ninguna tecla en ese momento. Una vez más, no pude encontrar nada en el Visor de eventos.

Pero cuando busco algo, en Firefox o Chrome me da resultados en inglés, francés, español, árabe, hindi, coreano, ruso, así como en Youtube, donde generalmente también me presentan las mismas sugerencias en los últimos 2 meses. Que el sistema indica que no son seguros o están caídos.

Ayer publiqué y agregué, y recibí la confirmación en mi correo electrónico, hice clic en el enlace para ver el anuncio y me dirigí a un mensaje que decía que mi anuncio había sido retirado. si lo busco directamente en el sitio no lo encontré también. Hice el proceso nuevamente con el mismo resultado, es como si alguien hubiera estado viendo lo que hice y me hubieran eliminado las credenciales.

Tengo Avast y Malwarebytes premium pero no detecto nada. Limpié también con AdwCleaner y Malwarebytes Rootkit, que al principio no se pudo ejecutar y luego la segunda vez que todo fue encontrado. Intente ejecutar Rootkitbuster y RootRepeal, pero me dijeron que no son compatibles ya que mi Windos 7 se está ejecutando en 64. Rootkit Revelear aparece en la ventana de la licencia, acepté pero no sucedió nada.

Ejecuto TDSS y los resultados del escaneo son

Sospechoso / saltado por el usuario

AtherosSVC (UnsignedFile. Multi.Genetic)

cphs (UnsignedFile. Multi.Genetic)

DCDhcpService (UnsignedFile. Multi.Genetic)

ZAtheros BtWlan Coex Agent (UnsignedFile. Multi.Genetic)

AtherosBtStack (UnsignedFile. Multi.Genetic)

AthBtTray (UnsignedFile. Multi.Genetic)

NOTA: Este es un objetivo atacado, ya que fue originado por un ataque a mi teléfono con una imagen que me envió un colega a mi teléfono hace meses. Tomaron el control del mismo y espiaron mis llamadas telefónicas, fotos, aplicaciones, correos electrónicos y también tomaron el control de la cámara para tomar video. También infectaron, esta computadora y otros 2 dispositivos (Android e IOs).

Por las intenciones y el comportamiento del atacado pensé en algo como Pegasus, pero no hasta este fin de semana pude encontrar alguna aplicación para que el teléfono la ejecutara. Como este malware, es un programa que se elimina después de 60 días de inactividad y no tuvo acceso a la red hasta la descarga o cuando se siente atacado. Lookout, no pudo encontrarlo, lo que no significa que haya ocurrido una infección de este tipo.

No sé si podría haber otro tipo de rootkit que se oculte en BIOS, arranque o funcione como hipervisor o virtualizado, ya que el comportamiento en la computadora portátil ya que todo comenzó podría indicar que probablemente comenzar primero con otra cosa y luego ganar, ya que lleva mucho tiempo. Para empezar y para terminar.

Cuando iba a iniciar el proceso para FRST64, tuve el apagado, así que pídame que lo actualice, pero cuando intenté apagar la red, dijo que Vaio Smart Network no podía y no podía encenderlo hasta que reiniciara la computadora. y en Descargas, los íconos aparecen diferentes, como solía tener (íconos grandes en lugar

Gracias, abajo publico los logs

Malwarebytes

 -Detalles del registro-
 Fecha del análisis: 25/11/18
 Hora del análisis: 0:35
 Archivo de registro: eb6168bb-f073-11e8-bfd7-00ffa640f3b7.json

 -Información del software-
Versión: 3.6.1.2711
 Versión de los componentes: 1.0.482
 Versión del paquete de actualización: 1.0.8011
 Licencia: Premium

 -Información del sistema-
SO: Windows 7 Service Pack 1
 CPU: x64
 Sistema de archivos: NTFS
 Usuario: Tessa-VAIO\Tessa

 -Resumen del análisis-
Tipo de análisis: Análisis de amenazas
 Análisis iniciado por:: Manual
 Resultado: Completado
 Objetos analizados: 349836
 Amenazas detectadas: 0
 Amenazas en cuarentena: 0
 Tiempo transcurrido: 19 min, 25 seg

 -Opciones de análisis-
Memoria: Activado
 Inicio: Activado
 Sistema de archivos: Activado
 Archivo: Activado
 Rootkits: Activado
 Heurística: Activado
 PUP: Detectar
 PUM: Detectar

 -Detalles del análisis-
Proceso: 0
 (No hay elementos maliciosos detectados)

 Módulo: 0
 (No hay elementos maliciosos detectados)

 Clave del registro: 0
 (No hay elementos maliciosos detectados)

 Valor del registro: 0
 (No hay elementos maliciosos detectados)

 Datos del registro: 0
 (No hay elementos maliciosos detectados)

 Secuencia de datos: 0
 (No hay elementos maliciosos detectados)

 Carpeta: 0
 (No hay elementos maliciosos detectados)

 Archivo: 0
 (No hay elementos maliciosos detectados)

 Sector físico: 0
 (No hay elementos maliciosos detectados)

 WMI: 0
 (No hay elementos maliciosos detectados)


 (end)
 -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
 # -------------------------------
 # Build:    09-25-2018
 # Database: 2018-09-21.1 (Local)
 # Support:  https://www.malwarebytes.com/support
 #
 # -------------------------------
 # Mode: Scan
 # -------------------------------
 # Start:    11-26-2018
 # Duration: 00:00:19
 # OS:       Windows 7 Home Premium
 # Scanned:  42056
 # Detected: 0


 ***** [ Services ] *****

 No malicious services found.

 ***** [ Folders ] *****

 No malicious folders found.

 ***** [ Files ] *****

 No malicious files found.

 ***** [ DLL ] *****

 No malicious DLLs found.

 ***** [ WMI ] *****

 No malicious WMI found.

 ***** [ Shortcuts ] *****

 No malicious shortcuts found.

 ***** [ Tasks ] *****

 No malicious tasks found.

 ***** [ Registry ] *****

 No malicious registry entries found.

 ***** [ Chromium (and derivatives) ] *****

 No malicious Chromium entries found.

 ***** [ Chromium URLs ] *****

 No malicious Chromium URLs found.

 ***** [ Firefox (and derivatives) ] *****

 No malicious Firefox entries found.

 ***** [ Firefox URLs ] *****

 No malicious Firefox URLs found.


 AdwCleaner[S00].txt - [1257 octets] - [20/11/2018 10:41:07]
 AdwCleaner[S01].txt - [1318 octets] - [25/11/2018 00:33:14]

 ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Junkware Removal Tool (JRT) by Malwarebytes
 Version: 8.1.4 (07.09.2017)
 Operating System: Windows 7 Home Premium x64
 Ran by Tessa (Administrator) on 26/11/2018 at 23:39:20.59
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 File System: 10

 Successfully deleted: C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)
 Successfully deleted: C:\Users\Tessa\AppData\Roaming\Mozilla\Firefox\Profiles\jm0u4abc.default\extensions\staged (Folder)
 Successfully deleted: C:\Users\Tessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\220LY990 (Temporary Internet Files Folder)
 Successfully deleted: C:\Users\Tessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69X2T6MF (Temporary Internet Files Folder)
 Successfully deleted: C:\Users\Tessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8KAA2E76 (Temporary Internet Files Folder)
 Successfully deleted: C:\Users\Tessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZHW9JJD (Temporary Internet Files Folder)
 Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\220LY990 (Temporary Internet Files Folder)
 Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69X2T6MF (Temporary Internet Files Folder)
 Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8KAA2E76 (Temporary Internet Files Folder)
 Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZHW9JJD (Temporary Internet Files Folder)

 Registry: 3

 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C500C267-63BF-451F-8797-4D720C9A2ED9} (Registry Value)
 Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)


 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Scan was completed on 26/11/2018 at 23:44:38.10
 End of JRT log
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#2
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.11.2018
 Ran by Tessa (administrator) on TESSA-VAIO (27-11-2018 00:25:10)
 Running from C:\Users\Tessa\Desktop
 Loaded Profiles: Tessa (Available Profiles: Tessa & Tere)
 Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
 Internet Explorer Version 11 (Default browser: IE)
 Boot Mode: Normal
 Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 ==================== Processes (Whitelisted) =================

 (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 (Microsoft Corporation) C:\Windows\System32\wlanext.exe
 (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
 (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
 (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
 (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
 () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
 (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
 () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
 (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
 (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
 (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
 (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
 (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
 (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
 (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
 (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
 (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 (Microsoft Corporation) C:\Windows\System32\rundll32.exe
 (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
 (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
 (Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe
 (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
 (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
 (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
 (Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe
 (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
 (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
 (Intel Corporation) C:\Windows\System32\igfxtray.exe
 (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
 (Intel Corporation) C:\Windows\System32\hkcmd.exe
 (Intel Corporation) C:\Windows\System32\igfxpers.exe
 (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
 (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
 (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
 (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 (NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
 (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
 (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
 (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
 (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
 (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
 (Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
 (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
 (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
 (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
 (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
 (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
 (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe

 ==================== Registry (Whitelisted) ===========================

 (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2012-03-13] (Realtek Semiconductor)
 HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-16] (AVAST Software)
 HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1022592 2012-04-28] (Atheros Communications)
 HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations)
 HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885944 2012-09-20] (Synaptics Incorporated)
 HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
 HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-08] (Intel Corporation)
 HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
 HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
 Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
 HKU\S-1-5-21-1459080146-1752181985-1471865784-1000\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [3036112 2018-11-06] (NordVPN)
 HKU\S-1-5-21-1459080146-1752181985-1471865784-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2018-11-20] ()
 BootExecute: autocheck autochk *

 ==================== Internet (Whitelisted) ====================

 (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
 Tcpip\..\Interfaces\{221A7E51-8A45-4978-A12D-EDDF7778477A}: [NameServer] 9.9.9.9
 Tcpip\..\Interfaces\{221A7E51-8A45-4978-A12D-EDDF7778477A}: [DhcpNameServer] 192.168.2.1
 Tcpip\..\Interfaces\{F83B8505-F66F-463B-9B71-78B7CC7A17B2}: [DhcpNameServer] 10.0.1.1

 Internet Explorer:
 ==================
 HKU\S-1-5-21-1459080146-1752181985-1471865784-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony.msn.com/
 HKU\S-1-5-21-1459080146-1752181985-1471865784-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony.msn.com
 HKU\S-1-5-21-1459080146-1752181985-1471865784-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.sony-latin.com/vaiohome
 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
 SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
 SearchScopes: HKU\S-1-5-21-1459080146-1752181985-1471865784-1000 -> DefaultScope {8C569D78-1343-433C-BC4E-54CA6BF37678} URL = hxxp://www.google.com/search?q={searchTerms}
 SearchScopes: HKU\S-1-5-21-1459080146-1752181985-1471865784-1000 -> {8C569D78-1343-433C-BC4E-54CA6BF37678} URL = hxxp://www.google.com/search?q={searchTerms}
 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
 BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-04-28] (Atheros Commnucations)
 BHO-x32: Aplicación auxiliar de inicio de sesión de Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
 BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-27] (Oracle Corporation)

 FireFox:
 ========
 FF DefaultProfile: jm0u4abc.default
 FF ProfilePath: C:\Users\Tessa\AppData\Roaming\Mozilla\Firefox\Profiles\jm0u4abc.default [2018-11-26]
 FF Extension: (Dictionnaire français) - C:\Users\Tessa\AppData\Roaming\Mozilla\Firefox\Profiles\jm0u4abc.default\Extensions\[email protected] [2018-11-07] [Legacy]
 FF Extension: (Avast SafePrice) - C:\Users\Tessa\AppData\Roaming\Mozilla\Firefox\Profiles\jm0u4abc.default\Extensions\[email protected] [2018-10-08]
 FF Extension: (Avast Online Security) - C:\Users\Tessa\AppData\Roaming\Mozilla\Firefox\Profiles\jm0u4abc.default\Extensions\[email protected] [2018-11-19]
 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-24] ()
 FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
 FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-24] ()
 FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-13] (Intel Corporation)
 FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-13] (Intel Corporation)
 FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-27] (Oracle Corporation)
 FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-27] (Oracle Corporation)
 FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
 FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
 FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
 FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
 FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-27] (Google Inc.)
 FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-27] (Google Inc.)
 FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

 Chrome:
 =======
 CHR Profile: C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default [2018-11-26]
 CHR Extension: (Presentaciones) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-27]
 CHR Extension: (Documentos) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-27]
 CHR Extension: (Google Drive) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-27]
 CHR Extension: (YouTube) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-27]
 CHR Extension: (Adblock Plus) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-17]
 CHR Extension: (OneTab) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2018-11-12]
 CHR Extension: (ZenMate VPN - Mejor seguridad para Internet) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-11-12]
 CHR Extension: (Hojas de cálculo) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-27]
 CHR Extension: (Edición de Office) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-11-12]
 CHR Extension: (Documentos de Google sin conexión) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-27]
 CHR Extension: (Avast Online Security) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-11-11]
 CHR Extension: (Botón Guardar de Pinterest) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-11-12]
 CHR Extension: (PSafe Segurança Online) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\higfhiimhkcmfppmdckdpkdcdolcjooo [2018-11-12]
 CHR Extension: (Xodo PDF Viewer & Editor) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihgdgpjankaehldoaimdlekdidkjfghe [2018-11-12]
 CHR Extension: (HTML5 Virtual Classroom - Screen Sharing) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihglikcoelelbbcpahhhfomehdeefmnc [2018-11-12]
 CHR Extension: (Cisco Webex Extension) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-11-12]
 CHR Extension: (Grammarly for Chrome) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-11-17]
 CHR Extension: (Proxy VPN gratis Hotspot Shield: desbloqueo de sitios) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2018-11-12]
 CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-27]
 CHR Extension: (SurfEasy VPN - Seguridad, Privacidad, Desbloquear) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiddbcijempnhhobijfbggjogofdlgl [2018-11-12]
 CHR Extension: (TunnelBear VPN) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-11-12]
 CHR Extension: (Gmail) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-27]
 CHR Extension: (Chrome Media Router) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-27]
 CHR Profile: C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-25]
 CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
 CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

 ==================== Services (Whitelisted) ====================

 (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
 R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-16] (AVAST Software)
 R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [119424 2012-04-28] (Atheros Commnucations) [File not signed]
 R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-16] (AVAST Software)
 R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [338632 2018-11-16] (AVAST Software)
 S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [474112 2018-03-15] (Intel Corporation) [File not signed]
 S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.) [File not signed]
 R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
 R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
 R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
 R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [437200 2018-11-06] ()
 R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
 S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
 S3 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
 S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
 R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1667056 2018-03-19] (Sony Corporation)
 S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) [File not signed]

 ===================== Drivers (Whitelisted) ======================

 (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
 R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-11-16] (AVAST Software)
 R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-16] (AVAST Software)
 R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-11-16] (AVAST Software)
 R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-11-16] (AVAST Software)
 R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-11-16] (AVAST Software)
 S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-11-16] (AVAST Software)
 R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-11-16] (AVAST Software)
 R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-11-16] (AVAST Software)
 R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2018-11-11] (AVAST Software)
 R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [512072 2018-11-26] (AVAST Software)
 R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-11-16] (AVAST Software)
 R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-11-16] (AVAST Software)
 R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-11-16] (AVAST Software)
 R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-11-16] (AVAST Software)
 R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-11-16] (AVAST Software)
 R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-11-16] (AVAST Software)
 S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
 R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-11-01] (Malwarebytes)
 R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198000 2018-11-21] (Malwarebytes)
 R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [119136 2018-11-27] (Malwarebytes)
 R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63768 2018-11-27] (Malwarebytes)
 R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-11-27] (Malwarebytes)
 R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [101200 2018-11-27] (Malwarebytes)
 S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
 R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2018-06-07] (The OpenVPN Project)
 S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
 S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
 S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
 S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
 S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
 S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
 S3 BTATH_VDP; system32\drivers\btath_vdp.sys [X]

 ==================== NetSvcs (Whitelisted) ===================

 (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

#3
==================== One Month Created files and folders ========

 (If an entry is included in the fixlist, the file/folder will be moved.)

 2018-11-27 00:25 - 2018-11-27 00:26 - 000021756 _____ C:\Users\Tessa\Desktop\FRST.txt
 2018-11-27 00:21 - 2018-11-27 00:21 - 000119136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
 2018-11-27 00:21 - 2018-11-27 00:21 - 000101200 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
 2018-11-27 00:21 - 2018-11-27 00:21 - 000063768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
 2018-11-27 00:19 - 2018-11-27 00:19 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
 2018-11-26 23:51 - 2018-11-27 00:25 - 000000000 ____D C:\FRST
 2018-11-26 23:48 - 2018-11-26 23:48 - 000001379 _____ C:\Users\Tessa\Desktop\AdwCleaner[S02]2611.txt
 2018-11-26 23:46 - 2018-11-26 23:46 - 000002547 _____ C:\Users\Tessa\Desktop\JRTnov26.txt
 2018-11-26 23:44 - 2018-11-26 23:44 - 000002547 _____ C:\Users\Tessa\Desktop\JRT.txt
 2018-11-26 19:58 - 2018-11-26 19:58 - 001790024 _____ (Malwarebytes) C:\Users\Tessa\Desktop\JRT.exe
 2018-11-26 19:57 - 2018-11-26 19:58 - 002416640 _____ (Farbar) C:\Users\Tessa\Desktop\FRST64.exe
 2018-11-26 09:20 - 2018-11-26 09:20 - 000000000 ____D C:\Users\Tessa\Desktop\PCHunter_free
 2018-11-26 09:11 - 2018-11-26 09:19 - 000840472 _____ C:\TDSSKiller.3.1.0.17_26.11.2018_09.11.27_log.txt
 2018-11-26 09:05 - 2018-11-26 09:08 - 000438584 _____ C:\TDSSKiller.3.1.0.17_26.11.2018_09.05.33_log.txt
 2018-11-26 09:04 - 2018-11-26 09:04 - 000000000 ____D C:\Users\Tessa\Downloads\TMRBLog
 2018-11-26 09:01 - 2018-11-26 09:01 - 000000000 ____D C:\Users\Tessa\Desktop\RootkitRevealer
 2018-11-26 08:54 - 2018-11-26 08:54 - 004858305 _____ C:\Users\Tessa\Downloads\tdsskiller.zip
 2018-11-26 08:52 - 2018-11-26 08:52 - 000464491 _____ C:\Users\Tessa\Downloads\RootRepeal.zip
 2018-11-26 08:50 - 2018-11-26 08:50 - 008656400 _____ (Trend Micro Inc.) C:\Users\Tessa\Downloads\RootkitBuster_v5_1061.exe
 2018-11-26 08:48 - 2018-11-26 08:48 - 007148311 _____ C:\Users\Tessa\Downloads\PCHunter_free.zip
 2018-11-26 01:20 - 2018-11-26 01:20 - 000231390 _____ C:\Users\Tessa\Downloads\RootkitRevealer.zip
 2018-11-25 19:25 - 2018-11-25 19:25 - 001931969 _____ C:\Users\TEMP.Tessa-VAIO.001\Downloads\ProcessExplorer.zip
 2018-11-25 19:25 - 2018-11-25 19:25 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\Downloads\ProcessExplorer
 2018-11-25 19:06 - 2018-11-25 19:06 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Roaming\iolo
 2018-11-25 18:52 - 2018-11-26 02:18 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\LocalLow\Mozilla
 2018-11-25 18:52 - 2018-11-25 18:59 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Local\Mozilla
 2018-11-25 18:52 - 2018-11-25 18:52 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Roaming\Mozilla
 2018-11-25 18:52 - 2018-11-25 18:52 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Local\Sony Corporation
 2018-11-25 18:48 - 2018-11-25 18:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Local\NordVPN
 2018-11-25 18:47 - 2018-11-25 18:47 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Roaming\AVAST Software
 2018-11-25 18:47 - 2018-11-25 18:47 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Local\CEF
 2018-11-25 18:45 - 2018-11-25 18:45 - 000101416 _____ C:\Users\TEMP.Tessa-VAIO.001\AppData\Local\GDIPFONTCACHEV1.DAT
 2018-11-25 18:45 - 2018-11-25 18:45 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Roaming\Intel Corporation
 2018-11-25 18:45 - 2018-11-25 18:45 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Roaming\Atheros
 2018-11-25 18:45 - 2018-11-25 18:45 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Local\mbamtray
 2018-11-25 18:45 - 2018-11-25 18:45 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Local\Google
 2018-11-25 18:44 - 2018-11-25 18:44 - 000001401 _____ C:\Users\TEMP.Tessa-VAIO.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
 2018-11-25 18:44 - 2018-11-25 18:44 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Roaming\Adobe
 2018-11-25 18:43 - 2018-11-25 18:46 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Roaming\Sony Corporation
 2018-11-25 18:43 - 2018-11-25 18:43 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Local\VirtualStore
 2018-11-25 18:42 - 2018-11-25 18:43 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000020 ___SH C:\Users\TEMP.Tessa-VAIO.001\ntuser.ini
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\Reciente
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\Plantillas
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\Mis documentos
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\Menú Inicio
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\Impresoras
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\Entorno de red
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\Documents\Mis vídeos
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\Documents\Mis imágenes
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\Documents\Mi música
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\Datos de programa
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\Configuración local
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\AppData\Local\Historial
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\AppData\Local\Datos de programa
 2018-11-25 18:42 - 2018-11-25 18:42 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.001\AppData\Local\Archivos temporales de Internet
 2018-11-25 18:42 - 2012-02-23 23:01 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.001\AppData\Roaming\Media Center Programs
 2018-11-25 00:56 - 2018-11-25 00:56 - 000001538 _____ C:\Users\Tessa\Desktop\Malwarebytes251118.txt
 2018-11-24 19:11 - 2018-11-24 19:11 - 000000000 ____D C:\ProgramData\NordVpn
 2018-11-22 12:35 - 2018-11-22 12:36 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET4A19.tmp
 2018-11-21 15:29 - 2018-11-21 15:29 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5256B411.sys
 2018-11-21 15:24 - 2018-11-21 16:19 - 000000000 ____D C:\Users\Tessa\Desktop\mbar
 2018-11-21 13:59 - 2018-11-21 14:00 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.0
 2018-11-21 13:59 - 2018-11-21 13:59 - 000001570 _____ C:\Users\Public\Desktop\LibreOffice 6.0.lnk
 2018-11-21 13:44 - 2018-11-21 13:44 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
 2018-11-21 13:44 - 2018-11-21 13:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 2018-11-21 13:42 - 2018-11-21 13:42 - 000000000 ____D C:\ProgramData\Package Cache
 2018-11-21 12:00 - 2018-11-21 15:12 - 000000000 ____D C:\Program Files\Common Files\AV
 2018-11-21 11:56 - 2018-11-21 15:15 - 000000000 ____D C:\ProgramData\Kaspersky Lab
 2018-11-21 11:53 - 2018-11-21 11:54 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
 2018-11-21 11:52 - 2018-11-21 11:52 - 002660224 _____ (Kaspersky Lab) C:\Users\Tessa\Downloads\startup_14444.exe
 2018-11-21 08:44 - 2018-11-21 08:44 - 006981240 _____ (ESET spol. s r.o.) C:\Users\Tessa\Downloads\esetonlinescanner_enu(1).exe
 2018-11-20 20:54 - 2018-11-22 15:49 - 000003072 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
 2018-11-20 20:54 - 2018-11-20 20:54 - 000000000 ____D C:\ProgramData\Panda Security
 2018-11-20 20:54 - 2018-11-20 20:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
 2018-11-20 20:54 - 2018-11-20 20:54 - 000000000 ____D C:\Program Files (x86)\Panda USB Vaccine
 2018-11-20 20:37 - 2018-11-20 20:43 - 000000000 ____D C:\Rem-VBSqt
 2018-11-20 19:21 - 2018-11-20 19:21 - 000768736 _____ C:\Users\Tessa\Downloads\Download Rem-VBSworm.pdf
 2018-11-20 19:21 - 2018-11-20 19:21 - 000114176 _____ (bartblaze) C:\Users\Tessa\Downloads\Rem-VBSworm.exe
 2018-11-20 19:17 - 2018-11-20 19:17 - 000865272 _____ (Panda Security ) C:\Users\Tessa\Downloads\usbvaccine.exe
 2018-11-20 16:21 - 2018-11-20 16:21 - 004554432 _____ (Bitdefender LLC) C:\Users\Tessa\Downloads\BDUSBImmunizerLauncher.exe
 2018-11-20 10:54 - 2018-11-20 10:54 - 004047008 _____ (SOSVirus) C:\Users\Tessa\Downloads\UsbFix_2019.exe
 2018-11-20 10:31 - 2018-11-20 10:41 - 000000000 ____D C:\AdwCleaner
 2018-11-20 10:29 - 2018-11-20 10:30 - 007592144 _____ (Malwarebytes) C:\Users\Tessa\Desktop\adwcleaner_7.2.4.0.exe
 2018-11-19 23:03 - 2018-11-19 23:03 - 000092274 _____ C:\Users\Tessa\Desktop\Disabling Windows Script Host _ Microsoft Docs.pdf
 2018-11-19 20:43 - 2018-11-19 20:43 - 000090062 _____ C:\Users\Tessa\Desktop\Event ID 10 is logged in the Applicatio...pdf
 2018-11-19 19:25 - 2018-11-27 00:26 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
 2018-11-19 19:25 - 2018-11-22 15:49 - 000002812 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
 2018-11-19 19:25 - 2018-11-19 19:25 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
 2018-11-19 19:25 - 2018-11-19 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
 2018-11-19 19:10 - 2018-11-19 19:10 - 001206768 _____ (Adobe Systems Incorporated) C:\Users\Tessa\Downloads\flashplayer31_xa_install.exe
 2018-11-19 18:54 - 2018-11-19 18:54 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
 2018-11-19 17:53 - 2018-11-16 16:25 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
 2018-11-19 15:57 - 2018-11-19 15:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Sony Corporation
 2018-11-19 15:52 - 2018-11-19 17:35 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\NordVPN
 2018-11-19 15:52 - 2018-11-19 16:26 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\LocalLow\Mozilla
 2018-11-19 15:51 - 2018-11-19 15:58 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Mozilla
 2018-11-19 15:51 - 2018-11-19 15:52 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Mozilla
 2018-11-19 15:51 - 2018-11-19 15:51 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\AVAST Software
 2018-11-19 15:51 - 2018-11-19 15:51 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\CEF
 2018-11-19 15:49 - 2018-11-19 15:49 - 000099784 _____ C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\GDIPFONTCACHEV1.DAT
 2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Intel Corporation
 2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Atheros
 2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Adobe
 2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Google
 2018-11-19 15:48 - 2018-11-19 17:35 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Sony Corporation
 2018-11-19 15:48 - 2018-11-19 15:48 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\mbamtray
 2018-11-19 15:47 - 2018-11-19 17:37 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Reciente
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Plantillas
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Mis documentos
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Menú Inicio
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Impresoras
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Entorno de red
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mis vídeos
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mis imágenes
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mi música
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Datos de programa
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Configuración local
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Historial
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Datos de programa
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Archivos temporales de Internet
 2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\VirtualStore
 2018-11-19 15:47 - 2012-02-23 23:01 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Media Center Programs
 2018-11-17 22:21 - 2018-11-20 23:06 - 000000000 ____D C:\Users\Tessa\Documents\c
 2018-11-17 22:21 - 2018-11-20 11:04 - 000000000 ____D C:\Users\Tessa\Documents\Nueva carpeta
 2018-11-16 17:32 - 2018-11-16 17:33 - 003426208 _____ (NordVPN) C:\Users\Tessa\Downloads\NordVPNTapSetup.exe
 2018-11-16 16:35 - 2018-10-17 21:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
 2018-11-16 16:35 - 2018-10-17 21:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
 2018-11-16 16:35 - 2018-10-12 14:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
 2018-11-16 16:35 - 2018-10-11 20:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
 2018-11-16 16:34 - 2018-11-10 20:29 - 005551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
 2018-11-16 16:34 - 2018-11-10 20:28 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
 2018-11-16 16:34 - 2018-11-10 20:28 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
 2018-11-16 16:34 - 2018-11-10 20:28 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
 2018-11-16 16:34 - 2018-11-10 20:28 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
 2018-11-16 16:34 - 2018-11-10 20:27 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
 2018-11-16 16:34 - 2018-11-10 20:27 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
 2018-11-16 16:34 - 2018-11-10 20:26 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
 2018-11-16 16:34 - 2018-11-10 20:26 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
 2018-11-16 16:34 - 2018-11-10 20:26 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
 2018-11-16 16:34 - 2018-11-10 20:26 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
 2018-11-16 16:34 - 2018-11-10 20:25 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
 2018-11-16 16:34 - 2018-11-10 20:25 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
 2018-11-16 16:34 - 2018-11-10 20:25 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
 2018-11-16 16:34 - 2018-11-10 20:25 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
 2018-11-16 16:34 - 2018-11-10 20:25 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
 2018-11-16 16:34 - 2018-11-10 20:25 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
 2018-11-16 16:34 - 2018-11-10 20:25 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
 2018-11-16 16:34 - 2018-11-10 20:25 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
 2018-11-16 16:34 - 2018-11-10 20:25 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
 2018-11-16 16:34 - 2018-11-10 20:25 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
 2018-11-16 16:34 - 2018-11-10 20:25 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
 2018-11-16 16:34 - 2018-11-10 20:24 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
 2018-11-16 16:34 - 2018-11-10 20:24 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
 2018-11-16 16:34 - 2018-11-10 20:24 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
 2018-11-16 16:34 - 2018-11-10 20:14 - 004054248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
 2018-11-16 16:34 - 2018-11-10 20:14 - 003960040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
 2018-11-16 16:34 - 2018-11-10 20:12 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
 2018-11-16 16:34 - 2018-11-10 20:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 2018-11-16 16:34 - 2018-11-10 20:11 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
 2018-11-16 16:34 - 2018-11-10 20:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
 2018-11-16 16:34 - 2018-11-10 20:11 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
 2018-11-16 16:34 - 2018-11-10 20:10 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
 2018-11-16 16:34 - 2018-11-10 20:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
 2018-11-16 16:34 - 2018-11-10 20:10 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
 2018-11-16 16:34 - 2018-11-10 20:10 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
 2018-11-16 16:34 - 2018-11-10 20:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
 2018-11-16 16:34 - 2018-11-10 20:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
 2018-11-16 16:34 - 2018-11-10 19:52 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
 2018-11-16 16:34 - 2018-11-10 19:48 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
 2018-11-16 16:34 - 2018-11-10 19:47 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
 2018-11-16 16:34 - 2018-11-10 19:44 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
 2018-11-16 16:34 - 2018-11-10 19:44 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
 2018-11-16 16:34 - 2018-11-10 19:43 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
 2018-11-16 16:34 - 2018-10-26 22:42 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
 2018-11-16 16:34 - 2018-10-26 22:42 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
 2018-11-16 16:34 - 2018-10-26 22:42 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
 2018-11-16 16:34 - 2018-10-26 22:42 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
 2018-11-16 16:34 - 2018-10-26 22:41 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
 2018-11-16 16:34 - 2018-10-26 22:27 - 000173568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
 2018-11-16 16:34 - 2018-10-26 22:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
 2018-11-16 16:34 - 2018-10-26 22:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
 2018-11-16 16:34 - 2018-10-26 22:11 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
 2018-11-16 16:34 - 2018-10-26 22:11 - 000156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
 2018-11-16 16:34 - 2018-10-26 22:05 - 003227648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 2018-11-16 16:34 - 2018-10-26 22:04 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
 2018-11-16 16:34 - 2018-10-26 22:04 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
 2018-11-16 16:34 - 2018-10-26 22:04 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
 2018-11-16 16:34 - 2018-10-26 22:04 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dispex.dll
 2018-11-16 16:34 - 2018-10-18 14:49 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
 2018-11-16 16:34 - 2018-10-18 13:51 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
 2018-11-16 16:34 - 2018-10-12 15:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
 2018-11-16 16:34 - 2018-10-12 15:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
 2018-11-16 16:34 - 2018-10-12 14:55 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
 2018-11-16 16:34 - 2018-10-12 14:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
 2018-11-16 16:34 - 2018-10-12 14:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
 2018-11-16 16:34 - 2018-10-11 21:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
 2018-11-16 16:34 - 2018-10-11 21:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
 2018-11-16 16:34 - 2018-10-11 20:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
 2018-11-16 16:34 - 2018-10-11 20:54 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
 2018-11-16 16:34 - 2018-10-11 20:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
 2018-11-16 16:34 - 2018-10-11 20:26 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
 2018-11-16 16:34 - 2018-10-11 20:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
 2018-11-16 16:34 - 2018-10-11 20:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
 2018-11-16 16:34 - 2018-10-06 11:02 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
 2018-11-16 16:34 - 2018-10-06 08:42 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
 2018-11-16 16:34 - 2018-10-06 08:05 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
 2018-11-16 16:34 - 2018-09-22 21:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
 2018-11-16 16:34 - 2018-09-22 21:54 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
 2018-11-16 16:34 - 2018-09-22 21:54 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
 2018-11-16 16:34 - 2018-09-22 21:54 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
 2018-11-16 16:34 - 2018-09-22 21:54 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
 2018-11-16 16:34 - 2018-09-22 21:54 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
 2018-11-16 16:34 - 2018-09-22 21:37 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
 2018-11-16 16:34 - 2018-09-22 21:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
 2018-11-16 16:34 - 2018-09-22 21:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
 2018-11-16 16:34 - 2018-09-22 21:34 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
 2018-11-16 16:34 - 2018-09-22 21:34 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
 2018-11-16 16:34 - 2018-09-22 21:33 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
 2018-11-16 16:34 - 2018-09-22 21:22 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
 2018-11-16 16:34 - 2018-09-22 21:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
 2018-11-16 16:34 - 2018-09-22 21:21 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
 2018-11-16 16:34 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
 2018-11-16 16:34 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\system32\locale.nls
 2018-11-16 16:33 - 2018-11-10 20:26 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
 2018-11-16 16:33 - 2018-11-10 20:26 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
 2018-11-16 16:33 - 2018-11-10 20:26 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
 2018-11-16 16:33 - 2018-11-10 20:26 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
 2018-11-16 16:33 - 2018-11-10 20:26 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
 2018-11-16 16:33 - 2018-11-10 20:26 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
 2018-11-16 16:33 - 2018-11-10 20:26 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
 2018-11-16 16:33 - 2018-11-10 20:25 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
 2018-11-16 16:33 - 2018-11-10 20:25 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 20:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
 2018-11-16 16:33 - 2018-11-10 20:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 2018-11-16 16:33 - 2018-11-10 20:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
 2018-11-16 16:33 - 2018-11-10 20:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
 2018-11-16 16:33 - 2018-11-10 20:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
 2018-11-16 16:33 - 2018-11-10 20:10 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
 2018-11-16 16:33 - 2018-11-10 20:10 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
 2018-11-16 16:33 - 2018-11-10 20:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
 2018-11-16 16:33 - 2018-11-10 20:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
 2018-11-16 16:33 - 2018-11-10 20:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
 2018-11-16 16:33 - 2018-11-10 20:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
 2018-11-16 16:33 - 2018-11-10 20:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 20:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 19:53 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
 2018-11-16 16:33 - 2018-11-10 19:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
 2018-11-16 16:33 - 2018-11-10 19:53 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
 2018-11-16 16:33 - 2018-11-10 19:48 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
 2018-11-16 16:33 - 2018-11-10 19:47 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
 2018-11-16 16:33 - 2018-11-10 19:45 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
 2018-11-16 16:33 - 2018-11-10 19:44 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
 2018-11-16 16:33 - 2018-11-10 19:43 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
 2018-11-16 16:33 - 2018-11-10 19:43 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
 2018-11-16 16:33 - 2018-11-10 19:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
 2018-11-16 16:33 - 2018-11-10 19:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
 2018-11-16 16:33 - 2018-11-10 19:43 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
 2018-11-16 16:33 - 2018-11-10 19:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
 2018-11-16 16:33 - 2018-11-10 19:41 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
 2018-11-16 16:33 - 2018-11-10 19:40 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
 2018-11-16 16:33 - 2018-11-10 19:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
 2018-11-16 16:33 - 2018-11-10 19:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
 2018-11-16 16:33 - 2018-10-12 15:25 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
 2018-11-16 16:33 - 2018-10-12 15:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
 2018-11-16 16:33 - 2018-10-12 15:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
 2018-11-16 16:33 - 2018-10-12 14:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
 2018-11-16 16:33 - 2018-10-12 14:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
 2018-11-16 16:33 - 2018-10-12 14:55 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
 2018-11-16 16:33 - 2018-10-11 21:10 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
 2018-11-16 16:33 - 2018-10-11 21:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 2018-11-16 16:33 - 2018-10-11 20:59 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
 2018-11-16 16:33 - 2018-10-11 20:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
 2018-11-16 16:33 - 2018-10-11 20:51 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
 2018-11-16 16:33 - 2018-10-11 20:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
 2018-11-16 16:33 - 2018-10-11 20:42 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
 2018-11-16 16:33 - 2018-10-11 20:40 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
 2018-11-16 16:33 - 2018-10-11 20:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
 2018-11-16 16:33 - 2018-10-11 20:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
 2018-11-16 16:33 - 2018-10-11 20:26 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
 2018-11-16 16:33 - 2018-10-11 19:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
 2018-11-16 16:33 - 2018-09-22 21:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
 2018-11-16 16:32 - 2018-11-10 20:25 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
 2018-11-16 16:32 - 2018-11-10 20:25 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
 2018-11-16 16:32 - 2018-11-10 20:25 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
 2018-11-16 16:32 - 2018-11-10 20:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
 2018-11-16 16:32 - 2018-11-10 20:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 19:41 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
 2018-11-16 16:32 - 2018-11-10 19:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
 2018-11-16 16:32 - 2018-11-10 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
 2018-11-16 16:32 - 2018-11-10 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
 2018-11-16 16:32 - 2018-10-12 15:36 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
 2018-11-16 16:32 - 2018-10-12 15:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
 2018-11-16 16:32 - 2018-10-12 15:25 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
 2018-11-16 16:32 - 2018-10-12 15:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
 2018-11-16 16:32 - 2018-10-12 15:20 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
 2018-11-16 16:32 - 2018-10-12 15:20 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
 2018-11-16 16:32 - 2018-10-12 15:18 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
 2018-11-16 16:32 - 2018-10-12 15:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
 2018-11-16 16:32 - 2018-10-12 15:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
 2018-11-16 16:32 - 2018-10-12 15:11 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
 2018-11-16 16:32 - 2018-10-12 15:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
 2018-11-16 16:32 - 2018-10-12 15:07 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
 2018-11-16 16:32 - 2018-10-12 15:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
 2018-11-16 16:32 - 2018-10-12 15:05 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
 2018-11-16 16:32 - 2018-10-12 15:04 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
 2018-11-16 16:32 - 2018-10-12 15:03 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
 2018-11-16 16:32 - 2018-10-12 15:02 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
 2018-11-16 16:32 - 2018-10-12 14:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 2018-11-16 16:32 - 2018-10-11 21:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
 2018-11-16 16:32 - 2018-10-11 21:11 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
 2018-11-16 16:32 - 2018-10-11 21:10 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
 2018-11-16 16:32 - 2018-10-11 21:10 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
 2018-11-16 16:32 - 2018-10-11 21:04 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
 2018-11-16 16:32 - 2018-10-11 21:03 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
 2018-11-16 16:32 - 2018-10-11 21:00 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
 2018-11-16 16:32 - 2018-10-11 21:00 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
 2018-11-16 16:32 - 2018-10-11 20:46 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
 2018-11-16 16:32 - 2018-10-11 20:45 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
 2018-11-16 16:32 - 2018-10-11 20:44 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
 2018-11-16 16:32 - 2018-10-11 20:38 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
 2018-11-16 16:32 - 2018-09-22 21:54 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
 2018-11-16 16:32 - 2018-09-22 21:54 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
 2018-11-16 16:32 - 2018-09-22 21:54 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
 2018-11-16 16:32 - 2018-09-22 21:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
 2018-11-16 16:32 - 2018-09-22 21:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
 2018-11-16 16:32 - 2018-09-22 21:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
 2018-11-16 16:32 - 2018-09-22 21:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
 2018-11-16 16:32 - 2018-09-22 21:21 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
 2018-11-16 16:31 - 2018-10-11 21:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
 2018-11-16 15:05 - 2018-11-16 15:05 - 000000000 ____D C:\ProgramData\Caphyon
 2018-11-16 15:04 - 2018-11-16 15:04 - 000001913 _____ C:\Users\Public\Desktop\NordVPN.lnk
 2018-11-16 14:54 - 2018-11-16 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
 2018-11-15 23:52 - 2018-11-15 23:52 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\iolo
 2018-11-15 23:03 - 2018-11-15 23:04 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\NordVPN
 2018-11-15 23:02 - 2018-11-15 23:02 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\AVAST Software
 2018-11-15 23:02 - 2018-11-15 23:02 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\CEF
 2018-11-15 23:01 - 2018-11-15 23:05 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\Sony Corporation
 2018-11-15 22:57 - 2018-11-15 23:20 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\Google
 2018-11-15 22:57 - 2018-11-15 22:57 - 000099784 _____ C:\Users\TEMP.Tessa-VAIO\AppData\Local\GDIPFONTCACHEV1.DAT
 2018-11-15 22:57 - 2018-11-15 22:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Intel Corporation
 2018-11-15 22:57 - 2018-11-15 22:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Atheros
 2018-11-15 22:56 - 2018-11-16 14:32 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Sony Corporation
 2018-11-15 22:56 - 2018-11-15 22:56 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Adobe
 2018-11-15 22:56 - 2018-11-15 22:56 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\mbamtray
 2018-11-15 22:55 - 2018-11-16 14:37 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Reciente
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Plantillas
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Mis documentos
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Menú Inicio
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Impresoras
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Entorno de red
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Documents\Mis vídeos
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Documents\Mis imágenes
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Documents\Mi música
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Datos de programa
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Configuración local
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Local\Historial
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Local\Datos de programa
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Local\Archivos temporales de Internet
 2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\VirtualStore
 2018-11-15 22:55 - 2012-02-23 23:01 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Media Center Programs
 2018-11-15 16:27 - 2018-11-15 16:27 - 000352455 _____ C:\Users\Tessa\Desktop\151118t.pdf
 2018-11-15 01:47 - 2018-11-17 00:18 - 001726925 _____ C:\Users\Tessa\Desktop\Conexiones_establecidas.txt
 2018-11-15 01:47 - 2018-11-15 01:47 - 000000073 _____ C:\Users\Tessa\Desktop\forma.txt
 2018-11-12 21:23 - 2018-11-21 15:12 - 000000000 ____D C:\Users\TEMP
 2018-11-12 12:14 - 2018-11-12 12:14 - 000000000 ____D C:\Users\Tessa\Desktop\print
 2018-11-12 12:12 - 2018-11-12 16:21 - 000000000 ____D C:\Users\Tessa\Desktop\jobs 2018
 2018-11-12 12:10 - 2018-11-16 22:10 - 000000000 ____D C:\Users\Tessa\Desktop\CVs
 2018-11-12 12:04 - 2018-11-12 12:41 - 2899411939 _____ C:\Users\Tessa\Downloads\20170930_173528-003.mp4
 2018-11-12 12:03 - 2018-11-12 12:35 - 2133097695 _____ C:\Users\Tessa\Downloads\takeout-20181112T155821Z-001.zip
 2018-11-12 12:03 - 2018-11-12 12:11 - 446803740 _____ C:\Users\Tessa\Downloads\takeout-20181112T155821Z-002.zip
 2018-11-12 01:06 - 2018-11-12 01:06 - 001217236 _____ C:\Users\Tessa\Downloads\takeout-20181112T060510Z-001.zip
 2018-11-11 20:56 - 2018-11-24 19:11 - 000000000 ____D C:\Users\Tessa\AppData\Local\NordVPN
 2018-11-11 20:53 - 2018-11-16 15:04 - 000000000 ____D C:\Program Files (x86)\NordVPN
 2018-11-11 20:44 - 2018-11-16 14:32 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\NordVPN
 2018-11-11 20:43 - 2018-11-11 20:43 - 013579176 _____ (NordVPN) C:\Users\Tessa\Downloads\NordVPNSetup.exe
 2018-11-11 19:50 - 2018-11-11 19:50 - 000791393 _____ (Lars Hederer ) C:\Users\Tessa\Desktop\erunt-setup.exe
 2018-11-11 10:32 - 2018-11-26 09:55 - 000512072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
 2018-11-11 10:32 - 2018-11-19 17:57 - 000001922 _____ C:\Users\Public\Desktop\Avast Premier.lnk
 2018-11-11 10:32 - 2018-11-11 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
 2018-11-11 10:31 - 2018-11-11 10:31 - 000038152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
 2018-11-08 22:04 - 2018-11-16 17:21 - 000000000 ____D C:\Program Files\Google
 2018-11-08 22:04 - 2018-11-08 22:07 - 000000000 ____D C:\Program Files\Recuva
 2018-11-08 22:04 - 2018-11-08 22:04 - 000001658 _____ C:\Users\Public\Desktop\Recuva.lnk
 2018-11-08 22:04 - 2018-11-08 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
 2018-11-08 10:23 - 2018-11-08 10:25 - 000002016 _____ C:\DelFix.txt
 2018-11-08 10:23 - 2018-11-08 10:23 - 000000000 ____D C:\Windows\ERUNT
 2018-11-07 13:50 - 2018-11-07 13:51 - 000781312 _____ C:\Users\Tessa\Downloads\delfix_1.010.exe
 2018-11-06 12:23 - 2018-11-21 09:22 - 000198000 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
 2018-11-06 10:26 - 2018-11-06 10:26 - 006981240 _____ (ESET spol. s r.o.) C:\Users\Tessa\Downloads\esetonlinescanner_enu.exe
 2018-11-06 00:54 - 2018-11-06 00:54 - 000002338 _____ C:\Users\Tessa\Desktop\as_15C9.tmp.txt
 2018-11-06 00:53 - 2018-11-06 00:53 - 000002338 _____ C:\Users\Tessa\Desktop\as_7880.tmp.txt
 2018-11-05 00:32 - 2018-11-05 00:32 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
 2018-11-05 00:32 - 2018-11-05 00:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
 2018-11-05 00:32 - 2018-11-05 00:32 - 000000000 ____D C:\Program Files\VS Revo Group
 2018-11-03 10:20 - 2018-11-22 15:49 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 2018-11-03 10:17 - 2018-11-19 19:34 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 2018-11-03 10:17 - 2018-11-03 10:17 - 000002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
 2018-11-03 10:15 - 2018-11-03 10:15 - 000000000 ____D C:\Program Files (x86)\Adobe
 2018-11-01 23:41 - 2018-11-01 23:41 - 000000000 ____H C:\Users\Tessa\Documents\Default.rdp
 2018-11-01 22:33 - 2018-11-01 22:33 - 000001434 _____ C:\Users\Tessa\Desktop\scan_181101-232615.txt
 2018-10-31 19:13 - 2018-10-31 19:13 - 000002202 _____ C:\Users\Tessa\Desktop\mbar-log-2018-10-31 (19-38-01).txt
 2018-10-31 18:37 - 2018-10-31 18:37 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\4753828A.sys
 2018-10-31 18:24 - 2018-10-31 16:08 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Tessa\Desktop\mbar-1.10.3.1001.exe
 2018-10-31 16:00 - 2018-10-31 16:00 - 000633144 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
 2018-10-31 16:00 - 2018-10-31 16:00 - 000395592 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
 2018-10-31 16:00 - 2018-10-31 16:00 - 000333632 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
 2018-10-31 16:00 - 2018-10-31 16:00 - 000087880 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
 2018-10-30 09:05 - 2018-10-30 09:05 - 000001167 _____ C:\Users\Tessa\Desktop\SALog.txt
 2018-10-30 08:55 - 2018-10-30 08:55 - 000899584 _____ C:\Users\Tessa\Desktop\RGSA.exe
 2018-10-30 00:05 - 2018-10-29 23:45 - 007197480 _____ (VS Revo Group ) C:\Users\Tessa\Desktop\revosetup.exe
 2018-10-29 18:06 - 2018-10-29 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 2018-10-29 18:04 - 2018-10-29 18:04 - 000000000 ____D C:\Program Files\Microsoft Silverlight
 2018-10-29 18:04 - 2018-10-29 18:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
 2018-10-28 22:27 - 2018-11-21 16:18 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
 2018-10-28 22:27 - 2018-10-28 22:27 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2765F347.sys
 2018-10-28 22:07 - 2018-11-21 09:31 - 000954296 _____ C:\Windows\ntbtlog.txt
 2018-10-28 19:23 - 2018-10-28 19:23 - 000000000 ____D C:\Users\Tessa\AppData\Local\ESET

==================== One Month Modified files and folders ========

 (If an entry is included in the fixlist, the file/folder will be moved.)

 2018-11-27 00:26 - 2018-10-08 10:21 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
 2018-11-27 00:22 - 2018-10-08 10:23 - 000000000 ____D C:\Users\Tessa\AppData\Local\AVAST Software
 2018-11-27 00:17 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
 2018-11-27 00:08 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
 2018-11-26 23:58 - 2018-10-12 19:20 - 000000000 ____D C:\Users\Tessa\AppData\Local\ElevatedDiagnostics
 2018-11-26 23:38 - 2018-10-08 10:38 - 000000000 ____D C:\Users\Tessa\AppData\LocalLow\Mozilla
 2018-11-26 18:17 - 2018-10-27 12:11 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 2018-11-26 18:17 - 2018-10-27 12:11 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 2018-11-26 17:04 - 2018-10-07 11:18 - 000747970 _____ C:\Windows\system32\perfh00A.dat
 2018-11-26 17:04 - 2018-10-07 11:18 - 000159410 _____ C:\Windows\system32\perfc00A.dat
 2018-11-26 17:04 - 2009-07-14 00:13 - 001678218 _____ C:\Windows\system32\PerfStringBackup.INI
 2018-11-26 17:04 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
 2018-11-26 16:50 - 2009-07-13 23:45 - 000021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
 2018-11-26 16:50 - 2009-07-13 23:45 - 000021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
 2018-11-26 09:03 - 2018-10-08 10:38 - 000000000 ____D C:\Users\Tessa\AppData\Local\CrashDumps
 2018-11-24 22:29 - 2018-10-08 11:30 - 000004494 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
 2018-11-24 22:29 - 2018-10-07 12:03 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
 2018-11-24 22:29 - 2018-10-07 12:03 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 2018-11-24 22:29 - 2018-10-07 12:03 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
 2018-11-24 22:29 - 2018-10-07 12:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
 2018-11-24 22:29 - 2018-10-07 12:03 - 000000000 ____D C:\Windows\system32\Macromed
 2018-11-22 15:49 - 2018-10-27 12:08 - 000003534 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
 2018-11-22 15:49 - 2018-10-27 12:08 - 000003406 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 2018-11-22 15:49 - 2018-10-15 09:37 - 000003138 _____ C:\Windows\System32\Tasks\{7E8C366A-D0AC-47E9-A58A-9C90B2BE827F}
 2018-11-22 15:49 - 2018-10-08 10:21 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
 2018-11-22 15:49 - 2018-10-07 11:56 - 000003886 _____ C:\Windows\System32\Tasks\VHDInformationCheck
 2018-11-21 15:18 - 2009-07-13 23:45 - 000442240 _____ C:\Windows\system32\FNTCACHE.DAT
 2018-11-21 15:09 - 2018-10-07 12:22 - 000101416 _____ C:\Users\Tessa\AppData\Local\GDIPFONTCACHEV1.DAT
 2018-11-21 14:00 - 2018-10-12 00:26 - 000000000 ____D C:\Program Files\LibreOffice
 2018-11-20 19:20 - 2018-10-14 17:03 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\PrimoPDF
 2018-11-20 14:56 - 2018-10-08 10:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
 2018-11-20 14:56 - 2018-10-08 10:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
 2018-11-20 09:57 - 2009-07-14 00:08 - 000032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 2018-11-19 19:32 - 2018-10-10 23:49 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\Skype
 2018-11-19 19:25 - 2018-10-08 10:29 - 000000000 ____D C:\Program Files\CCleaner
 2018-11-19 19:18 - 2018-10-08 17:42 - 000000000 ____D C:\Users\Tessa\AppData\Local\Adobe
 2018-11-19 17:40 - 2018-10-25 09:16 - 000000000 ____D C:\Users\Tere.Tessa-VAIO
 2018-11-19 17:39 - 2018-10-07 12:22 - 000000000 ____D C:\Users\Tessa
 2018-11-19 17:35 - 2018-10-18 20:47 - 000000000 ____D C:\ProgramData\Atheros
 2018-11-19 17:35 - 2018-10-07 11:04 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
 2018-11-19 17:35 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\AppCompat
 2018-11-19 17:34 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
 2018-11-16 17:21 - 2018-10-08 10:24 - 000000000 ____D C:\Program Files (x86)\Google
 2018-11-16 17:12 - 2018-10-10 11:00 - 000000000 ____D C:\Windows\system32\MRT
 2018-11-16 16:54 - 2018-10-10 10:59 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
 2018-11-16 16:46 - 2011-02-10 18:03 - 001652804 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
 2018-11-16 16:26 - 2018-10-08 10:21 - 000208472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
 2018-11-16 16:25 - 2018-10-08 10:21 - 000469272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
 2018-11-16 16:25 - 2018-10-08 10:21 - 000380464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
 2018-11-16 16:25 - 2018-10-08 10:21 - 000201240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
 2018-11-16 16:25 - 2018-10-08 10:21 - 000163208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
 2018-11-16 16:25 - 2018-10-08 10:21 - 000111800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
 2018-11-16 16:25 - 2018-10-08 10:21 - 000087432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
 2018-11-16 16:25 - 2018-10-08 10:21 - 000046384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
 2018-11-16 16:24 - 2018-10-09 21:32 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
 2018-11-16 16:22 - 2018-10-08 10:24 - 000000000 ____D C:\Users\Tessa\AppData\Local\Google
 2018-11-16 16:21 - 2018-10-08 10:21 - 001028680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
 2018-11-16 16:19 - 2018-10-08 10:21 - 000346592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
 2018-11-16 16:19 - 2018-10-08 10:21 - 000230344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
 2018-11-16 16:19 - 2018-10-08 10:21 - 000201768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
 2018-11-16 16:19 - 2018-10-08 10:21 - 000059496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
 2018-11-16 14:34 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\PolicyDefinitions
 2018-11-16 14:32 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
 2018-11-09 01:43 - 2018-10-07 12:40 - 000000000 ____D C:\Users\Public\Documents\Songs
 2018-11-07 09:55 - 2018-10-07 13:21 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\iolo
 2018-11-03 10:22 - 2018-10-08 17:42 - 000000000 ____D C:\Users\Tessa\AppData\LocalLow\Adobe
 2018-11-03 10:14 - 2018-10-07 12:03 - 000000000 ____D C:\ProgramData\Adobe
 2018-11-01 23:25 - 2018-10-08 10:59 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
 2018-10-29 11:03 - 2018-10-08 17:39 - 000000000 ____D C:\Users\Tessa\Documents\CVs
 2018-10-28 22:27 - 2018-10-08 10:56 - 000000000 ____D C:\ProgramData\Malwarebytes

#4
Some files in TEMP:
 ====================
 2018-11-26 09:01 - 2018-11-26 09:01 - 000510848 _____ (Sysinternals - www.sysinternals. com) C:\Users\Tessa\AppData\Local\Temp\HLMMW.exe
 2018-11-26 09:02 - 2018-11-26 09:02 - 000359296 _____ (Sysinternals - www.sysinternals. com) C:\Users\Tessa\AppData\Local\Temp\JUMFCKUTQZO.exe
 2018-11-26 09:03 - 2018-11-26 09:03 - 000572288 _____ (Sysinternals - www.sysinternals. com) C:\Users\Tessa\AppData\Local\Temp\MXCXBLQ.exe
 ==================== Bamital & volsnap ======================
 (There is no automatic fix for files that do not pass verification.)

 C:\Windows\system32\winlogon.exe => File is digitally signed
 C:\Windows\system32\wininit.exe => File is digitally signed
 C:\Windows\SysWOW64\wininit.exe => File is digitally signed
 C:\Windows\explorer.exe => File is digitally signed
 C:\Windows\SysWOW64\explorer.exe => File is digitally signed
 C:\Windows\system32\svchost.exe => File is digitally signed
 C:\Windows\SysWOW64\svchost.exe => File is digitally signed
 C:\Windows\system32\services.exe => File is digitally signed
 C:\Windows\system32\User32.dll => File is digitally signed
 C:\Windows\SysWOW64\User32.dll => File is digitally signed
 C:\Windows\system32\userinit.exe => File is digitally signed
 C:\Windows\SysWOW64\userinit.exe => File is digitally signed
 C:\Windows\system32\rpcss.dll => File is digitally signed
 C:\Windows\system32\dnsapi.dll => File is digitally signed
 C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
 C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 LastRegBack: 2018-10-14 15:21

 ==================== End of FRST.txt ============================

Addition

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
 Ran by Tessa (27-11-2018 00:26:55)
 Running from C:\Users\Tessa\Desktop
 Windows 7 Home Premium Service Pack 1 (X64) (2018-10-07 17:22:44)
 Boot Mode: Normal
 ==========================================================


 ==================== Accounts: =============================

 Administrador (S-1-5-21-1459080146-1752181985-1471865784-500 - Administrator - Disabled)
 Invitado (S-1-5-21-1459080146-1752181985-1471865784-501 - Limited - Disabled)
 Tere (S-1-5-21-1459080146-1752181985-1471865784-1003 - Limited - Enabled) => C:\Users\TEMP.Tessa-VAIO.001
 Tessa (S-1-5-21-1459080146-1752181985-1471865784-1000 - Administrator - Enabled) => C:\Users\Tessa

 ==================== Security Center ========================

 (If an entry is included in the fixlist, it will be removed.)

 AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
 AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
 AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
 AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

 ==================== Installed Programs ======================

 (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 ACID Music Studio 8.0 (HKLM-x32\...\{7B70781E-6D04-11E0-A566-005056C00008}) (Version: 8.0.178 - Sony)
 Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
 Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.153 - Adobe Systems Incorporated)
 Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
 ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
 ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.457 - ArcSoft)
 Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.135 - Atheros)
 Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
 BPCx64 (HKLM\...\{C25C68CF-E4A1-4B6F-9F28-5559264F23FD}) (Version: 1.0.0 - Sony Corporation) Hidden
 BPCx86 (HKLM-x32\...\{F5802A74-7CAF-42E7-AC98-BB8D99B90C7D}) (Version: 1.0.0 - Sony Corporation) Hidden
 CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
 Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
 CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.)
 D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
 Diagnóstico de ventilador de CPU VAIO (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
 DVD Architect Studio 5.0 (HKLM-x32\...\{7AFBA1EE-24FE-11E1-A28A-F04DA23A5C58}) (Version: 5.0.157 - Sony)
 Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
 FDUx86 (HKLM-x32\...\{3490653F-2789-46A1-B1BF-6BD4CF4131AB}) (Version: 1.0.0 - Sony Corporation) Hidden
 Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
 Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
 Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
 Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
 Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
 Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
 Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
 Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
 Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
 Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
 Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
 Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 KUx86 (HKLM-x32\...\{6FD21053-829D-40E7-B04C-CAFB7D5CD025}) (Version: 1.0.0 - Sony Corporation ) Hidden
 LibreOffice 6.0.7.3 (HKLM\...\{54B10C43-7DD3-4C32-B0D1-9F90C9FBB6E3}) (Version: 6.0.7.3 - The Document Foundation)
 Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
 Manual de VAIO (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.3.0.12300 - Sony Corporation)
 Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.2.3.04170 - Sony Corporation)
 Media Go (HKLM-x32\...\{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}) (Version: 2.0.317 - Sony)
 Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
 Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
 Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
 Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
 Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
 Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
 Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
 Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
 Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
 Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
 Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
 MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
 MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
 NordVPN (HKLM-x32\...\{A19C08C0-A154-4055-ADC1-F36BE5758EA6}) (Version: 6.18.9 - NordVPN) Hidden
 NordVPN (HKLM-x32\...\NordVPN 6.18.9) (Version: 6.18.9 - NordVPN)
 NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
 Panda USB Vaccine 1.0.1.16 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
 PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.1.01.14210 - Sony Corporation)
 PlayStation®Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
 PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.5.15.13232 - Sony Computer Entertainment Inc.)
 PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
 Qualcomm Atheros Direct Connect (HKLM-x32\...\{21DD6041-7251-40FA-9D06-C5EB30268E0F}) (Version: 3.1 - Qualcomm Atheros) Hidden
 Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)
 Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
 Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.91 - Realtek Semiconductor Corp.)
 Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
 Remote Keyboard (HKLM-x32\...\{6466EF6E-700E-470F-94CB-D0050302C84E}) (Version: 1.2.0.09270 - Sony Corporation) Hidden
 Remote Play with PlayStation®3 (HKLM-x32\...\{D56DA747-5FDB-4AD5-9A6A-3481C0ED44BD}) (Version: 1.1.0.21090 - Sony Corporation) Hidden
 Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
 Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
 Skype versión 8.34 (HKLM-x32\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
 Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18091.6 - Samsung Electronics Co., Ltd.) Hidden
 Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18091.6 - Samsung Electronics Co., Ltd.)
 Sound Forge Audio Studio 10.0 (HKLM-x32\...\{0B5CD700-A1D3-11E0-AD24-005056C00008}) (Version: 10.0.176 - Sony)
 Spotify (HKU\S-1-5-21-1459080146-1752181985-1471865784-1000\...\Spotify) (Version: 1.0.88.353.g15c26ea1 - Spotify AB)
 SSLx64 (HKLM\...\{312395BC-7CC2-434C-A660-30250276A926}) (Version: 1.0.0 - Sony Corporation ) Hidden
 SSLx86 (HKLM-x32\...\{63C43435-F428-42BA-8E7B-5848749D9262}) (Version: 1.0.0 - Sony Corporation ) Hidden
 Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.6 - Synaptics Incorporated)
 TrackID™ with BRAVIA (HKLM-x32\...\{858B32BD-121C-4AC8-BD87-CE37C51C03E2}) (Version: 1.2.0.09270 - Sony Corportaion) Hidden
 V3DPx86 (HKLM-x32\...\{D4E7BB46-310E-4A21-B261-052A5997EA2F}) (Version: 1.0.0 - Sony Corporation ) Hidden
 VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
 VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
 VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.01.03310 - Sony Corporation)
 VAIO - Teclado a distancia (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
 VAIO - Teclado a distancia con PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation)
 VAIO - TrackID™ con BRAVIA (HKLM-x32\...\{2F41EF61-A066-4EBF-84F8-21C1B317A780}) (Version: 1.2.0.09270 - Sony Corporation)
 VAIO - Uso a distancia con PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.21090 - Sony Corporation)
 VAIO 3D Portal (HKLM-x32\...\{C14EAE86-C526-4E00-B245-CFF86233C3D2}) (Version: 1.2.0.10131 - Sony Corporation)
 VAIO Care (HKLM\...\{CFF47016-B212-4D89-8DC2-15D5508A73BA}) (Version: 8.4.6.05111 - Sony Corporation)
 VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
 VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.1.15070 - Sony Corporation)
 VAIO Data Restore Tool (HKLM-x32\...\{5156C9BF-1C27-430B-96D8-7129F11699A8}) (Version: 1.9.0.13190 - Sony Corporation) Hidden
 VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.9.0.13190 - Sony Corporation)
 VAIO Easy Connect (HKLM-x32\...\{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation) Hidden
 VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
 VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.2.02200 - Sony Corporation)
 VAIO Gate (HKLM-x32\...\{AE5F3379-8B81-457E-8E09-7E61D941AFA4}) (Version: 2.4.1.09230 - Sony Corporation) Hidden
 VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.5.2.02090 - Sony Corporation)
 VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 1.0.0.12300 - Sony Corporation)
 VAIO Gesture Control (HKLM-x32\...\{C8544A9A-76BE-4F82-811E-979799AE493B}) (Version: 1.0.0.12300 - Sony Corporation) Hidden
 VAIO Help and Support (HKLM-x32\...\{C9EFF66F-B0CF-4B1A-9371-2FC647658CDF}) (Version: 17.00.0109 - Sony Corporation)
 VAIO OOBE (HKLM-x32\...\{D9777637-33B7-47A9-800C-F6A2CD4EB0FE}) (Version: 12.2.1.2483 - Sony Corporation)
 VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.0.09010 - Sony Corporation)
 VAIO Satisfaction Survey. (HKLM-x32\...\VAIO Satisfaction Survey.3.0) (Version: 3.0 - Sony Electronics Inc.)
 VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.14.1.07010 - Sony Corporation)
 VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.7.1.06040 - Sony Corporation)
 VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.3.0.03150 - Sony Corporation)
 VCCx64 (HKLM\...\{549AD5FB-F52D-4307-864A-C0008FB35D96}) (Version: 1.0.0 - Sony Corporation) Hidden
 VCCx86 (HKLM-x32\...\{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}) (Version: 1.0.0 - Sony Corporation) Hidden
 Vegas Movie Studio HD Platinum 11.0 (HKLM-x32\...\{CF30A821-F384-11E0-AC56-F04DA23A5C58}) (Version: 11.0.256 - Sony)
 VGClientX64 (HKLM\...\{99E6C2F3-59B2-4308-B1CD-4928B55B7E30}) (Version: 1.0.0 - Sony Corporation) Hidden
 VGClientX86 (HKLM-x32\...\{8B583EF5-FA7B-4AE2-9008-51B7FD505886}) (Version: 1.0.0 - Sony Corporation) Hidden
 VHD (HKLM-x32\...\{DB1A3EA7-0C25-4BEC-A108-176195190369}) (Version: 1.0.0 - Microsoft) Hidden
 VMLx86 (HKLM-x32\...\{7E5A5CA6-B7D0-406E-A75E-157CAB47EB94}) (Version: 1.0.0 - Sony Corporation) Hidden
 VPMx64 (HKLM\...\{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}) (Version: 1.0.0 - Sony Corporation ) Hidden
 VSNx64 (HKLM\...\{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}) (Version: 1.0.0 - Sony Corporation) Hidden
 VSNx86 (HKLM-x32\...\{A49A517F-5332-4665-922C-6D9AD31ADD4F}) (Version: 1.0.0 - Sony Corporation) Hidden
 VSSTx64 (HKLM\...\{4F31AC31-0A28-4F5A-8416-513972DA1F79}) (Version: 1.0.0 - Sony Corporation ) Hidden
 VSSTx86 (HKLM-x32\...\{B24BB74E-8359-43AA-985A-8E80C9219C70}) (Version: 1.0.0 - Sony Corporation) Hidden
 VU5x64 (HKLM\...\{6B7DE186-374B-4873-AEC1-7464DA337DD6}) (Version: 1.1.0 - Sony Corporation ) Hidden
 VU5x86 (HKLM-x32\...\{9D12A8B5-9D41-4465-BF11-70719EB0CD02}) (Version: 1.1.0 - Sony Corporation ) Hidden
 VU5x86 (HKLM-x32\...\{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}) (Version: 1.0.0 - Sony Corporation ) Hidden
 VUx64 (HKLM\...\{A0A2BE14-D3FF-41C8-9545-4B130E3FE9A4}) (Version: 1.2.0 - Sony Corporation) Hidden
 VUx86 (HKLM-x32\...\{D04F1D22-4A47-42C6-A2B9-094A7B844D9B}) (Version: 1.2.0 - Sony Corporation) Hidden
 VWSTx86 (HKLM-x32\...\{B8991D99-88FD-41F2-8C32-DB70278D5C30}) (Version: 1.0.0 - Sony Corporation) Hidden
 Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

 ==================== Custom CLSID (Whitelisted): ==========================

 (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
 ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2012-04-28] (Atheros Commnucations)
 ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
 ContextMenuHandlers2: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => C:\Program Files\Sony\VAIO Gate\VAIOGateShellExt.dll [2012-02-20] (Sony Corporation)
 ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
 ContextMenuHandlers3: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => C:\Program Files\Sony\VAIO Gate\VAIOGateShellExt.dll [2012-02-20] (Sony Corporation)
 ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2012-04-28] (Atheros Commnucations)
 ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
 ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
 ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-14] (Intel Corporation)
 ContextMenuHandlers6: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => C:\Program Files\Sony\VAIO Gate\VAIOGateShellExt.dll [2012-02-20] (Sony Corporation)
 ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
 ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
 ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)

 ==================== Scheduled Tasks (Whitelisted) =============

 (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 Task: {07D4F11D-21E2-4FE1-B673-DFC619389BAC} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
 Task: {084525E5-75F5-4D13-81FF-CFC4C9F30E5C} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
 Task: {0FBA313F-42DA-4DB5-A040-91E382DAEE2A} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
 Task: {1048CA66-C882-4970-9007-064408EB1925} - System32\Tasks\Sony Corporation\BP Checker\CheckBPStatusLogon => C:\Program Files\Sony\BP Checker\BPChecker.exe [2016-11-29] (Sony Corporation)
 Task: {15DD8226-6DBA-406A-A5A2-1A08EE28B796} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
 Task: {22295B37-231F-447E-9970-DE1B76546729} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] ()
 Task: {26372C46-8C8B-4558-8EE4-68257101FF39} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net [Argument = start VSNService]
 Task: {40D48C07-F523-497A-B0EE-07022C8ED30B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
 Task: {4A505F33-30AC-474B-BDDB-99E40C36357B} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
 Task: {4F290FB1-72EE-4F81-8549-0FE083A1983C} - System32\Tasks\Sony Corporation\VAIO Care\VKSvcWeekly => C:\Program Files\Sony\VAIO Care\VAIOTM\VKSvc.exe [2017-04-19] (Sony Corporation)
 Task: {505077DF-9A2F-4AFB-8A8A-FC775FDC6226} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2017-05-11] (Sony Corporation)
 Task: {52031DBA-5DC9-403B-A3CD-E2E585CA0D26} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
 Task: {5E206916-93CB-49CA-8EA3-DC7A90C4E99A} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
 Task: {6103856B-42BE-400E-98B5-6D6138B2BED4} - System32\Tasks\Sony Corporation\BP Checker\CheckBPStatusCreate => C:\Program Files\Sony\BP Checker\BPChecker.exe [2016-11-29] (Sony Corporation)
 Task: {61BCAFE5-F031-4BA0-A9DE-012D71A9EFE4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-16] (AVAST Software)
 Task: {6C90173C-8304-4123-B686-B1FA51EFE362} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
 Task: {731F13EE-7120-4336-8F8C-1DB3102F5E7B} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2018-03-19] (Sony Corporation)
 Task: {74299DA7-D5FA-49A3-B54A-8976C0B3C77D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-27] (Google Inc.)
 Task: {74EDED6D-7856-4718-9E6A-33D848B6704C} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
 Task: {7595B397-6E6E-4DF5-8F66-AB0CADA1957C} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2017-05-11] (Sony Corporation)
 Task: {75E34B38-9A90-486C-8F2B-5135AADDA9CB} - System32\Tasks\Sony Corporation\VAIO Care\VTUsr => C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe [2017-04-19] (Sony Corporation)
 Task: {7BEAC51A-D18F-42C1-B8F5-C7EF11286EA3} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
 Task: {866E4782-9C98-414F-B185-ABEB39F02098} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
 Task: {87C2E7FE-508F-4676-BFF1-D9477F562F7F} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
 Task: {89879B9E-DEBC-4A26-AC4E-75F56B45A85E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-29] (AVAST Software)
 Task: {89EDE9DD-280E-485B-A98C-4BFA6311ACB3} - System32\Tasks\{7E8C366A-D0AC-47E9-A58A-9C90B2BE827F} => C:\Windows\system32\pcalua.exe -a C:\Users\Tessa\Documents\SmartSwitchPC.exe -d C:\Users\Tessa\Documents
 Task: {8A7027FC-8312-428D-8B9C-31FA2560FC60} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
 Task: {9109A380-1506-4BD4-AE19-03D32002C748} - System32\Tasks\Sony Corporation\VAIO Care\VKSvcDaily => C:\Program Files\Sony\VAIO Care\VAIOTM\VKSvc.exe [2017-04-19] (Sony Corporation)
 Task: {A99288BF-6911-49FA-8ED0-28F93C0BA5DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-27] (Google Inc.)
 Task: {B24AA1A0-DCE7-4698-BAF4-61B8E201F5BA} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VSScheduler.exe [2010-12-09] (Sony Electronics Inc.)
 Task: {BFA8E6CA-9FF8-4E19-97CD-DA8FE3853233} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2018-03-19] (Sony Corporation)
 Task: {C07431C5-8617-4160-A348-B2B29B4317A9} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
 Task: {C17BBA68-0D91-4E4F-9D39-F1FDC9C3BDD2} - System32\Tasks\Sony\OOBESendInfo => C:\Program Files (x86)\Sony\OOBE\OOBESendInfo.exe [2012-03-15] (Sony Electronics Inc.)
 Task: {C663A0C2-E06A-400F-93C9-620F731AD661} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
 Task: {C79581F6-1C32-4B76-967A-08DF80E8C800} - System32\Tasks\Sony Corporation\VAIO Care\VTSvc => C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe [2017-04-19] (Sony Corporation)
 Task: {CF18D41C-14C8-480D-8988-8FCB69AC7939} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2018-03-07] (Sony Corporation)
 Task: {D23D6C89-5695-4D8C-A9DF-429D91BB96A8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-24] (Adobe Systems Incorporated)
 Task: {EB02960E-62C9-4279-9B9C-D24C72637B0E} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
 Task: {EC40A017-02CF-46B6-B5DD-EF27B70A6D8B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
 Task: {F3CCC81E-5CC5-4AC3-8F46-BDA8B5B14402} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-24] (Adobe Systems Incorporated)
 Task: {FE182E5A-333D-4078-BC14-7FD9621BF443} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)

 (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

 (The entries could be listed to be restored or removed.)


 ==================== Loaded Modules (Whitelisted) ==============

 2018-10-08 10:40 - 2015-09-01 08:41 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
 2018-10-07 10:54 - 2012-03-13 11:01 - 000128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
 2018-11-06 06:56 - 2018-11-06 06:56 - 000437200 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
 2018-10-08 10:59 - 2018-11-01 23:25 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
 2018-10-08 10:59 - 2018-11-01 23:25 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
 2018-11-16 16:24 - 2018-11-16 16:24 - 000728792 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
 2012-03-14 15:54 - 2012-03-14 02:57 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
 2018-11-16 16:22 - 2018-11-16 16:22 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
 2018-11-16 16:24 - 2018-11-16 16:24 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
 2018-11-26 17:15 - 2018-11-26 17:15 - 005736080 _____ () C:\Program Files\AVAST Software\Avast\defs\18112604\algo.dll
 2018-11-16 16:22 - 2018-11-16 16:22 - 000496344 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
 2018-11-16 16:20 - 2018-11-16 16:20 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
 2018-11-16 16:22 - 2018-11-16 16:22 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
 2018-05-24 07:45 - 2018-05-24 07:45 - 000250368 _____ () C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
 2018-10-07 11:52 - 2012-03-07 18:57 - 000021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
 2018-10-08 10:23 - 2018-10-08 10:23 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 2018-11-19 21:24 - 2018-11-19 21:24 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\318f4e270844db14015db593913440b1\IsdiInterop.ni.dll
 2018-10-07 10:58 - 2011-11-29 20:00 - 000059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 2018-10-07 10:54 - 2012-03-13 11:02 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

 ==================== Alternate Data Streams (Whitelisted) =========

 (If an entry is included in the fixlist, only the ADS will be removed.)


 ==================== Safe Mode (Whitelisted) ===================

 (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44328596.sys => ""="Driver"
 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44328596.sys => ""="Driver"
 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

 ==================== Association (Whitelisted) ===============

 (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


 ==================== Internet Explorer trusted/restricted ===============

 (If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

 (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


 ==================== Other Areas ============================

 (Currently there is no automatic fix for this section.)

 HKU\S-1-5-21-1459080146-1752181985-1471865784-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tessa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 DNS Servers: Media is not connected to internet.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 Windows Firewall is enabled.

 ==================== MSCONFIG/TASK MANAGER disabled items ==

 If an entry is included in the fixlist, it will be removed.

 MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
 MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
 MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
 MSCONFIG\startupreg: PMBVolumeWatcher => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
 MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
 MSCONFIG\startupreg: Spotify => C:\Users\Tessa\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized

 ==================== FirewallRules (Whitelisted) ===============

 (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 FirewallRules: [{86F2CCFA-1891-4AEB-91AA-5812908C8F2F}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
 FirewallRules: [{359BF62C-EEE0-4C6E-A0DE-E564248122E4}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
 FirewallRules: [{80ACD008-87A1-4C33-9321-96041C7F905A}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
 FirewallRules: [{A0AB810D-C339-48C6-8934-1748D36AEF2E}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe
 FirewallRules: [{5348E4EB-2302-4D44-B8EE-3D42BBF9EA36}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
 FirewallRules: [{B22B0CB9-A37E-4D1F-A92D-CD5EA7692392}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
 FirewallRules: [{17CC2025-76A0-44C0-B8DC-18E6BA55DDA0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
 FirewallRules: [{96E46E2C-9EF6-44AD-9CC0-8C02FB79AF8B}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
 FirewallRules: [{D42C16AB-837B-4793-A998-EC0B71D3344A}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
 FirewallRules: [{A302C2EF-8E9E-4C2C-A790-F085718F246C}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
 FirewallRules: [{DC4F6D85-3EED-4464-A96C-8C64BADFE88E}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
 FirewallRules: [{7364A88F-BEB7-4899-94BF-12E82915A22C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 FirewallRules: [{51E05604-9C52-4E83-9924-0660242B171D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 FirewallRules: [{6594D6DE-CCBA-4D7A-A134-0E99C0E5DF6F}] => (Allow) C:\Program Files\Opera\56.0.3051.36\opera.exe
 FirewallRules: [{B4A7F6BC-7124-4D5C-882B-841981A29F71}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
 FirewallRules: [{47B48ADB-9209-4135-97BD-4B0A70C0A881}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
 FirewallRules: [{0539C7D8-2AAB-48FB-AF12-DB7D2349ED46}] => (Allow) C:\Program Files\Opera\56.0.3051.43\opera.exe
 FirewallRules: [{BFB86B73-46FA-45EC-BF8F-307FBD8557CC}] => (Block) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
 FirewallRules: [{565BFD0B-F8A3-48B6-8D5A-1ACACB9B5A75}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
 FirewallRules: [{E759DA56-40BD-46FD-A5DB-D74A88AA6B71}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
 FirewallRules: [{632C265B-6480-4833-86D2-D945CF8000A9}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
 FirewallRules: [{200179B4-35E6-49B3-9289-7DAFDE09890B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
 FirewallRules: [{E5F6F696-596C-450F-A13A-D03B427AD83F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
 FirewallRules: [{65716FE7-570E-4967-BFD1-C73CA1FC76DA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
 FirewallRules: [{306D68CF-BB10-4918-B9DA-CB1F8A587543}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
 FirewallRules: [{109E1E3B-42DE-4DC3-AE86-928DE51E08AB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
 FirewallRules: [{74794B46-B634-4F4E-858E-67124C0BAADC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
 FirewallRules: [{835B22BC-EAB9-455A-BFE5-BEC732F478A3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
 FirewallRules: [{2286406A-0087-4F03-A294-67373373FFBE}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
 FirewallRules: [{06F689B4-2A37-4780-A5E3-13246D367153}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
 FirewallRules: [{07CF38E6-BD82-4992-AFC7-F6B6D93AA949}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
 FirewallRules: [{524727C0-0A8C-4F10-A82B-2C47493429E8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
 FirewallRules: [{B8CA86BB-A8D6-4FF5-82DF-EF77C250CA10}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
 FirewallRules: [{C3DAEBD1-F507-4656-AF56-A9D06BE4A6D9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 ==================== Restore Points =========================

 19-11-2018 17:28:21 Operación de restauración
 19-11-2018 18:56:25 Instalación del paquete de controladores de dispositivo: TAP-NordVPN Windows Provider V9 Adaptadores de red
 20-11-2018 21:15:31 Revo Uninstaller's restore point - UsbFix Anti-Malware Premium
 21-11-2018 13:41:32 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123
 21-11-2018 15:07:41 Revo Uninstaller's restore point - Kaspersky Total Security
 21-11-2018 15:14:36 Revo Uninstaller's restore point - Kaspersky Secure Connection
 26-11-2018 23:39:24 JRT Pre-Junkware Removal

 ==================== Faulty Device Manager Devices =============


 ==================== Event log errors: =========================

 Application errors:
 ==================
 Error: (11/26/2018 11:39:24 PM) (Source: VSS) (EventID: 8193) (User: )
 Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1459080146-1752181985-1471865784-1003.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
 .
Operación:
    Evento OnIdentify
    Recopilando datos del escritor

 Contexto:
    Contexto de ejecución: Shadow Copy Optimization Writer
    Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Nombre del escritor: Shadow Copy Optimization Writer
    Id. de instancia del escritor: {505f048b-d9df-4efa-94e2-012ba153a652}

 Error: (11/26/2018 09:03:45 AM) (Source: Application Error) (EventID: 1000) (User: )
 Description: Nombre de la aplicación con errores: RootkitRevealer.exe, versión: 1.71.0.0, marca de tiempo: 0x44e255aa
 Nombre del módulo con errores: RootkitRevealer.exe, versión: 1.71.0.0, marca de tiempo: 0x44e255aa
 Código de excepción: 0xc0000005
 Desplazamiento de errores: 0x000040cd
 Id. del proceso con errores: 0xd08
 Hora de inicio de la aplicación con errores: 0x01d48590d84f51d1
 Ruta de acceso de la aplicación con errores: C:\Users\Tessa\Desktop\RootkitRevealer\RootkitRevealer.exe
 Ruta de acceso del módulo con errores: C:\Users\Tessa\Desktop\RootkitRevealer\RootkitRevealer.exe
 Id. del informe: 160ee7b3-f184-11e8-ba6d-30f9edbcec26

 Error: (11/26/2018 09:02:36 AM) (Source: Application Error) (EventID: 1000) (User: )
 Description: Nombre de la aplicación con errores: RootkitRevealer.exe, versión: 1.71.0.0, marca de tiempo: 0x44e255aa
 Nombre del módulo con errores: RootkitRevealer.exe, versión: 1.71.0.0, marca de tiempo: 0x44e255aa
 Código de excepción: 0xc0000005
 Desplazamiento de errores: 0x000040cd
 Id. del proceso con errores: 0xcac
 Hora de inicio de la aplicación con errores: 0x01d48590af7c30ba
 Ruta de acceso de la aplicación con errores: C:\Users\Tessa\Desktop\RootkitRevealer\RootkitRevealer.exe
 Ruta de acceso del módulo con errores: C:\Users\Tessa\Desktop\RootkitRevealer\RootkitRevealer.exe
 Id. del informe: ed39653c-f183-11e8-ba6d-30f9edbcec26

 Error: (11/26/2018 09:01:14 AM) (Source: Application Error) (EventID: 1000) (User: )
 Description: Nombre de la aplicación con errores: RootkitRevealer.exe, versión: 1.71.0.0, marca de tiempo: 0x44e255aa
 Nombre del módulo con errores: RootkitRevealer.exe, versión: 1.71.0.0, marca de tiempo: 0x44e255aa
 Código de excepción: 0xc0000005
 Desplazamiento de errores: 0x000040cd
 Id. del proceso con errores: 0xd80
 Hora de inicio de la aplicación con errores: 0x01d485907bfb1bc5
 Ruta de acceso de la aplicación con errores: C:\Users\Tessa\Desktop\RootkitRevealer\RootkitRevealer.exe
 Ruta de acceso del módulo con errores: C:\Users\Tessa\Desktop\RootkitRevealer\RootkitRevealer.exe
 Id. del informe: bc3b03d2-f183-11e8-ba6d-30f9edbcec26

 Error: (11/25/2018 06:42:20 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Tessa-VAIO)
 Description: Windows no encuentra el perfil local y está iniciando la sesión con un perfil temporal. Los cambios que se efectúen en este perfil se perderán cuando se cierre la sesión.

 Error: (11/25/2018 06:42:20 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Tessa-VAIO)
 Description: Windows hizo una copia de seguridad de este perfil de usuario. Windows intentará automáticamente usar la copia de seguridad del perfil la próxima vez que este usuario inicie sesión.

 Error: (11/24/2018 07:03:54 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Tessa-VAIO)
 Description: Windows no encuentra el perfil local y está iniciando la sesión con un perfil temporal. Los cambios que se efectúen en este perfil se perderán cuando se cierre la sesión.

 Error: (11/24/2018 07:03:54 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Tessa-VAIO)
 Description: Windows hizo una copia de seguridad de este perfil de usuario. Windows intentará automáticamente usar la copia de seguridad del perfil la próxima vez que este usuario inicie sesión.


 System errors:
 =============
 Error: (11/27/2018 12:19:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
 Description: El servicio Windows Search no pudo iniciarse debido al siguiente error:
 El servicio no respondió a tiempo a la solicitud de inicio o de control.

 Error: (11/27/2018 12:19:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
 Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Windows Search.

 Error: (11/27/2018 12:19:56 AM) (Source: DCOM) (EventID: 10005) (User: )
 Description: Error de DCOM "1053" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor:
 {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 Error: (11/26/2018 04:30:57 PM) (Source: DCOM) (EventID: 10010) (User: )
 Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

 Error: (11/26/2018 04:26:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
 Description: El servicio Windows Search no pudo iniciarse debido al siguiente error:
 El servicio no respondió a tiempo a la solicitud de inicio o de control.

 Error: (11/26/2018 04:26:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
 Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Windows Search.

 Error: (11/26/2018 04:26:51 PM) (Source: DCOM) (EventID: 10005) (User: )
 Description: Error de DCOM "1053" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor:
 {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 Error: (11/26/2018 04:26:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
 Description: El servicio aswbIDSAgent no pudo iniciarse debido al siguiente error:
 El servicio no respondió a tiempo a la solicitud de inicio o de control.


 ==================== Memory info ===========================

 Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
 Percentage of memory in use: 54%
 Total physical RAM: 3996.36 MB
 Available physical RAM: 1823.59 MB
 Total Virtual: 7990.86 MB
 Available Virtual: 5738.4 MB

 ==================== Drives ================================

 Drive c: () (Fixed) (Total:447 GB) (Free:201.53 GB) NTFS

 \\?\Volume{79d80838-ca44-11e8-95cd-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS
 \\?\Volume{79d80837-ca44-11e8-95cd-806e6f6e6963}\ (Recovery) (Fixed) (Total:18.41 GB) (Free:1.06 GB) NTFS

 ==================== MBR & Partition Table ==================

 ========================================================
 Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 78CBB45F)
 Partition 1: (Not Active) - (Size=18.4 GB) - (Type=27)
 Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
 Partition 3: (Not Active) - (Size=447 GB) - (Type=07 NTFS)

Gracias


#5

Hola @CxW7Gab:

Bienvenida al nuevo Foro de InfoSpyware.!!!

He mirado por arriba tus reportes y tienes aun problemas mas serios.

Error: (11/25/2018 06:42:20 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Tessa-VAIO) Description: Windows hizo una copia de seguridad de este perfil de usuario. Windows intentará automáticamente usar la copia de seguridad del perfil la próxima vez que este usuario inicie sesión.

Has tenido errores con tu usuario y abierto con [perfil temporal.] (https://www.google.com/search?client=opera&q=perfil+temporal&sourceid=opera&ie=UTF-8&oe=UTF-8)<<< te dejo alli info.

Por el momento no hagas nada aun con ello solo una copia de tu perfil >> como se indica aquí >>>https://rootear.com/windows/solucion-perfil-temporal

Guárdalo en un disco externo, otra partición o USB, tu sabrás.

Luego:

1- Para eliminar todas las herramientas que ejecutaste:

  • Descargas >> Delfix, a tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)

  • Marca solamente la casilla Remove disinfection tools

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo y pegarlo en tu próxima respuesta, luego cierra la herramienta.

2- Desinstala con Revo Uninstaller que veo que lo tienes instalado en su Modo Avanzado, todos los programas que has ejecutado en tu equipo buscando malwares.

Por ejemplo RootkitBuster, PCHhunter, RootkitRevealer, Kaspersky, Panda usbvaccine, Bitdefender LLC,

3- Por ultimo con su herramienta especifica desinstala Avast.

Reinicias, estarás sin Antivirus navega con precaución.

4- Cuando tengas todos los pasos vuelve que seguimos.

Nota: Tienes abierto en el Foro de Bleeping Computer el mismo tema.

Es importante que no hagas pasos dobles o sera contraproducente para tu equipo, sino no podre continuar.

Salu2.


#6

Hola Gracias,

Ya solicite que cancelen el tema en Bleeping computer.

Este es el reporte de DelFix


# DelFix v1.013 - Logfile created 01/12/2018 at 11:35:38
# Updated 17/04/2016 by Xplode
# Username : Tessa - TESSA-VAIO
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Tessa\Desktop\mbar
Deleted : C:\TDSSKiller.3.1.0.17_26.11.2018_09.05.33_log.txt
Deleted : C:\TDSSKiller.3.1.0.17_26.11.2018_09.11.27_log.txt
Deleted : C:\Users\Tessa\Desktop\Addition.txt
Deleted : C:\Users\Tessa\Desktop\AdwCleaner[S02]2611.txt
Deleted : C:\Users\Tessa\Desktop\adwcleaner_7.2.4.0.exe
Deleted : C:\Users\Tessa\Desktop\FRST.txt
Deleted : C:\Users\Tessa\Desktop\FRST64.exe
Deleted : C:\Users\Tessa\Desktop\JRT.exe
Deleted : C:\Users\Tessa\Desktop\JRT.txt
Deleted : C:\Users\Tessa\Desktop\JRTnov26.txt
Deleted : C:\Users\Tessa\Desktop\logmwrbnov25.txt
Deleted : C:\Users\Tessa\Desktop\RGSA.exe
Deleted : C:\Users\Tessa\Desktop\SALog.txt
Deleted : C:\Users\Tessa\Downloads\RootRepeal.zip
Deleted : C:\Users\Tessa\Downloads\tdsskiller.zip
Deleted : C:\Users\Tessa\Downloads\UsbFix_2019.exe

########## - EOF - ##########

#7

Hola:

Perfecto por acá te esperamos cuando termines con las desinstalaciones…:+1:

Salu2.


#8

Hola

Ya desinstale todos los programas que indicaste. Gracias


#9

Hola:

Pudiste hacer los pasos para guardar tu perfil por las dudas??

Como esta el ordenador??

Luego descargas Farbar nuevamente así vemos que quedo:

Realiza lo siguiente:

1.- Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. >> ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Envuelve cada uno de los reportes con la etiqueta escrita [Code] tal como se muestra en la imagen.

Nos comentas.

Esperamos esos reporte.

Salu2.


#11

Hola Gracias,

Ya respalde los archivos y genere los reportes que indicaste


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by Tessa (administrator) on TESSA-VAIO (02-12-2018 16:55:37)
Running from C:\Users\Tessa\Desktop
Loaded Profiles: Tessa (Available Profiles: Tessa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(iolo technologies, LLC) C:\Program Files\Sony\VAIO Care\Iolo\ioloTools.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1022592 2012-04-28] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885944 2012-09-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-08] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1459080146-1752181985-1471865784-1000\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [3036112 2018-11-06] (NordVPN)
HKU\S-1-5-21-1459080146-1752181985-1471865784-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2018-11-20] ()
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{221A7E51-8A45-4978-A12D-EDDF7778477A}: [NameServer] 9.9.9.9
Tcpip\..\Interfaces\{221A7E51-8A45-4978-A12D-EDDF7778477A}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F83B8505-F66F-463B-9B71-78B7CC7A17B2}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1459080146-1752181985-1471865784-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony.msn.com/
HKU\S-1-5-21-1459080146-1752181985-1471865784-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony.msn.com
HKU\S-1-5-21-1459080146-1752181985-1471865784-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.sony-latin.com/vaiohome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1459080146-1752181985-1471865784-1000 -> DefaultScope {8C569D78-1343-433C-BC4E-54CA6BF37678} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1459080146-1752181985-1471865784-1000 -> {8C569D78-1343-433C-BC4E-54CA6BF37678} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-04-28] (Atheros Commnucations)
BHO-x32: Aplicación auxiliar de inicio de sesión de Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-27] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: jm0u4abc.default
FF ProfilePath: C:\Users\Tessa\AppData\Roaming\Mozilla\Firefox\Profiles\jm0u4abc.default [2018-12-02]
FF Extension: (French spelling dictionary) - C:\Users\Tessa\AppData\Roaming\Mozilla\Firefox\Profiles\jm0u4abc.default\Extensions\[email protected] [2018-12-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-24] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default [2018-12-02]
CHR Extension: (Presentaciones) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-27]
CHR Extension: (Documentos) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-27]
CHR Extension: (Google Drive) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-27]
CHR Extension: (YouTube) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-27]
CHR Extension: (Adblock Plus) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-17]
CHR Extension: (OneTab) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2018-11-12]
CHR Extension: (ZenMate VPN - Mejor seguridad para Internet) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-11-12]
CHR Extension: (Hojas de cálculo) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-27]
CHR Extension: (Edición de Office) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-11-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-27]
CHR Extension: (Avast Online Security) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-12-02]
CHR Extension: (Botón Guardar de Pinterest) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-11-12]
CHR Extension: (PSafe Segurança Online) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\higfhiimhkcmfppmdckdpkdcdolcjooo [2018-11-12]
CHR Extension: (Xodo PDF Viewer & Editor) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihgdgpjankaehldoaimdlekdidkjfghe [2018-11-12]
CHR Extension: (HTML5 Virtual Classroom - Screen Sharing) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihglikcoelelbbcpahhhfomehdeefmnc [2018-11-12]
CHR Extension: (Cisco Webex Extension) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-11-12]
CHR Extension: (Grammarly for Chrome) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-12-02]
CHR Extension: (Proxy VPN gratis Hotspot Shield: desbloqueo de sitios) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2018-11-12]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-27]
CHR Extension: (SurfEasy VPN - Seguridad, Privacidad, Desbloquear) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiddbcijempnhhobijfbggjogofdlgl [2018-11-12]
CHR Extension: (TunnelBear VPN) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-11-12]
CHR Extension: (Gmail) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-27]
CHR Profile: C:\Users\Tessa\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [119424 2012-04-28] (Atheros Commnucations) [File not signed]
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [474112 2018-03-15] (Intel Corporation) [File not signed]
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [437200 2018-11-06] ()
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
S3 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1667056 2018-03-19] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2018-06-07] (The OpenVPN Project)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BTATH_VDP; system32\drivers\btath_vdp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



#12

la continuacion


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-02 16:55 - 2018-12-02 16:56 - 000018296 _____ C:\Users\Tessa\Desktop\FRST.txt
2018-12-02 16:54 - 2018-12-02 16:55 - 000000000 ____D C:\FRST
2018-12-02 16:53 - 2018-12-02 16:53 - 002417152 _____ (Farbar) C:\Users\Tessa\Desktop\FRST64.exe
2018-12-01 11:38 - 2018-12-01 11:38 - 000001145 _____ C:\Users\Tessa\Desktop\DelFix.txt
2018-11-26 09:20 - 2018-11-26 09:20 - 000000000 ____D C:\Users\Tessa\Desktop\PCHunter_free
2018-11-26 09:04 - 2018-11-26 09:04 - 000000000 ____D C:\Users\Tessa\Downloads\TMRBLog
2018-11-26 09:01 - 2018-11-26 09:01 - 000000000 ____D C:\Users\Tessa\Desktop\RootkitRevealer
2018-11-25 00:56 - 2018-11-25 00:56 - 000001538 _____ C:\Users\Tessa\Desktop\Malwarebytes251118.txt
2018-11-24 19:11 - 2018-11-24 19:11 - 000000000 ____D C:\ProgramData\NordVpn
2018-11-22 12:35 - 2018-11-22 12:36 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET4A19.tmp
2018-11-21 15:29 - 2018-11-21 15:29 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5256B411.sys
2018-11-21 13:59 - 2018-11-21 14:00 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.0
2018-11-21 13:59 - 2018-11-21 13:59 - 000001570 _____ C:\Users\Public\Desktop\LibreOffice 6.0.lnk
2018-11-21 13:44 - 2018-11-21 13:44 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
2018-11-21 13:44 - 2018-11-21 13:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-11-21 13:42 - 2018-11-21 13:42 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-21 12:00 - 2018-11-21 15:12 - 000000000 ____D C:\Program Files\Common Files\AV
2018-11-21 11:56 - 2018-11-21 15:15 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-11-21 11:53 - 2018-11-21 11:54 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-11-20 20:37 - 2018-11-20 20:43 - 000000000 ____D C:\Rem-VBSqt
2018-11-20 19:21 - 2018-11-20 19:21 - 000768736 _____ C:\Users\Tessa\Downloads\Download Rem-VBSworm.pdf
2018-11-19 23:03 - 2018-11-19 23:03 - 000092274 _____ C:\Users\Tessa\Desktop\Disabling Windows Script Host _ Microsoft Docs.pdf
2018-11-19 20:43 - 2018-11-19 20:43 - 000090062 _____ C:\Users\Tessa\Desktop\Event ID 10 is logged in the Applicatio...pdf
2018-11-19 19:25 - 2018-12-01 23:30 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-11-19 19:25 - 2018-11-22 15:49 - 000002812 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-11-19 19:25 - 2018-11-19 19:25 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-19 19:25 - 2018-11-19 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-11-19 19:10 - 2018-11-19 19:10 - 001206768 _____ (Adobe Systems Incorporated) C:\Users\Tessa\Downloads\flashplayer31_xa_install.exe
2018-11-19 18:54 - 2018-11-19 18:54 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2018-11-19 15:57 - 2018-11-19 15:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Sony Corporation
2018-11-19 15:52 - 2018-11-19 17:35 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\NordVPN
2018-11-19 15:52 - 2018-11-19 16:26 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\LocalLow\Mozilla
2018-11-19 15:51 - 2018-11-19 15:58 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Mozilla
2018-11-19 15:51 - 2018-11-19 15:52 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Mozilla
2018-11-19 15:51 - 2018-11-19 15:51 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\AVAST Software
2018-11-19 15:51 - 2018-11-19 15:51 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\CEF
2018-11-19 15:49 - 2018-11-19 15:49 - 000099784 _____ C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Intel Corporation
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Atheros
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Adobe
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Google
2018-11-19 15:48 - 2018-11-19 17:35 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Sony Corporation
2018-11-19 15:48 - 2018-11-19 15:48 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\mbamtray
2018-11-19 15:47 - 2018-11-19 17:37 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Reciente
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Plantillas
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Mis documentos
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Menú Inicio
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Impresoras
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Entorno de red
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mis vídeos
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mis imágenes
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mi música
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Datos de programa
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Configuración local
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Historial
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Datos de programa
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Archivos temporales de Internet
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\VirtualStore
2018-11-19 15:47 - 2012-02-23 23:01 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Media Center Programs
2018-11-17 22:21 - 2018-11-20 23:06 - 000000000 ____D C:\Users\Tessa\Documents\c
2018-11-17 22:21 - 2018-11-20 11:04 - 000000000 ____D C:\Users\Tessa\Documents\Nueva carpeta
2018-11-16 17:32 - 2018-11-16 17:33 - 003426208 _____ (NordVPN) C:\Users\Tessa\Downloads\NordVPNTapSetup.exe
2018-11-16 16:35 - 2018-10-17 21:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-16 16:35 - 2018-10-17 21:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-16 16:35 - 2018-10-12 14:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-16 16:35 - 2018-10-11 20:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-16 16:34 - 2018-11-10 20:29 - 005551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-16 16:34 - 2018-11-10 20:28 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-11-16 16:34 - 2018-11-10 20:28 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-11-16 16:34 - 2018-11-10 20:28 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-11-16 16:34 - 2018-11-10 20:28 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-11-16 16:34 - 2018-11-10 20:27 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-11-16 16:34 - 2018-11-10 20:27 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-11-16 16:34 - 2018-11-10 20:26 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-11-16 16:34 - 2018-11-10 20:26 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-11-16 16:34 - 2018-11-10 20:26 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-11-16 16:34 - 2018-11-10 20:26 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-11-16 16:34 - 2018-11-10 20:24 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-11-16 16:34 - 2018-11-10 20:24 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-16 16:34 - 2018-11-10 20:24 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-11-16 16:34 - 2018-11-10 20:14 - 004054248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-11-16 16:34 - 2018-11-10 20:14 - 003960040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-11-16 16:34 - 2018-11-10 20:12 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-11-16 16:34 - 2018-11-10 20:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-16 16:34 - 2018-11-10 20:11 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-16 16:34 - 2018-11-10 20:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-11-16 16:34 - 2018-11-10 20:11 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-11-16 16:34 - 2018-11-10 20:10 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-16 16:34 - 2018-11-10 20:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-11-16 16:34 - 2018-11-10 20:10 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-11-16 16:34 - 2018-11-10 20:10 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-16 16:34 - 2018-11-10 20:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-11-16 16:34 - 2018-11-10 20:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-16 16:34 - 2018-11-10 19:52 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-11-16 16:34 - 2018-11-10 19:48 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-11-16 16:34 - 2018-11-10 19:47 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-11-16 16:34 - 2018-11-10 19:44 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-11-16 16:34 - 2018-11-10 19:44 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-11-16 16:34 - 2018-11-10 19:43 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-11-16 16:34 - 2018-10-26 22:42 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-16 16:34 - 2018-10-26 22:42 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-16 16:34 - 2018-10-26 22:42 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-16 16:34 - 2018-10-26 22:42 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2018-11-16 16:34 - 2018-10-26 22:41 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-16 16:34 - 2018-10-26 22:27 - 000173568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-11-16 16:34 - 2018-10-26 22:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-16 16:34 - 2018-10-26 22:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-11-16 16:34 - 2018-10-26 22:11 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-16 16:34 - 2018-10-26 22:11 - 000156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-16 16:34 - 2018-10-26 22:05 - 003227648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-16 16:34 - 2018-10-26 22:04 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-11-16 16:34 - 2018-10-26 22:04 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-11-16 16:34 - 2018-10-26 22:04 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2018-11-16 16:34 - 2018-10-26 22:04 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dispex.dll
2018-11-16 16:34 - 2018-10-18 14:49 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-11-16 16:34 - 2018-10-18 13:51 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-11-16 16:34 - 2018-10-12 15:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-16 16:34 - 2018-10-12 15:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-11-16 16:34 - 2018-10-12 14:55 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-11-16 16:34 - 2018-10-12 14:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-16 16:34 - 2018-10-12 14:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-16 16:34 - 2018-10-11 21:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-16 16:34 - 2018-10-11 21:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-16 16:34 - 2018-10-11 20:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-16 16:34 - 2018-10-11 20:54 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-11-16 16:34 - 2018-10-11 20:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-16 16:34 - 2018-10-11 20:26 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-11-16 16:34 - 2018-10-11 20:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-16 16:34 - 2018-10-11 20:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-16 16:34 - 2018-10-06 11:02 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-16 16:34 - 2018-10-06 08:42 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-11-16 16:34 - 2018-10-06 08:05 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-16 16:34 - 2018-09-22 21:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-16 16:34 - 2018-09-22 21:37 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-11-16 16:34 - 2018-09-22 21:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-11-16 16:34 - 2018-09-22 21:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-11-16 16:34 - 2018-09-22 21:34 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-16 16:34 - 2018-09-22 21:34 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-16 16:34 - 2018-09-22 21:33 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-16 16:34 - 2018-09-22 21:22 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-16 16:34 - 2018-09-22 21:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-16 16:34 - 2018-09-22 21:21 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-16 16:34 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
2018-11-16 16:34 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\system32\locale.nls
2018-11-16 16:33 - 2018-11-10 20:26 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-11-16 16:33 - 2018-11-10 20:25 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-11-16 16:33 - 2018-11-10 20:25 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-11-16 16:33 - 2018-11-10 20:10 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-11-16 16:33 - 2018-11-10 20:10 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-11-16 16:33 - 2018-11-10 20:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-11-16 16:33 - 2018-11-10 20:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 19:53 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-11-16 16:33 - 2018-11-10 19:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-11-16 16:33 - 2018-11-10 19:53 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-11-16 16:33 - 2018-11-10 19:48 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-11-16 16:33 - 2018-11-10 19:47 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-11-16 16:33 - 2018-11-10 19:45 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-11-16 16:33 - 2018-11-10 19:44 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-11-16 16:33 - 2018-11-10 19:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-11-16 16:33 - 2018-11-10 19:41 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-11-16 16:33 - 2018-11-10 19:40 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-11-16 16:33 - 2018-11-10 19:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 19:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-16 16:33 - 2018-10-12 15:25 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-11-16 16:33 - 2018-10-12 15:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-16 16:33 - 2018-10-12 15:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-16 16:33 - 2018-10-12 14:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-11-16 16:33 - 2018-10-12 14:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-16 16:33 - 2018-10-12 14:55 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-11-16 16:33 - 2018-10-11 21:10 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-11-16 16:33 - 2018-10-11 21:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-16 16:33 - 2018-10-11 20:59 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-11-16 16:33 - 2018-10-11 20:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-16 16:33 - 2018-10-11 20:51 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-11-16 16:33 - 2018-10-11 20:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-11-16 16:33 - 2018-10-11 20:42 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-11-16 16:33 - 2018-10-11 20:40 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-11-16 16:33 - 2018-10-11 20:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-16 16:33 - 2018-10-11 20:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-16 16:33 - 2018-10-11 20:26 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-11-16 16:33 - 2018-10-11 19:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-16 16:33 - 2018-09-22 21:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-11-16 16:32 - 2018-11-10 20:25 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-11-16 16:32 - 2018-11-10 20:25 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-11-16 16:32 - 2018-11-10 20:25 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-11-16 16:32 - 2018-11-10 20:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-11-16 16:32 - 2018-11-10 20:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 19:41 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-11-16 16:32 - 2018-11-10 19:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-11-16 16:32 - 2018-11-10 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-11-16 16:32 - 2018-10-12 15:36 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-11-16 16:32 - 2018-10-12 15:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-11-16 16:32 - 2018-10-12 15:25 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-11-16 16:32 - 2018-10-12 15:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-11-16 16:32 - 2018-10-12 15:20 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-11-16 16:32 - 2018-10-12 15:20 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-11-16 16:32 - 2018-10-12 15:18 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-11-16 16:32 - 2018-10-12 15:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-11-16 16:32 - 2018-10-12 15:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-11-16 16:32 - 2018-10-12 15:11 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-11-16 16:32 - 2018-10-12 15:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-11-16 16:32 - 2018-10-12 15:07 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-11-16 16:32 - 2018-10-12 15:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-11-16 16:32 - 2018-10-12 15:05 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-11-16 16:32 - 2018-10-12 15:04 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-11-16 16:32 - 2018-10-12 15:03 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-11-16 16:32 - 2018-10-12 15:02 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-11-16 16:32 - 2018-10-12 14:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-16 16:32 - 2018-10-11 21:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-11-16 16:32 - 2018-10-11 21:11 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-11-16 16:32 - 2018-10-11 21:10 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-11-16 16:32 - 2018-10-11 21:10 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-11-16 16:32 - 2018-10-11 21:04 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-11-16 16:32 - 2018-10-11 21:03 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-11-16 16:32 - 2018-10-11 21:00 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-11-16 16:32 - 2018-10-11 21:00 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-11-16 16:32 - 2018-10-11 20:46 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-11-16 16:32 - 2018-10-11 20:45 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-11-16 16:32 - 2018-10-11 20:44 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-11-16 16:32 - 2018-10-11 20:38 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-11-16 16:32 - 2018-09-22 21:54 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-11-16 16:32 - 2018-09-22 21:54 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-11-16 16:32 - 2018-09-22 21:54 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2018-11-16 16:32 - 2018-09-22 21:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2018-11-16 16:32 - 2018-09-22 21:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2018-11-16 16:32 - 2018-09-22 21:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2018-11-16 16:32 - 2018-09-22 21:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2018-11-16 16:32 - 2018-09-22 21:21 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2018-11-16 16:31 - 2018-10-11 21:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-11-16 15:05 - 2018-11-16 15:05 - 000000000 ____D C:\ProgramData\Caphyon
2018-11-16 15:04 - 2018-11-16 15:04 - 000001913 _____ C:\Users\Public\Desktop\NordVPN.lnk
2018-11-16 14:54 - 2018-11-16 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2018-11-15 23:52 - 2018-11-15 23:52 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\iolo
2018-11-15 23:03 - 2018-11-15 23:04 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\NordVPN
2018-11-15 23:02 - 2018-11-15 23:02 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\AVAST Software
2018-11-15 23:02 - 2018-11-15 23:02 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\CEF
2018-11-15 23:01 - 2018-11-15 23:05 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\Sony Corporation
2018-11-15 22:57 - 2018-11-15 23:20 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\Google
2018-11-15 22:57 - 2018-11-15 22:57 - 000099784 _____ C:\Users\TEMP.Tessa-VAIO\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-15 22:57 - 2018-11-15 22:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Intel Corporation
2018-11-15 22:57 - 2018-11-15 22:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Atheros
2018-11-15 22:56 - 2018-11-16 14:32 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Sony Corporation
2018-11-15 22:56 - 2018-11-15 22:56 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Adobe
2018-11-15 22:56 - 2018-11-15 22:56 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\mbamtray
2018-11-15 22:55 - 2018-11-16 14:37 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Reciente
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Plantillas
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Mis documentos
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Menú Inicio
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Impresoras
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Entorno de red
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Documents\Mis vídeos
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Documents\Mis imágenes
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Documents\Mi música
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Datos de programa
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Configuración local
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Local\Historial
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Local\Datos de programa
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Local\Archivos temporales de Internet
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\VirtualStore
2018-11-15 22:55 - 2012-02-23 23:01 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Media Center Programs
2018-11-15 16:27 - 2018-11-15 16:27 - 000352455 _____ C:\Users\Tessa\Desktop\151118t.pdf
2018-11-15 01:47 - 2018-11-17 00:18 - 001726925 _____ C:\Users\Tessa\Desktop\Conexiones_establecidas.txt
2018-11-15 01:47 - 2018-11-15 01:47 - 000000073 _____ C:\Users\Tessa\Desktop\forma.txt
2018-11-12 21:23 - 2018-11-21 15:12 - 000000000 ____D C:\Users\TEMP
2018-11-12 12:14 - 2018-11-12 12:14 - 000000000 ____D C:\Users\Tessa\Desktop\print
2018-11-12 12:12 - 2018-11-12 16:21 - 000000000 ____D C:\Users\Tessa\Desktop\jobs 2018
2018-11-12 12:10 - 2018-11-16 22:10 - 000000000 ____D C:\Users\Tessa\Desktop\CVs
2018-11-12 12:04 - 2018-11-12 12:41 - 2899411939 _____ C:\Users\Tessa\Downloads\20170930_173528-003.mp4
2018-11-12 12:03 - 2018-11-12 12:35 - 2133097695 _____ C:\Users\Tessa\Downloads\takeout-20181112T155821Z-001.zip
2018-11-12 12:03 - 2018-11-12 12:11 - 446803740 _____ C:\Users\Tessa\Downloads\takeout-20181112T155821Z-002.zip
2018-11-12 01:06 - 2018-11-12 01:06 - 001217236 _____ C:\Users\Tessa\Downloads\takeout-20181112T060510Z-001.zip
2018-11-11 20:56 - 2018-11-24 19:11 - 000000000 ____D C:\Users\Tessa\AppData\Local\NordVPN
2018-11-11 20:53 - 2018-11-16 15:04 - 000000000 ____D C:\Program Files (x86)\NordVPN
2018-11-11 20:44 - 2018-11-16 14:32 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\NordVPN
2018-11-11 20:43 - 2018-11-11 20:43 - 013579176 _____ (NordVPN) C:\Users\Tessa\Downloads\NordVPNSetup.exe
2018-11-08 22:04 - 2018-11-16 17:21 - 000000000 ____D C:\Program Files\Google
2018-11-08 22:04 - 2018-11-08 22:07 - 000000000 ____D C:\Program Files\Recuva
2018-11-08 22:04 - 2018-11-08 22:04 - 000001658 _____ C:\Users\Public\Desktop\Recuva.lnk
2018-11-08 22:04 - 2018-11-08 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2018-11-08 10:23 - 2018-12-01 11:35 - 000001145 _____ C:\DelFix.txt
2018-11-08 10:23 - 2018-11-08 10:23 - 000000000 ____D C:\Windows\ERUNT
2018-11-06 00:54 - 2018-11-06 00:54 - 000002338 _____ C:\Users\Tessa\Desktop\as_15C9.tmp.txt
2018-11-06 00:53 - 2018-11-06 00:53 - 000002338 _____ C:\Users\Tessa\Desktop\as_7880.tmp.txt
2018-11-05 00:32 - 2018-11-05 00:32 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-11-05 00:32 - 2018-11-05 00:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-11-05 00:32 - 2018-11-05 00:32 - 000000000 ____D C:\Program Files\VS Revo Group
2018-11-03 10:20 - 2018-11-22 15:49 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-03 10:17 - 2018-11-19 19:34 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-03 10:17 - 2018-11-03 10:17 - 000002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2018-11-03 10:15 - 2018-11-03 10:15 - 000000000 ____D C:\Program Files (x86)\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-02 16:53 - 2018-10-08 10:38 - 000000000 ____D C:\Users\Tessa\AppData\LocalLow\Mozilla
2018-12-02 16:52 - 2009-07-13 23:45 - 000021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-02 16:52 - 2009-07-13 23:45 - 000021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-02 16:37 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-01 23:33 - 2018-10-08 10:23 - 000000000 ____D C:\Users\Tessa\AppData\Local\AVAST Software
2018-12-01 23:33 - 2018-10-08 10:12 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-01 23:30 - 2018-10-08 10:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-01 23:28 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-12-01 12:02 - 2018-10-08 10:38 - 000000000 ____D C:\Users\Tessa\AppData\Local\CrashDumps
2018-12-01 11:29 - 2018-10-07 11:18 - 000747970 _____ C:\Windows\system32\perfh00A.dat
2018-12-01 11:29 - 2018-10-07 11:18 - 000159410 _____ C:\Windows\system32\perfc00A.dat
2018-12-01 11:29 - 2009-07-14 00:13 - 001678218 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-27 00:08 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-11-26 23:58 - 2018-10-12 19:20 - 000000000 ____D C:\Users\Tessa\AppData\Local\ElevatedDiagnostics
2018-11-26 18:17 - 2018-10-27 12:11 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-26 18:17 - 2018-10-27 12:11 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-24 22:29 - 2018-10-08 11:30 - 000004494 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-24 22:29 - 2018-10-07 12:03 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-11-24 22:29 - 2018-10-07 12:03 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-24 22:29 - 2018-10-07 12:03 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-11-24 22:29 - 2018-10-07 12:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-24 22:29 - 2018-10-07 12:03 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-22 15:49 - 2018-10-27 12:08 - 000003534 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-22 15:49 - 2018-10-27 12:08 - 000003406 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-22 15:49 - 2018-10-15 09:37 - 000003138 _____ C:\Windows\System32\Tasks\{7E8C366A-D0AC-47E9-A58A-9C90B2BE827F}
2018-11-22 15:49 - 2018-10-08 10:21 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-11-22 15:49 - 2018-10-07 11:56 - 000003886 _____ C:\Windows\System32\Tasks\VHDInformationCheck
2018-11-21 16:18 - 2018-10-28 22:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-11-21 15:18 - 2009-07-13 23:45 - 000442240 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-21 15:09 - 2018-10-07 12:22 - 000101416 _____ C:\Users\Tessa\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-21 14:00 - 2018-10-12 00:26 - 000000000 ____D C:\Program Files\LibreOffice
2018-11-21 09:31 - 2018-10-28 22:07 - 000954296 _____ C:\Windows\ntbtlog.txt
2018-11-20 19:20 - 2018-10-14 17:03 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\PrimoPDF
2018-11-20 14:56 - 2018-10-08 10:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-20 14:56 - 2018-10-08 10:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-20 09:57 - 2009-07-14 00:08 - 000032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-11-19 19:32 - 2018-10-10 23:49 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\Skype
2018-11-19 19:25 - 2018-10-08 10:29 - 000000000 ____D C:\Program Files\CCleaner
2018-11-19 19:18 - 2018-10-08 17:42 - 000000000 ____D C:\Users\Tessa\AppData\Local\Adobe
2018-11-19 17:40 - 2018-10-25 09:16 - 000000000 ____D C:\Users\Tere.Tessa-VAIO
2018-11-19 17:39 - 2018-10-07 12:22 - 000000000 ____D C:\Users\Tessa
2018-11-19 17:35 - 2018-10-18 20:47 - 000000000 ____D C:\ProgramData\Atheros
2018-11-19 17:35 - 2018-10-07 11:04 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
2018-11-19 17:35 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\AppCompat
2018-11-19 17:34 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-11-16 17:21 - 2018-10-08 10:24 - 000000000 ____D C:\Program Files (x86)\Google
2018-11-16 17:12 - 2018-10-10 11:00 - 000000000 ____D C:\Windows\system32\MRT
2018-11-16 16:54 - 2018-10-10 10:59 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-11-16 16:46 - 2011-02-10 18:03 - 001652804 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-11-16 16:22 - 2018-10-08 10:24 - 000000000 ____D C:\Users\Tessa\AppData\Local\Google
2018-11-16 14:34 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-11-16 14:32 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-11-09 01:43 - 2018-10-07 12:40 - 000000000 ____D C:\Users\Public\Documents\Songs
2018-11-07 09:55 - 2018-10-07 13:21 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\iolo
2018-11-03 10:22 - 2018-10-08 17:42 - 000000000 ____D C:\Users\Tessa\AppData\LocalLow\Adobe
2018-11-03 10:14 - 2018-10-07 12:03 - 000000000 ____D C:\ProgramData\Adobe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-14 15:21

==================== End of FRST.txt ============================


#13

Y Addition


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by Tessa (02-12-2018 16:57:17)
Running from C:\Users\Tessa\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2018-10-07 17:22:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1459080146-1752181985-1471865784-500 - Administrator - Disabled)
Invitado (S-1-5-21-1459080146-1752181985-1471865784-501 - Limited - Disabled)
Tere (S-1-5-21-1459080146-1752181985-1471865784-1003 - Limited - Enabled)
Tessa (S-1-5-21-1459080146-1752181985-1471865784-1000 - Administrator - Enabled) => C:\Users\Tessa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACID Music Studio 8.0 (HKLM-x32\...\{7B70781E-6D04-11E0-A566-005056C00008}) (Version: 8.0.178 - Sony)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.457 - ArcSoft)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.135 - Atheros)
BPCx64 (HKLM\...\{C25C68CF-E4A1-4B6F-9F28-5559264F23FD}) (Version: 1.0.0 - Sony Corporation) Hidden
BPCx86 (HKLM-x32\...\{F5802A74-7CAF-42E7-AC98-BB8D99B90C7D}) (Version: 1.0.0 - Sony Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diagnóstico de ventilador de CPU VAIO (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
DVD Architect Studio 5.0 (HKLM-x32\...\{7AFBA1EE-24FE-11E1-A28A-F04DA23A5C58}) (Version: 5.0.157 - Sony)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
FDUx86 (HKLM-x32\...\{3490653F-2789-46A1-B1BF-6BD4CF4131AB}) (Version: 1.0.0 - Sony Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KUx86 (HKLM-x32\...\{6FD21053-829D-40E7-B04C-CAFB7D5CD025}) (Version: 1.0.0 - Sony Corporation ) Hidden
LibreOffice 6.0.7.3 (HKLM\...\{54B10C43-7DD3-4C32-B0D1-9F90C9FBB6E3}) (Version: 6.0.7.3 - The Document Foundation)
Manual de VAIO (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.3.0.12300 - Sony Corporation)
Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.2.3.04170 - Sony Corporation)
Media Go (HKLM-x32\...\{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}) (Version: 2.0.317 - Sony)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NordVPN (HKLM-x32\...\{A19C08C0-A154-4055-ADC1-F36BE5758EA6}) (Version: 6.18.9 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.18.9) (Version: 6.18.9 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.1.01.14210 - Sony Corporation)
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.5.15.13232 - Sony Computer Entertainment Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Qualcomm Atheros Direct Connect (HKLM-x32\...\{21DD6041-7251-40FA-9D06-C5EB30268E0F}) (Version: 3.1 - Qualcomm Atheros) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.91 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Remote Keyboard (HKLM-x32\...\{6466EF6E-700E-470F-94CB-D0050302C84E}) (Version: 1.2.0.09270 - Sony Corporation) Hidden
Remote Play with PlayStation(R)3 (HKLM-x32\...\{D56DA747-5FDB-4AD5-9A6A-3481C0ED44BD}) (Version: 1.1.0.21090 - Sony Corporation) Hidden
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Skype versión 8.34 (HKLM-x32\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18091.6 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18091.6 - Samsung Electronics Co., Ltd.)
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{0B5CD700-A1D3-11E0-AD24-005056C00008}) (Version: 10.0.176 - Sony)
Spotify (HKU\S-1-5-21-1459080146-1752181985-1471865784-1000\...\Spotify) (Version: 1.0.88.353.g15c26ea1 - Spotify AB)
SSLx64 (HKLM\...\{312395BC-7CC2-434C-A660-30250276A926}) (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (HKLM-x32\...\{63C43435-F428-42BA-8E7B-5848749D9262}) (Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.6 - Synaptics Incorporated)
TrackID(TM) with BRAVIA (HKLM-x32\...\{858B32BD-121C-4AC8-BD87-CE37C51C03E2}) (Version: 1.2.0.09270 - Sony Corportaion) Hidden
V3DPx86 (HKLM-x32\...\{D4E7BB46-310E-4A21-B261-052A5997EA2F}) (Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.01.03310 - Sony Corporation)
VAIO - Teclado a distancia (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Teclado a distancia con PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation)
VAIO - TrackID™ con BRAVIA (HKLM-x32\...\{2F41EF61-A066-4EBF-84F8-21C1B317A780}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Uso a distancia con PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.21090 - Sony Corporation)
VAIO 3D Portal (HKLM-x32\...\{C14EAE86-C526-4E00-B245-CFF86233C3D2}) (Version: 1.2.0.10131 - Sony Corporation)
VAIO Care (HKLM\...\{CFF47016-B212-4D89-8DC2-15D5508A73BA}) (Version: 8.4.6.05111 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.1.15070 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{5156C9BF-1C27-430B-96D8-7129F11699A8}) (Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.9.0.13190 - Sony Corporation)
VAIO Easy Connect (HKLM-x32\...\{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.2.02200 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{AE5F3379-8B81-457E-8E09-7E61D941AFA4}) (Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.5.2.02090 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 1.0.0.12300 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{C8544A9A-76BE-4F82-811E-979799AE493B}) (Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{C9EFF66F-B0CF-4B1A-9371-2FC647658CDF}) (Version: 17.00.0109 - Sony Corporation)
VAIO OOBE (HKLM-x32\...\{D9777637-33B7-47A9-800C-F6A2CD4EB0FE}) (Version: 12.2.1.2483 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.0.09010 - Sony Corporation)
VAIO Satisfaction Survey. (HKLM-x32\...\VAIO Satisfaction Survey.3.0) (Version: 3.0 - Sony Electronics Inc.)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.14.1.07010 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.7.1.06040 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.3.0.03150 - Sony Corporation)
VCCx64 (HKLM\...\{549AD5FB-F52D-4307-864A-C0008FB35D96}) (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (HKLM-x32\...\{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}) (Version: 1.0.0 - Sony Corporation) Hidden
Vegas Movie Studio HD Platinum 11.0 (HKLM-x32\...\{CF30A821-F384-11E0-AC56-F04DA23A5C58}) (Version: 11.0.256 - Sony)
VGClientX64 (HKLM\...\{99E6C2F3-59B2-4308-B1CD-4928B55B7E30}) (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (HKLM-x32\...\{8B583EF5-FA7B-4AE2-9008-51B7FD505886}) (Version: 1.0.0 - Sony Corporation) Hidden
VHD (HKLM-x32\...\{DB1A3EA7-0C25-4BEC-A108-176195190369}) (Version: 1.0.0 - Microsoft) Hidden
VMLx86 (HKLM-x32\...\{7E5A5CA6-B7D0-406E-A75E-157CAB47EB94}) (Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (HKLM\...\{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}) (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (HKLM\...\{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}) (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (HKLM-x32\...\{A49A517F-5332-4665-922C-6D9AD31ADD4F}) (Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (HKLM\...\{4F31AC31-0A28-4F5A-8416-513972DA1F79}) (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (HKLM-x32\...\{B24BB74E-8359-43AA-985A-8E80C9219C70}) (Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (HKLM\...\{6B7DE186-374B-4873-AEC1-7464DA337DD6}) (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (HKLM-x32\...\{9D12A8B5-9D41-4465-BF11-70719EB0CD02}) (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (HKLM-x32\...\{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}) (Version: 1.0.0 - Sony Corporation ) Hidden
VUx64 (HKLM\...\{A0A2BE14-D3FF-41C8-9545-4B130E3FE9A4}) (Version: 1.2.0 - Sony Corporation) Hidden
VUx86 (HKLM-x32\...\{D04F1D22-4A47-42C6-A2B9-094A7B844D9B}) (Version: 1.2.0 - Sony Corporation) Hidden
VWSTx86 (HKLM-x32\...\{B8991D99-88FD-41F2-8C32-DB70278D5C30}) (Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2012-04-28] (Atheros Commnucations)
ContextMenuHandlers2: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => C:\Program Files\Sony\VAIO Gate\VAIOGateShellExt.dll [2012-02-20] (Sony Corporation)
ContextMenuHandlers3: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => C:\Program Files\Sony\VAIO Gate\VAIOGateShellExt.dll [2012-02-20] (Sony Corporation)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2012-04-28] (Atheros Commnucations)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-14] (Intel Corporation)
ContextMenuHandlers6: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => C:\Program Files\Sony\VAIO Gate\VAIOGateShellExt.dll [2012-02-20] (Sony Corporation)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07D4F11D-21E2-4FE1-B673-DFC619389BAC} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {084525E5-75F5-4D13-81FF-CFC4C9F30E5C} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {0FBA313F-42DA-4DB5-A040-91E382DAEE2A} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {1048CA66-C882-4970-9007-064408EB1925} - System32\Tasks\Sony Corporation\BP Checker\CheckBPStatusLogon => C:\Program Files\Sony\BP Checker\BPChecker.exe [2016-11-29] (Sony Corporation)
Task: {15DD8226-6DBA-406A-A5A2-1A08EE28B796} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {26372C46-8C8B-4558-8EE4-68257101FF39} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net [Argument = start VSNService]
Task: {40D48C07-F523-497A-B0EE-07022C8ED30B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {4A505F33-30AC-474B-BDDB-99E40C36357B} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {4F290FB1-72EE-4F81-8549-0FE083A1983C} - System32\Tasks\Sony Corporation\VAIO Care\VKSvcWeekly => C:\Program Files\Sony\VAIO Care\VAIOTM\VKSvc.exe [2017-04-19] (Sony Corporation)
Task: {505077DF-9A2F-4AFB-8A8A-FC775FDC6226} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2017-05-11] (Sony Corporation)
Task: {52031DBA-5DC9-403B-A3CD-E2E585CA0D26} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
Task: {5E206916-93CB-49CA-8EA3-DC7A90C4E99A} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {6103856B-42BE-400E-98B5-6D6138B2BED4} - System32\Tasks\Sony Corporation\BP Checker\CheckBPStatusCreate => C:\Program Files\Sony\BP Checker\BPChecker.exe [2016-11-29] (Sony Corporation)
Task: {6C90173C-8304-4123-B686-B1FA51EFE362} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {74299DA7-D5FA-49A3-B54A-8976C0B3C77D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-27] (Google Inc.)
Task: {74EDED6D-7856-4718-9E6A-33D848B6704C} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {7595B397-6E6E-4DF5-8F66-AB0CADA1957C} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2017-05-11] (Sony Corporation)
Task: {75E34B38-9A90-486C-8F2B-5135AADDA9CB} - System32\Tasks\Sony Corporation\VAIO Care\VTUsr => C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe [2017-04-19] (Sony Corporation)
Task: {7BEAC51A-D18F-42C1-B8F5-C7EF11286EA3} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {866E4782-9C98-414F-B185-ABEB39F02098} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {87C2E7FE-508F-4676-BFF1-D9477F562F7F} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {89879B9E-DEBC-4A26-AC4E-75F56B45A85E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-29] (AVAST Software)
Task: {89EDE9DD-280E-485B-A98C-4BFA6311ACB3} - System32\Tasks\{7E8C366A-D0AC-47E9-A58A-9C90B2BE827F} => C:\Windows\system32\pcalua.exe -a C:\Users\Tessa\Documents\SmartSwitchPC.exe -d C:\Users\Tessa\Documents
Task: {8A7027FC-8312-428D-8B9C-31FA2560FC60} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {9109A380-1506-4BD4-AE19-03D32002C748} - System32\Tasks\Sony Corporation\VAIO Care\VKSvcDaily => C:\Program Files\Sony\VAIO Care\VAIOTM\VKSvc.exe [2017-04-19] (Sony Corporation)
Task: {A99288BF-6911-49FA-8ED0-28F93C0BA5DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-27] (Google Inc.)
Task: {B24AA1A0-DCE7-4698-BAF4-61B8E201F5BA} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VSScheduler.exe [2010-12-09] (Sony Electronics Inc.)
Task: {BFA8E6CA-9FF8-4E19-97CD-DA8FE3853233} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2018-03-19] (Sony Corporation)
Task: {C07431C5-8617-4160-A348-B2B29B4317A9} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {C17BBA68-0D91-4E4F-9D39-F1FDC9C3BDD2} - System32\Tasks\Sony\OOBESendInfo => C:\Program Files (x86)\Sony\OOBE\OOBESendInfo.exe [2012-03-15] (Sony Electronics Inc.)
Task: {C663A0C2-E06A-400F-93C9-620F731AD661} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
Task: {C79581F6-1C32-4B76-967A-08DF80E8C800} - System32\Tasks\Sony Corporation\VAIO Care\VTSvc => C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe [2017-04-19] (Sony Corporation)
Task: {CF18D41C-14C8-480D-8988-8FCB69AC7939} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2018-03-07] (Sony Corporation)
Task: {D23D6C89-5695-4D8C-A9DF-429D91BB96A8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-24] (Adobe Systems Incorporated)
Task: {EB02960E-62C9-4279-9B9C-D24C72637B0E} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {EC40A017-02CF-46B6-B5DD-EF27B70A6D8B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {F3CCC81E-5CC5-4AC3-8F46-BDA8B5B14402} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-24] (Adobe Systems Incorporated)
Task: {F618CC18-8694-4767-A91B-DA8E7A680546} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2018-03-19] (Sony Corporation)
Task: {FE182E5A-333D-4078-BC14-7FD9621BF443} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-10-08 10:40 - 2015-09-01 08:41 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
2018-10-07 10:54 - 2012-03-13 11:01 - 000128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2018-11-06 06:56 - 2018-11-06 06:56 - 000437200 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2012-03-14 15:54 - 2012-03-14 02:57 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-05-24 07:45 - 2018-05-24 07:45 - 000250368 _____ () C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
2018-10-07 11:52 - 2012-03-07 18:57 - 000021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2018-11-19 21:24 - 2018-11-19 21:24 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\318f4e270844db14015db593913440b1\IsdiInterop.ni.dll
2018-10-07 10:58 - 2011-11-29 20:00 - 000059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2018-10-07 10:54 - 2012-03-13 11:02 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44328596.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44328596.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2018-12-01 11:20 - 000000825 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1459080146-1752181985-1471865784-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tessa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: Spotify => C:\Users\Tessa\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{86F2CCFA-1891-4AEB-91AA-5812908C8F2F}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{359BF62C-EEE0-4C6E-A0DE-E564248122E4}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{80ACD008-87A1-4C33-9321-96041C7F905A}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{A0AB810D-C339-48C6-8934-1748D36AEF2E}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe
FirewallRules: [{5348E4EB-2302-4D44-B8EE-3D42BBF9EA36}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B22B0CB9-A37E-4D1F-A92D-CD5EA7692392}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{17CC2025-76A0-44C0-B8DC-18E6BA55DDA0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{96E46E2C-9EF6-44AD-9CC0-8C02FB79AF8B}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{D42C16AB-837B-4793-A998-EC0B71D3344A}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{A302C2EF-8E9E-4C2C-A790-F085718F246C}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{DC4F6D85-3EED-4464-A96C-8C64BADFE88E}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{7364A88F-BEB7-4899-94BF-12E82915A22C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{51E05604-9C52-4E83-9924-0660242B171D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6594D6DE-CCBA-4D7A-A134-0E99C0E5DF6F}] => (Allow) C:\Program Files\Opera\56.0.3051.36\opera.exe
FirewallRules: [{B4A7F6BC-7124-4D5C-882B-841981A29F71}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{47B48ADB-9209-4135-97BD-4B0A70C0A881}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{0539C7D8-2AAB-48FB-AF12-DB7D2349ED46}] => (Allow) C:\Program Files\Opera\56.0.3051.43\opera.exe
FirewallRules: [{BFB86B73-46FA-45EC-BF8F-307FBD8557CC}] => (Block) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{565BFD0B-F8A3-48B6-8D5A-1ACACB9B5A75}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{E759DA56-40BD-46FD-A5DB-D74A88AA6B71}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{632C265B-6480-4833-86D2-D945CF8000A9}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
FirewallRules: [{200179B4-35E6-49B3-9289-7DAFDE09890B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E5F6F696-596C-450F-A13A-D03B427AD83F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{65716FE7-570E-4967-BFD1-C73CA1FC76DA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{306D68CF-BB10-4918-B9DA-CB1F8A587543}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{109E1E3B-42DE-4DC3-AE86-928DE51E08AB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{74794B46-B634-4F4E-858E-67124C0BAADC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{835B22BC-EAB9-455A-BFE5-BEC732F478A3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2286406A-0087-4F03-A294-67373373FFBE}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{06F689B4-2A37-4780-A5E3-13246D367153}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{07CF38E6-BD82-4992-AFC7-F6B6D93AA949}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{524727C0-0A8C-4F10-A82B-2C47493429E8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{B8CA86BB-A8D6-4FF5-82DF-EF77C250CA10}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{C3DAEBD1-F507-4656-AF56-A9D06BE4A6D9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-11-2018 17:28:21 Operación de restauración
19-11-2018 18:56:25 Instalación del paquete de controladores de dispositivo: TAP-NordVPN Windows Provider V9 Adaptadores de red
20-11-2018 21:15:31 Revo Uninstaller's restore point - UsbFix Anti-Malware Premium
21-11-2018 13:41:32 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123
21-11-2018 15:07:41 Revo Uninstaller's restore point - Kaspersky Total Security
21-11-2018 15:14:36 Revo Uninstaller's restore point - Kaspersky Secure Connection
26-11-2018 23:39:24 JRT Pre-Junkware Removal
01-12-2018 11:39:37 Revo Uninstaller's restore point - Panda USB Vaccine 1.0.1.16

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2018 08:23:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Tessa-VAIO)
Description: Windows no encuentra el perfil local y está iniciando la sesión con un perfil temporal. Los cambios que se efectúen en este perfil se perderán cuando se cierre la sesión.

Error: (12/01/2018 08:23:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Tessa-VAIO)
Description: Windows hizo una copia de seguridad de este perfil de usuario. Windows intentará automáticamente usar la copia de seguridad del perfil la próxima vez que este usuario inicie sesión.

Error: (12/01/2018 11:39:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1459080146-1752181985-1471865784-1003.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.


Operación:
   Evento OnIdentify
   Recopilando datos del escritor

Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {83117480-d098-4329-83d5-b970d4b2bb26}

Error: (12/01/2018 11:39:36 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1459080146-1752181985-1471865784-1003.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.


Operación:
   Evento OnIdentify
   Recopilando datos del escritor

Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {83117480-d098-4329-83d5-b970d4b2bb26}

Error: (12/01/2018 11:39:36 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {9e655306-1aeb-4e24-b607-542d6339644b}

Error: (12/01/2018 11:21:32 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (4828) Al intentar abrir el archivo "C:\Users\Tessa\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (11/26/2018 11:39:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1459080146-1752181985-1471865784-1003.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.


Operación:
   Evento OnIdentify
   Recopilando datos del escritor

Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {505f048b-d9df-4efa-94e2-012ba153a652}

Error: (11/26/2018 09:03:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: RootkitRevealer.exe, versión: 1.71.0.0, marca de tiempo: 0x44e255aa
Nombre del módulo con errores: RootkitRevealer.exe, versión: 1.71.0.0, marca de tiempo: 0x44e255aa
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000040cd
Id. del proceso con errores: 0xd08
Hora de inicio de la aplicación con errores: 0x01d48590d84f51d1
Ruta de acceso de la aplicación con errores: C:\Users\Tessa\Desktop\RootkitRevealer\RootkitRevealer.exe
Ruta de acceso del módulo con errores: C:\Users\Tessa\Desktop\RootkitRevealer\RootkitRevealer.exe
Id. del informe: 160ee7b3-f184-11e8-ba6d-30f9edbcec26


System errors:
=============
Error: (12/01/2018 11:37:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/01/2018 08:23:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Search no respondió después de iniciar.

Error: (12/01/2018 11:17:50 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Search no respondió después de iniciar.

Error: (11/27/2018 09:28:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/27/2018 08:51:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Update no respondió después de iniciar.

Error: (11/27/2018 12:58:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/27/2018 12:19:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Windows Search no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (11/27/2018 12:19:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Windows Search.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 3996.36 MB
Available physical RAM: 2328.52 MB
Total Virtual: 7990.86 MB
Available Virtual: 5786.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:447 GB) (Free:202.46 GB) NTFS

\\?\Volume{79d80838-ca44-11e8-95cd-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS
\\?\Volume{79d80837-ca44-11e8-95cd-806e6f6e6963}\ (Recovery) (Fixed) (Total:18.41 GB) (Free:1.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 78CBB45F)
Partition 1: (Not Active) - (Size=18.4 GB) - (Type=27)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=447 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


#14

Hola @CxW7Gab:

Antes de hacer alguna limpieza que pueda causar problemas, primero realiza los siguientes pasos:

1.- Crea una nueva cuenta de usuario con Derechos de Administrador.

2.- Reparar el perfil de usuario.

Te dejo los pasos, realizalos hasta el Paso 10.-

A partir de esto >>> Método de prevención sobre cómo proteger el equipo <<< NO

https://www.backup-utility.com/es/windows-7/reparar-perfil-de-usuario-corrupto-windows-7.html

Cualquier duda nos consultas.

Salu2.


#15

Hola de nuevo,

Cree el usuario como Admin (ATV_Admin). Si voy al panel de control o reinicio el equipo lo veo. Pero en el disco local Equipo C:Usuarios aparecen solo las sig carpetas

Acceso publico All Users (con candado) Default Default User (con candado) Temp TEMP.Tessa-Vaio TEMP.Tessa-Vaio.000 Tere tere.Tessa-Vaio (con candado) Tessa (el usuario admin original) desktop ini

Pero no aparece el nuevo usuario

La otro pregunta es: hay varios archivos tipo .blf y REGTrans-Ms dentro del usuario Tessa. También los copio en la carpeta de nuevo usuario?

ejemplo ntuser.dat{83ffe0b7-e2d5-11e8-a560-806e6f6e6963}.TM.blf del 7 nov 64 Kb ntuser.dat{83ffe0b7e2d5-11e8a560-806e6f6e6963}.TM.Container00000000000000000001.regtrans-ms 7 nov 512 kb ntuser.dat{83ffe0b7e2d5-11e8a560-806e6f6e6963}.TM.Container00000000000000000002.regtrans-ms 7 nov 512 kb

Asi para el 7 y 25 oct, 16 y 19 de nov

Gracias


#16

Hola:

Solo estos son los que no tienes que copiar. (Editado)

Ntuser.data

Ntuser.data.log

Ntuser.ini

Es para reparar tu cuenta.

Salu2.


#17

Gracias Pero, como hago para ver el nuevo usuario creado, por alguna razon no aparece en C: Usuarios.


#18

Hola:

Has iniciado sesión en esa cuenta? Prueba eso entra en la cuenta nueva realiza alguna acción, reinicia y mira si ya se registro en C:/usuarios

Y por las dudas te dejo los pasos oficiales de Microsoft para recuperar la cuenta.

https://support.microsoft.com/es-ar/help/14039/windows-7-fix-corrupted-user-profile

Solo estos son los archivos que no tienes que copiar:

Ntuser.data Ntuser.data.log Ntuser.ini

Te lo había puesto al revés…:confounded:

Salu2


#19

Jaja! No problem! Ya hice la copia de los archivos en el nuevo usuario, copié tambien los archivos .blf y regtrans-ms. No sé si no debi hacerlo pero se crearon dos archivos .log1 y log2 :thinking:

Ntuser.dat.log1 a las 11:17 256 kB y ntuser.dat.log2 a las 11:10 0 kB

Gracias


#20

Hola @CxW7Gab :

Perfecto ahora si :+1: , vuelve a ejecutar FRST así pegas un reporte actualizado, tal como te indique anteriormente.

Ademas comenta como notas el equipo.

Salu2.


#21

Hola SanMar

El equipo al inicio hizo un chillido como del disco duro, no se si se haya dañado ya que las dos ultimas ocasiones se apago solo el equipo el 2 y 16 de noviembre, esta ultima fue cuandos se creo la carpeta de Caphyon pero yo no lo instale. Y el 31 de octubre yo tambien force el apagado porque la maquina se trabo y había un mensaje de audio diciendo que los archivos estaban enciptados por no recuerdo quien. Nunca se genero el file .txt y no todo se encripto solo algunos archivos del equipo, de un disco duro de respaldo y de una USB con la extension .LSK

En general no he usado el equipo mas que para correr los procesos que me indicas, ya que no tiene antivirus.

Otra cosa que note al correr los reportes es que al analizar, al igual que en la ocasion anterior cuando llega a AppId dice (No responde) por unos minutos y luego continua, y que dice que opera es el browser por defecto, pero lo desisntale desde octubre.

Los reportes


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by ATV_Admin (administrator) on TESSA-VAIO (04-12-2018 20:35:28)
Running from C:\Users\ATV_Admin\Desktop
Loaded Profiles: ATV_Admin (Available Profiles: Tessa & ATV_Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1022592 2012-04-28] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885944 2012-09-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-08] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2018-11-20] ()
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{221A7E51-8A45-4978-A12D-EDDF7778477A}: [NameServer] 9.9.9.9
Tcpip\..\Interfaces\{221A7E51-8A45-4978-A12D-EDDF7778477A}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F83B8505-F66F-463B-9B71-78B7CC7A17B2}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-04-28] (Atheros Commnucations)
BHO-x32: Aplicación auxiliar de inicio de sesión de Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-27] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: jm0u4abc.default
FF ProfilePath: C:\Users\ATV_Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jm0u4abc.default [2018-12-04]
FF Extension: (French spelling dictionary) - C:\Users\ATV_Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jm0u4abc.default\Extensions\[email protected] [2018-12-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-24] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default [2018-12-04]
CHR Extension: (Presentaciones) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-04]
CHR Extension: (Documentos) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-04]
CHR Extension: (Google Drive) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-04]
CHR Extension: (YouTube) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-04]
CHR Extension: (Adblock Plus) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-04]
CHR Extension: (OneTab) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2018-12-04]
CHR Extension: (ZenMate VPN - Mejor seguridad para Internet) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-12-04]
CHR Extension: (Hojas de cálculo) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-04]
CHR Extension: (Edición de Office) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-12-04]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-04]
CHR Extension: (Avast Online Security) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-12-04]
CHR Extension: (Botón Guardar de Pinterest) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-12-04]
CHR Extension: (PSafe Segurança Online) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\higfhiimhkcmfppmdckdpkdcdolcjooo [2018-12-04]
CHR Extension: (Xodo PDF Viewer & Editor) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihgdgpjankaehldoaimdlekdidkjfghe [2018-12-04]
CHR Extension: (HTML5 Virtual Classroom - Screen Sharing) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihglikcoelelbbcpahhhfomehdeefmnc [2018-12-04]
CHR Extension: (Cisco Webex Extension) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-12-04]
CHR Extension: (Grammarly for Chrome) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-12-04]
CHR Extension: (Proxy VPN gratis Hotspot Shield: desbloqueo de sitios) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2018-12-04]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-04]
CHR Extension: (SurfEasy VPN - Seguridad, Privacidad, Desbloquear) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiddbcijempnhhobijfbggjogofdlgl [2018-12-04]
CHR Extension: (TunnelBear VPN) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-12-04]
CHR Extension: (Gmail) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-04]
CHR Extension: (Chrome Media Router) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-04]
CHR Profile: C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [119424 2012-04-28] (Atheros Commnucations) [File not signed]
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [474112 2018-03-15] (Intel Corporation) [File not signed]
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [437200 2018-11-06] ()
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
S3 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1667056 2018-03-19] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2018-06-07] (The OpenVPN Project)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BTATH_VDP; system32\drivers\btath_vdp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)