Ataque virtual, hacking or virus .LNK /Caphyon

CxW7Gab · 4 Diciembre, 2018 16:39

Jaja! No problem! Ya hice la copia de los archivos en el nuevo usuario, copié tambien los archivos .blf y regtrans-ms. No sé si no debi hacerlo pero se crearon dos archivos .log1 y log2

Ntuser.dat.log1 a las 11:17 256 kB y ntuser.dat.log2 a las 11:10 0 kB

Gracias

SanMar · 4 Diciembre, 2018 20:28

Hola @CxW7Gab :

Perfecto ahora si , vuelve a ejecutar FRST así pegas un reporte actualizado, tal como te indique anteriormente.

Ademas comenta como notas el equipo.

Salu2.

CxW7Gab · 5 Diciembre, 2018 01:28

Hola SanMar

El equipo al inicio hizo un chillido como del disco duro, no se si se haya dañado ya que las dos ultimas ocasiones se apago solo el equipo el 2 y 16 de noviembre, esta ultima fue cuandos se creo la carpeta de Caphyon pero yo no lo instale. Y el 31 de octubre yo tambien force el apagado porque la maquina se trabo y había un mensaje de audio diciendo que los archivos estaban enciptados por no recuerdo quien. Nunca se genero el file .txt y no todo se encripto solo algunos archivos del equipo, de un disco duro de respaldo y de una USB con la extension .LSK

En general no he usado el equipo mas que para correr los procesos que me indicas, ya que no tiene antivirus.

Otra cosa que note al correr los reportes es que al analizar, al igual que en la ocasion anterior cuando llega a AppId dice (No responde) por unos minutos y luego continua, y que dice que opera es el browser por defecto, pero lo desisntale desde octubre.

Los reportes


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by ATV_Admin (administrator) on TESSA-VAIO (04-12-2018 20:35:28)
Running from C:\Users\ATV_Admin\Desktop
Loaded Profiles: ATV_Admin (Available Profiles: Tessa & ATV_Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1022592 2012-04-28] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885944 2012-09-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-08] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2018-11-20] ()
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{221A7E51-8A45-4978-A12D-EDDF7778477A}: [NameServer] 9.9.9.9
Tcpip\..\Interfaces\{221A7E51-8A45-4978-A12D-EDDF7778477A}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F83B8505-F66F-463B-9B71-78B7CC7A17B2}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-04-28] (Atheros Commnucations)
BHO-x32: Aplicación auxiliar de inicio de sesión de Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-27] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: jm0u4abc.default
FF ProfilePath: C:\Users\ATV_Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jm0u4abc.default [2018-12-04]
FF Extension: (French spelling dictionary) - C:\Users\ATV_Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jm0u4abc.default\Extensions\[email protected] [2018-12-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-24] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default [2018-12-04]
CHR Extension: (Presentaciones) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-04]
CHR Extension: (Documentos) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-04]
CHR Extension: (Google Drive) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-04]
CHR Extension: (YouTube) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-04]
CHR Extension: (Adblock Plus) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-04]
CHR Extension: (OneTab) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2018-12-04]
CHR Extension: (ZenMate VPN - Mejor seguridad para Internet) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-12-04]
CHR Extension: (Hojas de cálculo) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-04]
CHR Extension: (Edición de Office) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-12-04]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-04]
CHR Extension: (Avast Online Security) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-12-04]
CHR Extension: (Botón Guardar de Pinterest) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-12-04]
CHR Extension: (PSafe Segurança Online) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\higfhiimhkcmfppmdckdpkdcdolcjooo [2018-12-04]
CHR Extension: (Xodo PDF Viewer & Editor) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihgdgpjankaehldoaimdlekdidkjfghe [2018-12-04]
CHR Extension: (HTML5 Virtual Classroom - Screen Sharing) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihglikcoelelbbcpahhhfomehdeefmnc [2018-12-04]
CHR Extension: (Cisco Webex Extension) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-12-04]
CHR Extension: (Grammarly for Chrome) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-12-04]
CHR Extension: (Proxy VPN gratis Hotspot Shield: desbloqueo de sitios) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2018-12-04]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-04]
CHR Extension: (SurfEasy VPN - Seguridad, Privacidad, Desbloquear) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiddbcijempnhhobijfbggjogofdlgl [2018-12-04]
CHR Extension: (TunnelBear VPN) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-12-04]
CHR Extension: (Gmail) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-04]
CHR Extension: (Chrome Media Router) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-04]
CHR Profile: C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [119424 2012-04-28] (Atheros Commnucations) [File not signed]
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [474112 2018-03-15] (Intel Corporation) [File not signed]
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [437200 2018-11-06] ()
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
S3 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1667056 2018-03-19] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2018-06-07] (The OpenVPN Project)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BTATH_VDP; system32\drivers\btath_vdp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CxW7Gab · 5 Diciembre, 2018 01:52

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-04 20:25 - 2018-12-04 20:36 - 000016991 _____ C:\Users\ATV_Admin\Desktop\FRST.txt
2018-12-04 20:25 - 2018-12-04 20:25 - 000033750 _____ C:\Users\ATV_Admin\Desktop\Addition.txt
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Trusteer
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Spotify
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Sony Corporation
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\NordVPN
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Mozilla
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\mbamtray
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\mbam
2018-12-04 14:25 - 2018-10-27 20:03 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Opera Software
2018-12-04 14:23 - 2018-12-04 14:23 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Sun
2018-12-04 14:23 - 2018-12-04 14:23 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\ESET
2018-12-04 14:23 - 2018-12-04 14:23 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\ElevatedDiagnostics
2018-12-04 14:22 - 2018-12-04 20:28 - 000000000 ____D C:\Users\ATV_Admin\AppData\LocalLow\Mozilla
2018-12-04 14:22 - 2018-12-04 14:23 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Spotify
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Skype
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Samsung
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\PrimoPDF
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\NordVPN
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Mozilla
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Macromedia
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\LibreOffice
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\iolo
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Google
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\ArcSoft
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\LocalLow\Sun
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\LocalLow\Adobe
2018-12-04 14:22 - 2018-10-24 08:15 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\PeerNetworking
2018-12-04 14:21 - 2018-12-04 14:21 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\CEF
2018-12-04 14:21 - 2018-12-04 14:21 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\BMExplorer
2018-12-04 14:21 - 2018-12-04 14:21 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\AVAST Software
2018-12-04 14:21 - 2018-12-04 14:21 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\ArcSoft
2018-12-04 14:21 - 2018-12-04 14:21 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Apps\2.0
2018-12-04 14:21 - 2018-12-04 14:21 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Adobe
2018-12-04 14:21 - 2018-12-01 12:02 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\CrashDumps
2018-12-04 14:21 - 2018-10-27 12:06 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Deployment
2018-12-04 14:21 - 2018-10-27 00:29 - 003360632 ____H C:\Users\ATV_Admin\AppData\Local\IconCache.db.backup
2018-12-04 14:20 - 2018-12-04 14:20 - 000000000 ____D C:\Users\ATV_Admin\Downloads\TMRBLog
2018-12-04 14:05 - 2018-12-04 14:20 - 000000000 ____D C:\Users\ATV_Admin\Downloads\audios martha
2018-12-04 14:05 - 2018-07-02 09:09 - 082248888 _____ (TunnelBear) C:\Users\ATV_Admin\Downloads\TunnelBear-Installer.exe
2018-12-04 14:04 - 2018-11-12 12:11 - 446803740 _____ C:\Users\ATV_Admin\Downloads\takeout-20181112T155821Z-002.zip
2018-12-04 14:01 - 2018-11-16 17:33 - 003426208 _____ (NordVPN) C:\Users\ATV_Admin\Downloads\NordVPNTapSetup.exe
2018-12-04 14:01 - 2018-11-12 12:35 - 2133097695 _____ C:\Users\ATV_Admin\Downloads\takeout-20181112T155821Z-001.zip
2018-12-04 14:01 - 2018-11-12 01:06 - 001217236 _____ C:\Users\ATV_Admin\Downloads\takeout-20181112T060510Z-001.zip
2018-12-04 14:01 - 2018-11-11 20:43 - 013579176 _____ (NordVPN) C:\Users\ATV_Admin\Downloads\NordVPNSetup.exe
2018-12-04 14:01 - 2018-10-26 21:49 - 013164256 _____ (Microsoft Corporation) C:\Users\ATV_Admin\Downloads\Silverlight_x64.exe.qrim3b3.partial
2018-12-04 14:01 - 2018-10-17 20:33 - 062637240 _____ (Skype Technologies S.A.) C:\Users\ATV_Admin\Downloads\Skype-8.32.0.53.exe
2018-12-04 14:01 - 2018-10-13 13:32 - 000488952 _____ (IBM Corp.) C:\Users\ATV_Admin\Downloads\RapportSetup.exe
2018-12-04 14:01 - 2018-10-10 23:41 - 062518512 _____ (Skype Technologies S.A.) C:\Users\ATV_Admin\Downloads\Skype-8.31.0.92.exe
2018-12-04 14:01 - 2018-10-08 19:12 - 027885664 _____ (Microsoft Corporation) C:\Users\ATV_Admin\Downloads\OneDriveSetup.exe
2018-12-04 14:01 - 2018-09-24 00:36 - 041109664 _____ (Samsung Electronics) C:\Users\ATV_Admin\Downloads\SmartSwitchPC.exe
2018-12-04 14:01 - 2017-02-08 14:04 - 001159912 _____ (Opera Software) C:\Users\ATV_Admin\Downloads\OperaSetup.exe
2018-12-04 14:01 - 2016-08-30 21:27 - 000356056 _____ (Spotify Ltd) C:\Users\ATV_Admin\Downloads\SpotifySetup.exe
2018-12-04 14:00 - 2018-11-20 19:21 - 000768736 _____ C:\Users\ATV_Admin\Downloads\Download Rem-VBSworm.pdf
2018-12-04 14:00 - 2018-11-19 19:10 - 001206768 _____ (Adobe Systems Incorporated) C:\Users\ATV_Admin\Downloads\flashplayer31_xa_install.exe
2018-12-04 14:00 - 2018-10-27 12:45 - 168267120 _____ (Microsoft Corporation) C:\Users\ATV_Admin\Downloads\msert.exe
2018-12-04 14:00 - 2018-10-27 11:18 - 001889656 _____ (Oracle Corporation) C:\Users\ATV_Admin\Downloads\JavaSetup8u191.exe
2018-12-04 14:00 - 2018-10-15 00:05 - 001265747 _____ C:\Users\ATV_Admin\Downloads\Lo que hacen los millennials para sacarle jugo a su marca personal - Martha Debayle.pdf
2018-12-04 14:00 - 2018-10-12 09:45 - 000178320 _____ (AVAST Software) C:\Users\ATV_Admin\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2018-12-04 14:00 - 2018-10-07 12:43 - 055915216 _____ (Microsoft Corporation) C:\Users\ATV_Admin\Downloads\IE11-Windows6.1-x64-en-us.exe
2018-12-04 14:00 - 2018-10-04 15:04 - 000314376 _____ (Igor Pavlov) C:\Users\ATV_Admin\Downloads\Firefox Installer.exe
2018-12-04 14:00 - 2018-06-18 20:48 - 245571584 _____ C:\Users\ATV_Admin\Downloads\LibreOffice_5.4.7_Win_x64.msi
2018-12-04 14:00 - 2018-05-03 20:53 - 002637215 _____ C:\Users\ATV_Admin\Downloads\Labour-And-Employment-Law-in-Quebec.pdf
2018-12-04 14:00 - 2017-06-16 01:05 - 000221662 _____ C:\Users\ATV_Admin\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2018-12-04 14:00 - 2017-02-04 18:12 - 037892136 _____ (Malwarebytes ) C:\Users\ATV_Admin\Downloads\MBARW_Setup.exe
2018-12-04 14:00 - 2017-01-17 01:35 - 006334872 _____ (AVAST Software) C:\Users\ATV_Admin\Downloads\avast_free_antivirus_setup_online (2).exe
2018-12-04 14:00 - 2016-09-20 21:29 - 090889040 _____ (Apple Inc.) C:\Users\ATV_Admin\Downloads\iTunes64Setup.exe
2018-12-04 14:00 - 2016-07-11 22:09 - 001642232 _____ (NCH Software) C:\Users\ATV_Admin\Downloads\debutpsetup (1).exe
2018-12-04 14:00 - 2016-06-20 19:32 - 022851472 _____ (Malwarebytes ) C:\Users\ATV_Admin\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe
2018-12-04 14:00 - 2015-12-21 22:23 - 013916256 _____ (EaseUS ) C:\Users\ATV_Admin\Downloads\drw_free.exe
2018-12-04 14:00 - 2015-12-07 19:18 - 001612560 _____ (NCH Software) C:\Users\ATV_Admin\Downloads\debutpsetup(2).exe
2018-12-04 14:00 - 2015-12-06 01:22 - 001069060 _____ (NCH Software) C:\Users\ATV_Admin\Downloads\debut.exe
2018-12-04 14:00 - 2015-12-05 18:05 - 024210616 _____ (Audacity Team ) C:\Users\ATV_Admin\Downloads\audacity-win-2.1.0.exe
2018-12-04 14:00 - 2015-12-05 15:41 - 000690072 _____ (Dropbox, Inc.) C:\Users\ATV_Admin\Downloads\DropboxInstaller.exe
2018-12-04 14:00 - 2015-12-05 15:03 - 167839512 _____ (Apple Inc.) C:\Users\ATV_Admin\Downloads\iTunes6464Setup.exe
2018-12-04 14:00 - 2015-12-05 01:39 - 007274960 _____ C:\Users\ATV_Admin\Downloads\InternationalPrimoPDF.exe
2018-12-04 14:00 - 2012-12-15 01:19 - 020133880 _____ (Dropbox, Inc.) C:\Users\ATV_Admin\Downloads\Dropbox 1.6.5.exe
2018-12-04 13:56 - 2018-11-12 12:41 - 2899411939 _____ C:\Users\ATV_Admin\Downloads\20170930_173528-003.mp4
2018-12-04 13:26 - 2018-12-04 13:27 - 000000000 ____D C:\Users\ATV_Admin\Documents\tarot
2018-12-04 13:26 - 2018-12-04 13:26 - 000000000 ____D C:\Users\ATV_Admin\Documents\Sony PMB
2018-12-04 12:51 - 2018-12-04 12:51 - 000000000 ____D C:\Users\ATV_Admin\Documents\SmartSwitch
2018-12-04 11:54 - 2018-12-04 12:51 - 000000000 ____D C:\Users\ATV_Admin\Documents\sAMSUNG
2018-12-04 11:54 - 2018-12-04 11:54 - 000000000 ____D C:\Users\ATV_Admin\Documents\rec
2018-12-04 11:54 - 2018-12-04 11:54 - 000000000 ____D C:\Users\ATV_Admin\Documents\Nueva carpeta
2018-12-04 11:54 - 2018-12-04 11:54 - 000000000 ____D C:\Users\ATV_Admin\Documents\Nov2
2018-12-04 11:53 - 2018-12-04 11:54 - 000000000 ____D C:\Users\ATV_Admin\Documents\jobs 2018
2018-12-04 11:46 - 2018-12-04 11:53 - 000000000 ____D C:\Users\ATV_Admin\Documents\iTunes
2018-12-04 11:46 - 2018-12-04 11:46 - 000000000 ____D C:\Users\ATV_Admin\Documents\esoterismo
2018-12-04 11:39 - 2018-12-04 11:39 - 000000000 ____D C:\Users\ATV_Admin\Documents\CVs
2018-12-04 11:38 - 2018-12-04 11:38 - 000000000 ____D C:\Users\ATV_Admin\Documents\Chrome
2018-12-04 11:38 - 2018-12-04 11:38 - 000000000 ____D C:\Users\ATV_Admin\Documents\c
2018-12-04 11:38 - 2018-12-04 11:38 - 000000000 ____D C:\Users\ATV_Admin\Desktop\print
2018-12-04 11:38 - 2018-12-04 11:38 - 000000000 ____D C:\Users\ATV_Admin\Desktop\jobs 2018
2018-12-04 11:38 - 2018-11-01 23:41 - 000000000 ____H C:\Users\ATV_Admin\Documents\Default.rdp
2018-12-04 11:38 - 2018-10-26 23:10 - 000423555 _____ C:\Users\ATV_Admin\Documents\tortas de atun y papa.pdf
2018-12-04 11:38 - 2018-10-21 22:23 - 000155951 _____ C:\Users\ATV_Admin\Documents\Soft and Easy  Pumpkin Cookies with Cream Cheese Frosting.pdf
2018-12-04 11:38 - 2018-10-21 21:31 - 000599124 _____ C:\Users\ATV_Admin\Documents\Aunt Raffy's Holiday Salad - Giadzy.pdf
2018-12-04 11:38 - 2018-10-18 00:44 - 000772476 _____ C:\Users\ATV_Admin\Documents\Cheesecake de mamey.pdf
2018-12-04 11:38 - 2018-10-17 21:56 - 000948049 _____ C:\Users\ATV_Admin\Documents\Super alimentos mexicanos que debes incluir en tu dieta.pdf
2018-12-04 11:38 - 2018-10-17 15:31 - 000161476 _____ C:\Users\ATV_Admin\Documents\Pumpkin Ravioli With Sage Butter Sauce Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-17 14:52 - 000157719 _____ C:\Users\ATV_Admin\Documents\Olive Garden Copycat Zuppa Toscana Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-17 10:35 - 000053229 _____ C:\Users\ATV_Admin\Documents\Vazquez Teresa employment confirmation october 2018.pdf
2018-12-04 11:38 - 2018-10-17 10:23 - 004505358 _____ C:\Users\ATV_Admin\Documents\reclamacion comprobantes e idientificacion.odt
2018-12-04 11:38 - 2018-10-16 23:11 - 000015897 _____ C:\Users\ATV_Admin\Documents\dropship analysys.ods
2018-12-04 11:38 - 2018-10-15 16:03 - 000785714 _____ C:\Users\ATV_Admin\Documents\Gâteau aux fruits et aux noix du Brésil _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-15 15:21 - 000071563 _____ C:\Users\ATV_Admin\Documents\Gâteau à la crème sure et au pamplemousse _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-15 14:53 - 000404303 _____ C:\Users\ATV_Admin\Documents\quatre-quarts d'Hugo _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-15 13:38 - 000067841 _____ C:\Users\ATV_Admin\Documents\Gâteau aux marrons et au chocolat blanc _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-15 11:41 - 000620304 _____ C:\Users\ATV_Admin\Documents\gâteau forêt-noire _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-15 11:10 - 000638303 _____ C:\Users\ATV_Admin\Documents\Charlotte au chocolat et aux framboises _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-15 00:14 - 000759904 _____ C:\Users\ATV_Admin\Documents\Gâteau chocolat-thé aux épices _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-15 00:13 - 000608109 _____ C:\Users\ATV_Admin\Documents\Gâteau très chocolaté _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 23:58 - 000639305 _____ C:\Users\ATV_Admin\Documents\Gâteaux aux mangues, fraises et chocolat blanc _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 23:43 - 000472279 _____ C:\Users\ATV_Admin\Documents\gâteau forêt-noire amélioré _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 22:35 - 000635833 _____ C:\Users\ATV_Admin\Documents\gâteau renversé à l’érable et aux canneberges _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 22:14 - 000649129 _____ C:\Users\ATV_Admin\Documents\gâteau des anges simple _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 21:53 - 000599188 _____ C:\Users\ATV_Admin\Documents\gâteau red velvet _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 21:01 - 000724179 _____ C:\Users\ATV_Admin\Documents\gâteau avocat et chocolat _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 20:42 - 000889522 _____ C:\Users\ATV_Admin\Documents\gâteau biscuit amandes et bleuets _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 20:13 - 000928533 _____ C:\Users\ATV_Admin\Documents\gâteau au chocolat très chocolaté _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 19:53 - 000066525 _____ C:\Users\ATV_Admin\Documents\gâteau marbré chocolat-orange _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 19:19 - 000395644 _____ C:\Users\ATV_Admin\Documents\gâteau fromage chocolat _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 18:10 - 000061613 _____ C:\Users\ATV_Admin\Documents\Online Personal Credit Reports & Credit Scores - TransUnion Credit Monitoring2.pdf
2018-12-04 11:38 - 2018-10-14 18:07 - 000068590 _____ C:\Users\ATV_Admin\Documents\Online Personal Credit Reports & Credit Scores - TransUnion Credit Monitoring.pdf
2018-12-04 11:38 - 2018-10-14 17:05 - 000096262 _____ C:\Users\ATV_Admin\Documents\noire au Grand Marnier _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-13 14:56 - 002632469 _____ C:\Users\ATV_Admin\Documents\ideas affice chandelle.odt
2018-12-04 11:38 - 2018-10-12 23:05 - 000060759 _____ C:\Users\ATV_Admin\Documents\Pumpkin Soup with Pumpkin Seed-Mint Pesto Recipe _ MyRecipes.pdf
2018-12-04 11:38 - 2018-10-12 22:56 - 000063182 _____ C:\Users\ATV_Admin\Documents\Stuffed Pumpkin with Cranberry-Raisin Bread Pudding Recipe _ MyRecipes.pdf
2018-12-04 11:38 - 2018-10-12 22:26 - 000274675 _____ C:\Users\ATV_Admin\Documents\Roast pumpkin with cream thyme  Parmesan.pdf
2018-12-04 11:38 - 2018-10-12 21:59 - 000104571 _____ C:\Users\ATV_Admin\Documents\Brazilian shrimp stuffed pumpkin _ Adore Foods.pdf
2018-12-04 11:38 - 2018-10-10 15:52 - 001544574 _____ C:\Users\ATV_Admin\Documents\Les Benoitons de Papilles et Calamity Darty.pdf
2018-12-04 11:38 - 2018-10-10 15:14 - 002980991 _____ C:\Users\ATV_Admin\Documents\trifle royal.pdf
2018-12-04 11:38 - 2018-10-10 11:55 - 000753309 _____ C:\Users\ATV_Admin\Documents\programas suspension.odt
2018-12-04 11:38 - 2018-10-09 15:09 - 000103894 _____ C:\Users\ATV_Admin\Documents\tofu poke.pdf
2018-12-04 11:38 - 2018-10-09 14:45 - 000071365 _____ C:\Users\ATV_Admin\Documents\comrbcoct2_181009.pdf
2018-12-04 11:38 - 2018-10-09 13:34 - 000099710 _____ C:\Users\ATV_Admin\Documents\kielbalsa cabbage soup.pdf
2018-12-04 11:38 - 2018-10-08 23:21 - 000160295 _____ C:\Users\ATV_Admin\Documents\Kittencals Scalloped Potato And Ground Beef Casserole Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 23:00 - 000151453 _____ C:\Users\ATV_Admin\Documents\Spicy Salmon Poke Taco.pdf
2018-12-04 11:38 - 2018-10-08 22:56 - 000141599 _____ C:\Users\ATV_Admin\Documents\Matcha Red Bean Cake Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 22:50 - 000138174 _____ C:\Users\ATV_Admin\Documents\Chamomile Cake With Honey Buttercream.pdf
2018-12-04 11:38 - 2018-10-08 22:42 - 000223569 _____ C:\Users\ATV_Admin\Documents\Creamy Avocado Coconut Lime Ginger Pops Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 22:39 - 000177158 _____ C:\Users\ATV_Admin\Documents\Chocolate Chip Cookies With cheakpeas Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 22:32 - 000142789 _____ C:\Users\ATV_Admin\Documents\Blackberry Bakewell Tarts  Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 21:09 - 000155287 _____ C:\Users\ATV_Admin\Documents\Vanilla Dream Mille Crêpe Cake  Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 20:55 - 000156631 _____ C:\Users\ATV_Admin\Documents\Piña Colada Cake Bites Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 20:28 - 000141041 _____ C:\Users\ATV_Admin\Documents\Bacon And Egg Breakfast Stromboli Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 19:52 - 000185753 _____ C:\Users\ATV_Admin\Documents\Creamy Ham And Gnocchi Bake Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 19:42 - 000201845 _____ C:\Users\ATV_Admin\Documents\Banana Coffee Cake Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 19:16 - 000163718 _____ C:\Users\ATV_Admin\Documents\Cheesy Buffalo Chicken Skulls Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-07 12:27 - 000000000 ____D C:\Users\ATV_Admin\Documents\Bluetooth Folder
2018-12-04 11:38 - 2018-09-24 00:36 - 041109664 _____ (Samsung Electronics) C:\Users\ATV_Admin\Documents\SmartSwitchPC.exe
2018-12-04 11:36 - 2018-12-04 20:08 - 000079243 _____ C:\Users\ATV_Admin\Desktop\FRST1.txt
2018-12-04 11:36 - 2018-12-04 20:08 - 000033744 _____ C:\Users\ATV_Admin\Desktop\Addition1.txt
2018-12-04 11:36 - 2018-12-04 11:37 - 000000000 ____D C:\Users\ATV_Admin\Desktop\CVs
2018-12-04 11:36 - 2018-12-02 16:53 - 002417152 _____ (Farbar) C:\Users\ATV_Admin\Desktop\FRST64.exe
2018-12-04 11:36 - 2018-12-01 11:38 - 000001145 _____ C:\Users\ATV_Admin\Desktop\DelFix.txt
2018-12-04 11:36 - 2018-11-25 00:56 - 000001538 _____ C:\Users\ATV_Admin\Desktop\Malwarebytes251118.txt
2018-12-04 11:36 - 2018-11-19 23:03 - 000092274 _____ C:\Users\ATV_Admin\Desktop\Disabling Windows Script Host _ Microsoft Docs.pdf
2018-12-04 11:36 - 2018-11-19 20:43 - 000090062 _____ C:\Users\ATV_Admin\Desktop\Event ID 10 is logged in the Applicatio...pdf
2018-12-04 11:36 - 2018-11-17 00:18 - 001726925 _____ C:\Users\ATV_Admin\Desktop\Conexiones_establecidas.txt
2018-12-04 11:36 - 2018-11-15 16:27 - 000352455 _____ C:\Users\ATV_Admin\Desktop\151118t.pdf
2018-12-04 11:36 - 2018-11-15 01:47 - 000000073 _____ C:\Users\ATV_Admin\Desktop\forma.txt
2018-12-04 11:36 - 2018-11-06 00:54 - 000002338 _____ C:\Users\ATV_Admin\Desktop\as_15C9.tmp.txt
2018-12-04 11:36 - 2018-11-06 00:53 - 000002338 _____ C:\Users\ATV_Admin\Desktop\as_7880.tmp.txt
2018-12-04 11:36 - 2018-11-01 22:33 - 000001434 _____ C:\Users\ATV_Admin\Desktop\scan_181101-232615.txt
2018-12-04 11:36 - 2018-10-31 19:13 - 000002202 _____ C:\Users\ATV_Admin\Desktop\mbar-log-2018-10-31 (19-38-01).txt
2018-12-04 11:36 - 2018-10-29 23:45 - 007197480 _____ (VS Revo Group ) C:\Users\ATV_Admin\Desktop\revosetup.exe
2018-12-04 11:36 - 2018-10-27 12:28 - 000065434 _____ C:\Users\ATV_Admin\Desktop\bookmarks_27_10_18.html
2018-12-04 11:36 - 2018-10-25 09:06 - 006693004 _____ C:\Users\ATV_Admin\Desktop\bookmarks.html
2018-12-04 11:36 - 2018-10-25 09:06 - 002424969 _____ C:\Users\ATV_Admin\Desktop\bookmarks-2018-10-25.json
2018-12-04 11:36 - 2018-10-08 11:00 - 000001807 _____ C:\Users\ATV_Admin\Desktop\Spotify.lnk
2018-12-04 11:26 - 2018-12-04 11:36 - 000000000 ____D C:\Users\ATV_Admin\iTunes
2018-12-04 11:11 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Google
2018-12-04 11:11 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Sony Corporation
2018-12-04 11:11 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Adobe
2018-12-04 11:11 - 2018-12-04 11:11 - 000101416 _____ C:\Users\ATV_Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2018-12-04 11:11 - 2018-12-04 11:11 - 000001401 _____ C:\Users\ATV_Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-12-04 11:11 - 2018-12-04 11:11 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Intel Corporation
2018-12-04 11:11 - 2018-12-04 11:11 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Atheros
2018-12-04 11:10 - 2018-12-04 11:26 - 000000000 ____D C:\Users\ATV_Admin
2018-12-04 11:10 - 2018-12-04 11:10 - 000000020 ___SH C:\Users\ATV_Admin\ntuser.ini
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Reciente
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Plantillas
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Mis documentos
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Menú Inicio
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Impresoras
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Entorno de red
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Documents\Mis vídeos
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Documents\Mis imágenes
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Documents\Mi música
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Datos de programa
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Configuración local
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\AppData\Local\Historial
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\AppData\Local\Datos de programa
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\AppData\Local\Archivos temporales de Internet
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\VirtualStore
2018-12-04 11:10 - 2012-02-23 23:01 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Media Center Programs
2018-12-02 16:57 - 2018-12-02 16:58 - 000041660 _____ C:\Users\Tessa\Desktop\Addition.txt
2018-12-02 16:55 - 2018-12-02 16:58 - 000068869 _____ C:\Users\Tessa\Desktop\FRST.txt
2018-12-02 16:54 - 2018-12-04 20:35 - 000000000 ____D C:\FRST
2018-12-02 16:53 - 2018-12-02 16:53 - 002417152 _____ (Farbar) C:\Users\Tessa\Desktop\FRST64.exe
2018-12-01 11:38 - 2018-12-01 11:38 - 000001145 _____ C:\Users\Tessa\Desktop\DelFix.txt
2018-11-26 09:04 - 2018-11-26 09:04 - 000000000 ____D C:\Users\Tessa\Downloads\TMRBLog
2018-11-25 00:56 - 2018-11-25 00:56 - 000001538 _____ C:\Users\Tessa\Desktop\Malwarebytes251118.txt
2018-11-24 19:11 - 2018-11-24 19:11 - 000000000 ____D C:\ProgramData\NordVpn
2018-11-22 12:35 - 2018-11-22 12:36 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET4A19.tmp
2018-11-21 15:29 - 2018-11-21 15:29 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5256B411.sys
2018-11-21 13:59 - 2018-11-21 14:00 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.0
2018-11-21 13:59 - 2018-11-21 13:59 - 000001570 _____ C:\Users\Public\Desktop\LibreOffice 6.0.lnk
2018-11-21 13:44 - 2018-11-21 13:44 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
2018-11-21 13:44 - 2018-11-21 13:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-11-21 13:42 - 2018-11-21 13:42 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-21 12:00 - 2018-11-21 15:12 - 000000000 ____D C:\Program Files\Common Files\AV
2018-11-21 11:56 - 2018-11-21 15:15 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-11-21 11:53 - 2018-11-21 11:54 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-11-20 20:37 - 2018-11-20 20:43 - 000000000 ____D C:\Rem-VBSqt
2018-11-20 19:21 - 2018-11-20 19:21 - 000768736 _____ C:\Users\Tessa\Downloads\Download Rem-VBSworm.pdf
2018-11-19 23:03 - 2018-11-19 23:03 - 000092274 _____ C:\Users\Tessa\Desktop\Disabling Windows Script Host _ Microsoft Docs.pdf
2018-11-19 20:43 - 2018-11-19 20:43 - 000090062 _____ C:\Users\Tessa\Desktop\Event ID 10 is logged in the Applicatio...pdf
2018-11-19 19:25 - 2018-12-04 19:59 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-11-19 19:25 - 2018-11-22 15:49 - 000002812 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-11-19 19:25 - 2018-11-19 19:25 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-19 19:25 - 2018-11-19 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-11-19 19:10 - 2018-11-19 19:10 - 001206768 _____ (Adobe Systems Incorporated) C:\Users\Tessa\Downloads\flashplayer31_xa_install.exe
2018-11-19 18:54 - 2018-11-19 18:54 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2018-11-19 15:57 - 2018-11-19 15:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Sony Corporation
2018-11-19 15:52 - 2018-11-19 17:35 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\NordVPN
2018-11-19 15:52 - 2018-11-19 16:26 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\LocalLow\Mozilla
2018-11-19 15:51 - 2018-11-19 15:58 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Mozilla
2018-11-19 15:51 - 2018-11-19 15:52 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Mozilla
2018-11-19 15:51 - 2018-11-19 15:51 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\AVAST Software
2018-11-19 15:51 - 2018-11-19 15:51 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\CEF
2018-11-19 15:49 - 2018-11-19 15:49 - 000099784 _____ C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Intel Corporation
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Atheros
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Adobe
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Google
2018-11-19 15:48 - 2018-11-19 17:35 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Sony Corporation
2018-11-19 15:48 - 2018-11-19 15:48 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\mbamtray
2018-11-19 15:47 - 2018-11-19 17:37 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Reciente
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Plantillas
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Mis documentos
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Menú Inicio
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Impresoras
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Entorno de red
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mis vídeos
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mis imágenes
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mi música
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Datos de programa
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Configuración local
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Historial
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Datos de programa
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Archivos temporales de Internet
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\VirtualStore
2018-11-19 15:47 - 2012-02-23 23:01 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Media Center Programs
2018-11-17 22:21 - 2018-11-20 23:06 - 000000000 ____D C:\Users\Tessa\Documents\c
2018-11-17 22:21 - 2018-11-20 11:04 - 000000000 ____D C:\Users\Tessa\Documents\Nueva carpeta
2018-11-16 17:32 - 2018-11-16 17:33 - 003426208 _____ (NordVPN) C:\Users\Tessa\Downloads\NordVPNTapSetup.exe
2018-11-16 16:35 - 2018-10-17 21:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-16 16:35 - 2018-10-17 21:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-16 16:35 - 2018-10-12 14:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-16 16:35 - 2018-10-11 20:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-16 16:34 - 2018-11-10 20:29 - 005551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-16 16:34 - 2018-11-10 20:28 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-11-16 16:34 - 2018-11-10 20:28 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-11-16 16:34 - 2018-11-10 20:28 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-11-16 16:34 - 2018-11-10 20:28 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-11-16 16:34 - 2018-11-10 20:27 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-11-16 16:34 - 2018-11-10 20:27 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-11-16 16:34 - 2018-11-10 20:26 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-11-16 16:34 - 2018-11-10 20:26 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-11-16 16:34 - 2018-11-10 20:26 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-11-16 16:34 - 2018-11-10 20:26 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-11-16 16:34 - 2018-11-10 20:24 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-11-16 16:34 - 2018-11-10 20:24 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-16 16:34 - 2018-11-10 20:24 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-11-16 16:34 - 2018-11-10 20:14 - 004054248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-11-16 16:34 - 2018-11-10 20:14 - 003960040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-11-16 16:34 - 2018-11-10 20:12 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-11-16 16:34 - 2018-11-10 20:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-16 16:34 - 2018-11-10 20:11 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-16 16:34 - 2018-11-10 20:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-11-16 16:34 - 2018-11-10 20:11 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-11-16 16:34 - 2018-11-10 20:10 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-16 16:34 - 2018-11-10 20:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-11-16 16:34 - 2018-11-10 20:10 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-11-16 16:34 - 2018-11-10 20:10 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-16 16:34 - 2018-11-10 20:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-11-16 16:34 - 2018-11-10 20:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-16 16:34 - 2018-11-10 19:52 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-11-16 16:34 - 2018-11-10 19:48 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-11-16 16:34 - 2018-11-10 19:47 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-11-16 16:34 - 2018-11-10 19:44 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-11-16 16:34 - 2018-11-10 19:44 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-11-16 16:34 - 2018-11-10 19:43 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-11-16 16:34 - 2018-10-26 22:42 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-16 16:34 - 2018-10-26 22:42 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-16 16:34 - 2018-10-26 22:42 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-16 16:34 - 2018-10-26 22:42 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2018-11-16 16:34 - 2018-10-26 22:41 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-16 16:34 - 2018-10-26 22:27 - 000173568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-11-16 16:34 - 2018-10-26 22:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-16 16:34 - 2018-10-26 22:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-11-16 16:34 - 2018-10-26 22:11 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-16 16:34 - 2018-10-26 22:11 - 000156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-16 16:34 - 2018-10-26 22:05 - 003227648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-16 16:34 - 2018-10-26 22:04 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-11-16 16:34 - 2018-10-26 22:04 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-11-16 16:34 - 2018-10-26 22:04 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2018-11-16 16:34 - 2018-10-26 22:04 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dispex.dll
2018-11-16 16:34 - 2018-10-18 14:49 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-11-16 16:34 - 2018-10-18 13:51 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-11-16 16:34 - 2018-10-12 15:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-16 16:34 - 2018-10-12 15:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-11-16 16:34 - 2018-10-12 14:55 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-11-16 16:34 - 2018-10-12 14:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-16 16:34 - 2018-10-12 14:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-16 16:34 - 2018-10-11 21:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-16 16:34 - 2018-10-11 21:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-16 16:34 - 2018-10-11 20:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-16 16:34 - 2018-10-11 20:54 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-11-16 16:34 - 2018-10-11 20:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-16 16:34 - 2018-10-11 20:26 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-11-16 16:34 - 2018-10-11 20:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-16 16:34 - 2018-10-11 20:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-16 16:34 - 2018-10-06 11:02 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-16 16:34 - 2018-10-06 08:42 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-11-16 16:34 - 2018-10-06 08:05 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-16 16:34 - 2018-09-22 21:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-16 16:34 - 2018-09-22 21:37 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-11-16 16:34 - 2018-09-22 21:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-11-16 16:34 - 2018-09-22 21:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-11-16 16:34 - 2018-09-22 21:34 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-16 16:34 - 2018-09-22 21:34 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-16 16:34 - 2018-09-22 21:33 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-16 16:34 - 2018-09-22 21:22 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-16 16:34 - 2018-09-22 21:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-16 16:34 - 2018-09-22 21:21 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-16 16:34 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
2018-11-16 16:34 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\system32\locale.nls
2018-11-16 16:33 - 2018-11-10 20:26 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-11-16 16:33 - 2018-11-10 20:25 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-11-16 16:33 - 2018-11-10 20:25 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-11-16 16:33 - 2018-11-10 20:10 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-11-16 16:33 - 2018-11-10 20:10 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-11-16 16:33 - 2018-11-10 20:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-11-16 16:33 - 2018-11-10 20:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 19:53 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-11-16 16:33 - 2018-11-10 19:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-11-16 16:33 - 2018-11-10 19:53 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-11-16 16:33 - 2018-11-10 19:48 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-11-16 16:33 - 2018-11-10 19:47 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-11-16 16:33 - 2018-11-10 19:45 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-11-16 16:33 - 2018-11-10 19:44 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-11-16 16:33 - 2018-11-10 19:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-11-16 16:33 - 2018-11-10 19:41 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-11-16 16:33 - 2018-11-10 19:40 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-11-16 16:33 - 2018-11-10 19:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 19:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-16 16:33 - 2018-10-12 15:25 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-11-16 16:33 - 2018-10-12 15:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-16 16:33 - 2018-10-12 15:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-16 16:33 - 2018-10-12 14:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-11-16 16:33 - 2018-10-12 14:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-16 16:33 - 2018-10-12 14:55 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-11-16 16:33 - 2018-10-11 21:10 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-11-16 16:33 - 2018-10-11 21:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-16 16:33 - 2018-10-11 20:59 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-11-16 16:33 - 2018-10-11 20:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-16 16:33 - 2018-10-11 20:51 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-11-16 16:33 - 2018-10-11 20:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-11-16 16:33 - 2018-10-11 20:42 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-11-16 16:33 - 2018-10-11 20:40 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-11-16 16:33 - 2018-10-11 20:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-16 16:33 - 2018-10-11 20:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-16 16:33 - 2018-10-11 20:26 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-11-16 16:33 - 2018-10-11 19:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-16 16:33 - 2018-09-22 21:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-11-16 16:32 - 2018-11-10 20:25 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-11-16 16:32 - 2018-11-10 20:25 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-11-16 16:32 - 2018-11-10 20:25 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-11-16 16:32 - 2018-11-10 20:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-11-16 16:32 - 2018-11-10 20:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 19:41 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-11-16 16:32 - 2018-11-10 19:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-11-16 16:32 - 2018-11-10 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-11-16 16:32 - 2018-10-12 15:36 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-11-16 16:32 - 2018-10-12 15:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-11-16 16:32 - 2018-10-12 15:25 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-11-16 16:32 - 2018-10-12 15:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-11-16 16:32 - 2018-10-12 15:20 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-11-16 16:32 - 2018-10-12 15:20 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-11-16 16:32 - 2018-10-12 15:18 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-11-16 16:32 - 2018-10-12 15:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-11-16 16:32 - 2018-10-12 15:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-11-16 16:32 - 2018-10-12 15:11 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-11-16 16:32 - 2018-10-12 15:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-11-16 16:32 - 2018-10-12 15:07 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-11-16 16:32 - 2018-10-12 15:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-11-16 16:32 - 2018-10-12 15:05 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-11-16 16:32 - 2018-10-12 15:04 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-11-16 16:32 - 2018-10-12 15:03 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-11-16 16:32 - 2018-10-12 15:02 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-11-16 16:32 - 2018-10-12 14:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-16 16:32 - 2018-10-11 21:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-11-16 16:32 - 2018-10-11 21:11 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-11-16 16:32 - 2018-10-11 21:10 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-11-16 16:32 - 2018-10-11 21:10 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-11-16 16:32 - 2018-10-11 21:04 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-11-16 16:32 - 2018-10-11 21:03 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-11-16 16:32 - 2018-10-11 21:00 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-11-16 16:32 - 2018-10-11 21:00 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-11-16 16:32 - 2018-10-11 20:46 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-11-16 16:32 - 2018-10-11 20:45 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-11-16 16:32 - 2018-10-11 20:44 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-11-16 16:32 - 2018-10-11 20:38 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-11-16 16:32 - 2018-09-22 21:54 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-11-16 16:32 - 2018-09-22 21:54 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-11-16 16:32 - 2018-09-22 21:54 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2018-11-16 16:32 - 2018-09-22 21:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2018-11-16 16:32 - 2018-09-22 21:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2018-11-16 16:32 - 2018-09-22 21:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2018-11-16 16:32 - 2018-09-22 21:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2018-11-16 16:32 - 2018-09-22 21:21 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2018-11-16 16:31 - 2018-10-11 21:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-11-16 15:05 - 2018-11-16 15:05 - 000000000 ____D C:\ProgramData\Caphyon
2018-11-16 15:04 - 2018-11-16 15:04 - 000001913 _____ C:\Users\Public\Desktop\NordVPN.lnk
2018-11-16 14:54 - 2018-11-16 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2018-11-15 23:52 - 2018-11-15 23:52 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\iolo
2018-11-15 23:03 - 2018-11-15 23:04 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\NordVPN
2018-11-15 23:02 - 2018-11-15 23:02 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\AVAST Software
2018-11-15 23:02 - 2018-11-15 23:02 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\CEF
2018-11-15 23:01 - 2018-11-15 23:05 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\Sony Corporation
2018-11-15 22:57 - 2018-11-15 23:20 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\Google
2018-11-15 22:57 - 2018-11-15 22:57 - 000099784 _____ C:\Users\TEMP.Tessa-VAIO\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-15 22:57 - 2018-11-15 22:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Intel Corporation
2018-11-15 22:57 - 2018-11-15 22:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Atheros
2018-11-15 22:56 - 2018-11-16 14:32 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Sony Corporation
2018-11-15 22:56 - 2018-11-15 22:56 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Adobe
2018-11-15 22:56 - 2018-11-15 22:56 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\mbamtray
2018-11-15 22:55 - 2018-11-16 14:37 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Reciente
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Plantillas
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Mis documentos
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Menú Inicio
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Impresoras
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Entorno de red
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Documents\Mis vídeos
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Documents\Mis imágenes
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Documents\Mi música
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Datos de programa
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Configuración local
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Local\Historial
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Local\Datos de programa
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Local\Archivos temporales de Internet
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\VirtualStore
2018-11-15 22:55 - 2012-02-23 23:01 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Media Center Programs
2018-11-15 16:27 - 2018-11-15 16:27 - 000352455 _____ C:\Users\Tessa\Desktop\151118t.pdf
2018-11-15 01:47 - 2018-11-17 00:18 - 001726925 _____ C:\Users\Tessa\Desktop\Conexiones_establecidas.txt
2018-11-15 01:47 - 2018-11-15 01:47 - 000000073 _____ C:\Users\Tessa\Desktop\forma.txt
2018-11-12 21:23 - 2018-11-21 15:12 - 000000000 ____D C:\Users\TEMP
2018-11-12 12:14 - 2018-11-12 12:14 - 000000000 ____D C:\Users\Tessa\Desktop\print
2018-11-12 12:12 - 2018-11-12 16:21 - 000000000 ____D C:\Users\Tessa\Desktop\jobs 2018
2018-11-12 12:10 - 2018-11-16 22:10 - 000000000 ____D C:\Users\Tessa\Desktop\CVs
2018-11-12 12:04 - 2018-11-12 12:41 - 2899411939 _____ C:\Users\Tessa\Downloads\20170930_173528-003.mp4
2018-11-12 12:03 - 2018-11-12 12:35 - 2133097695 _____ C:\Users\Tessa\Downloads\takeout-20181112T155821Z-001.zip
2018-11-12 12:03 - 2018-11-12 12:11 - 446803740 _____ C:\Users\Tessa\Downloads\takeout-20181112T155821Z-002.zip
2018-11-12 01:06 - 2018-11-12 01:06 - 001217236 _____ C:\Users\Tessa\Downloads\takeout-20181112T060510Z-001.zip
2018-11-11 20:56 - 2018-11-24 19:11 - 000000000 ____D C:\Users\Tessa\AppData\Local\NordVPN
2018-11-11 20:53 - 2018-11-16 15:04 - 000000000 ____D C:\Program Files (x86)\NordVPN
2018-11-11 20:44 - 2018-11-16 14:32 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\NordVPN
2018-11-11 20:43 - 2018-11-11 20:43 - 013579176 _____ (NordVPN) C:\Users\Tessa\Downloads\NordVPNSetup.exe
2018-11-08 22:04 - 2018-11-16 17:21 - 000000000 ____D C:\Program Files\Google
2018-11-08 22:04 - 2018-11-08 22:07 - 000000000 ____D C:\Program Files\Recuva
2018-11-08 22:04 - 2018-11-08 22:04 - 000001658 _____ C:\Users\Public\Desktop\Recuva.lnk
2018-11-08 22:04 - 2018-11-08 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2018-11-08 10:23 - 2018-12-01 11:35 - 000001145 _____ C:\DelFix.txt
2018-11-08 10:23 - 2018-11-08 10:23 - 000000000 ____D C:\Windows\ERUNT
2018-11-06 00:54 - 2018-11-06 00:54 - 000002338 _____ C:\Users\Tessa\Desktop\as_15C9.tmp.txt
2018-11-06 00:53 - 2018-11-06 00:53 - 000002338 _____ C:\Users\Tessa\Desktop\as_7880.tmp.txt
2018-11-05 00:32 - 2018-11-05 00:32 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-11-05 00:32 - 2018-11-05 00:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

CxW7Gab · 5 Diciembre, 2018 01:53

2018-11-05 00:32 - 2018-11-05 00:32 - 000000000 ____D C:\Program Files\VS Revo Group

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-04 20:30 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-04 20:15 - 2009-07-13 23:45 - 000021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-04 20:15 - 2009-07-13 23:45 - 000021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-04 11:26 - 2018-10-07 12:22 - 000000000 ____D C:\Users\Tessa
2018-12-03 19:17 - 2018-10-08 10:38 - 000000000 ____D C:\Users\Tessa\AppData\LocalLow\Mozilla
2018-12-01 23:33 - 2018-10-08 10:23 - 000000000 ____D C:\Users\Tessa\AppData\Local\AVAST Software
2018-12-01 23:33 - 2018-10-08 10:12 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-01 23:30 - 2018-10-08 10:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-01 23:28 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-12-01 12:02 - 2018-10-08 10:38 - 000000000 ____D C:\Users\Tessa\AppData\Local\CrashDumps
2018-12-01 11:29 - 2018-10-07 11:18 - 000747970 _____ C:\Windows\system32\perfh00A.dat
2018-12-01 11:29 - 2018-10-07 11:18 - 000159410 _____ C:\Windows\system32\perfc00A.dat
2018-12-01 11:29 - 2009-07-14 00:13 - 001678218 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-27 00:08 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-11-26 23:58 - 2018-10-12 19:20 - 000000000 ____D C:\Users\Tessa\AppData\Local\ElevatedDiagnostics
2018-11-26 20:33 - 2010-11-20 22:27 - 000592416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-11-26 18:17 - 2018-10-27 12:11 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-26 18:17 - 2018-10-27 12:11 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-24 22:29 - 2018-10-08 11:30 - 000004494 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-24 22:29 - 2018-10-07 12:03 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-11-24 22:29 - 2018-10-07 12:03 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-24 22:29 - 2018-10-07 12:03 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-11-24 22:29 - 2018-10-07 12:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-24 22:29 - 2018-10-07 12:03 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-22 15:49 - 2018-11-03 10:20 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-22 15:49 - 2018-10-27 12:08 - 000003534 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-22 15:49 - 2018-10-27 12:08 - 000003406 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-22 15:49 - 2018-10-15 09:37 - 000003138 _____ C:\Windows\System32\Tasks\{7E8C366A-D0AC-47E9-A58A-9C90B2BE827F}
2018-11-22 15:49 - 2018-10-08 10:21 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-11-22 15:49 - 2018-10-07 11:56 - 000003886 _____ C:\Windows\System32\Tasks\VHDInformationCheck
2018-11-21 16:18 - 2018-10-28 22:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-11-21 15:18 - 2009-07-13 23:45 - 000442240 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-21 15:09 - 2018-10-07 12:22 - 000101416 _____ C:\Users\Tessa\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-21 14:00 - 2018-10-12 00:26 - 000000000 ____D C:\Program Files\LibreOffice
2018-11-21 09:31 - 2018-10-28 22:07 - 000954296 _____ C:\Windows\ntbtlog.txt
2018-11-20 19:20 - 2018-10-14 17:03 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\PrimoPDF
2018-11-20 14:56 - 2018-10-08 10:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-20 14:56 - 2018-10-08 10:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-20 09:57 - 2009-07-14 00:08 - 000032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-11-19 19:34 - 2018-11-03 10:17 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-19 19:32 - 2018-10-10 23:49 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\Skype
2018-11-19 19:25 - 2018-10-08 10:29 - 000000000 ____D C:\Program Files\CCleaner
2018-11-19 19:18 - 2018-10-08 17:42 - 000000000 ____D C:\Users\Tessa\AppData\Local\Adobe
2018-11-19 17:40 - 2018-10-25 09:16 - 000000000 ____D C:\Users\Tere.Tessa-VAIO
2018-11-19 17:35 - 2018-10-18 20:47 - 000000000 ____D C:\ProgramData\Atheros
2018-11-19 17:35 - 2018-10-07 11:04 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
2018-11-19 17:35 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\AppCompat
2018-11-19 17:34 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-11-16 17:21 - 2018-10-08 10:24 - 000000000 ____D C:\Program Files (x86)\Google
2018-11-16 17:12 - 2018-10-10 11:00 - 000000000 ____D C:\Windows\system32\MRT
2018-11-16 16:54 - 2018-10-10 10:59 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-11-16 16:46 - 2011-02-10 18:03 - 001652804 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-11-16 16:22 - 2018-10-08 10:24 - 000000000 ____D C:\Users\Tessa\AppData\Local\Google
2018-11-16 14:34 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-11-16 14:32 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-11-09 01:43 - 2018-10-07 12:40 - 000000000 ____D C:\Users\Public\Documents\Songs
2018-11-07 09:55 - 2018-10-07 13:21 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\iolo

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-14 15:21

==================== End of FRST.txt ============================

Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by ATV_Admin (04-12-2018 20:37:20)
Running from C:\Users\ATV_Admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2018-10-07 17:22:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1459080146-1752181985-1471865784-500 - Administrator - Disabled)
ATV_Admin (S-1-5-21-1459080146-1752181985-1471865784-1006 - Administrator - Enabled) => C:\Users\ATV_Admin
Invitado (S-1-5-21-1459080146-1752181985-1471865784-501 - Limited - Disabled)
Tere (S-1-5-21-1459080146-1752181985-1471865784-1003 - Limited - Enabled)
Tessa (S-1-5-21-1459080146-1752181985-1471865784-1000 - Administrator - Enabled) => C:\Users\Tessa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACID Music Studio 8.0 (HKLM-x32\...\{7B70781E-6D04-11E0-A566-005056C00008}) (Version: 8.0.178 - Sony)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.457 - ArcSoft)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.135 - Atheros)
BPCx64 (HKLM\...\{C25C68CF-E4A1-4B6F-9F28-5559264F23FD}) (Version: 1.0.0 - Sony Corporation) Hidden
BPCx86 (HKLM-x32\...\{F5802A74-7CAF-42E7-AC98-BB8D99B90C7D}) (Version: 1.0.0 - Sony Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diagnóstico de ventilador de CPU VAIO (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
DVD Architect Studio 5.0 (HKLM-x32\...\{7AFBA1EE-24FE-11E1-A28A-F04DA23A5C58}) (Version: 5.0.157 - Sony)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
FDUx86 (HKLM-x32\...\{3490653F-2789-46A1-B1BF-6BD4CF4131AB}) (Version: 1.0.0 - Sony Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KUx86 (HKLM-x32\...\{6FD21053-829D-40E7-B04C-CAFB7D5CD025}) (Version: 1.0.0 - Sony Corporation ) Hidden
LibreOffice 6.0.7.3 (HKLM\...\{54B10C43-7DD3-4C32-B0D1-9F90C9FBB6E3}) (Version: 6.0.7.3 - The Document Foundation)
Manual de VAIO (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.3.0.12300 - Sony Corporation)
Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.2.3.04170 - Sony Corporation)
Media Go (HKLM-x32\...\{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}) (Version: 2.0.317 - Sony)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NordVPN (HKLM-x32\...\{A19C08C0-A154-4055-ADC1-F36BE5758EA6}) (Version: 6.18.9 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.18.9) (Version: 6.18.9 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.1.01.14210 - Sony Corporation)
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.5.15.13232 - Sony Computer Entertainment Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Qualcomm Atheros Direct Connect (HKLM-x32\...\{21DD6041-7251-40FA-9D06-C5EB30268E0F}) (Version: 3.1 - Qualcomm Atheros) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.91 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Remote Keyboard (HKLM-x32\...\{6466EF6E-700E-470F-94CB-D0050302C84E}) (Version: 1.2.0.09270 - Sony Corporation) Hidden
Remote Play with PlayStation(R)3 (HKLM-x32\...\{D56DA747-5FDB-4AD5-9A6A-3481C0ED44BD}) (Version: 1.1.0.21090 - Sony Corporation) Hidden
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Skype versión 8.34 (HKLM-x32\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18091.6 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18091.6 - Samsung Electronics Co., Ltd.)
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{0B5CD700-A1D3-11E0-AD24-005056C00008}) (Version: 10.0.176 - Sony)
SSLx64 (HKLM\...\{312395BC-7CC2-434C-A660-30250276A926}) (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (HKLM-x32\...\{63C43435-F428-42BA-8E7B-5848749D9262}) (Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.6 - Synaptics Incorporated)
TrackID(TM) with BRAVIA (HKLM-x32\...\{858B32BD-121C-4AC8-BD87-CE37C51C03E2}) (Version: 1.2.0.09270 - Sony Corportaion) Hidden
V3DPx86 (HKLM-x32\...\{D4E7BB46-310E-4A21-B261-052A5997EA2F}) (Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.01.03310 - Sony Corporation)
VAIO - Teclado a distancia (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Teclado a distancia con PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation)
VAIO - TrackID™ con BRAVIA (HKLM-x32\...\{2F41EF61-A066-4EBF-84F8-21C1B317A780}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Uso a distancia con PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.21090 - Sony Corporation)
VAIO 3D Portal (HKLM-x32\...\{C14EAE86-C526-4E00-B245-CFF86233C3D2}) (Version: 1.2.0.10131 - Sony Corporation)
VAIO Care (HKLM\...\{CFF47016-B212-4D89-8DC2-15D5508A73BA}) (Version: 8.4.6.05111 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.1.15070 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{5156C9BF-1C27-430B-96D8-7129F11699A8}) (Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.9.0.13190 - Sony Corporation)
VAIO Easy Connect (HKLM-x32\...\{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.2.02200 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{AE5F3379-8B81-457E-8E09-7E61D941AFA4}) (Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.5.2.02090 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 1.0.0.12300 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{C8544A9A-76BE-4F82-811E-979799AE493B}) (Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{C9EFF66F-B0CF-4B1A-9371-2FC647658CDF}) (Version: 17.00.0109 - Sony Corporation)
VAIO OOBE (HKLM-x32\...\{D9777637-33B7-47A9-800C-F6A2CD4EB0FE}) (Version: 12.2.1.2483 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.0.09010 - Sony Corporation)
VAIO Satisfaction Survey. (HKLM-x32\...\VAIO Satisfaction Survey.3.0) (Version: 3.0 - Sony Electronics Inc.)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.14.1.07010 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.7.1.06040 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.3.0.03150 - Sony Corporation)
VCCx64 (HKLM\...\{549AD5FB-F52D-4307-864A-C0008FB35D96}) (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (HKLM-x32\...\{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}) (Version: 1.0.0 - Sony Corporation) Hidden
Vegas Movie Studio HD Platinum 11.0 (HKLM-x32\...\{CF30A821-F384-11E0-AC56-F04DA23A5C58}) (Version: 11.0.256 - Sony)
VGClientX64 (HKLM\...\{99E6C2F3-59B2-4308-B1CD-4928B55B7E30}) (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (HKLM-x32\...\{8B583EF5-FA7B-4AE2-9008-51B7FD505886}) (Version: 1.0.0 - Sony Corporation) Hidden
VHD (HKLM-x32\...\{DB1A3EA7-0C25-4BEC-A108-176195190369}) (Version: 1.0.0 - Microsoft) Hidden
VMLx86 (HKLM-x32\...\{7E5A5CA6-B7D0-406E-A75E-157CAB47EB94}) (Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (HKLM\...\{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}) (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (HKLM\...\{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}) (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (HKLM-x32\...\{A49A517F-5332-4665-922C-6D9AD31ADD4F}) (Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (HKLM\...\{4F31AC31-0A28-4F5A-8416-513972DA1F79}) (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (HKLM-x32\...\{B24BB74E-8359-43AA-985A-8E80C9219C70}) (Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (HKLM\...\{6B7DE186-374B-4873-AEC1-7464DA337DD6}) (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (HKLM-x32\...\{9D12A8B5-9D41-4465-BF11-70719EB0CD02}) (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (HKLM-x32\...\{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}) (Version: 1.0.0 - Sony Corporation ) Hidden
VUx64 (HKLM\...\{A0A2BE14-D3FF-41C8-9545-4B130E3FE9A4}) (Version: 1.2.0 - Sony Corporation) Hidden
VUx86 (HKLM-x32\...\{D04F1D22-4A47-42C6-A2B9-094A7B844D9B}) (Version: 1.2.0 - Sony Corporation) Hidden
VWSTx86 (HKLM-x32\...\{B8991D99-88FD-41F2-8C32-DB70278D5C30}) (Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2012-04-28] (Atheros Commnucations)
ContextMenuHandlers2: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => C:\Program Files\Sony\VAIO Gate\VAIOGateShellExt.dll [2012-02-20] (Sony Corporation)
ContextMenuHandlers3: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => C:\Program Files\Sony\VAIO Gate\VAIOGateShellExt.dll [2012-02-20] (Sony Corporation)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2012-04-28] (Atheros Commnucations)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-14] (Intel Corporation)
ContextMenuHandlers6: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => C:\Program Files\Sony\VAIO Gate\VAIOGateShellExt.dll [2012-02-20] (Sony Corporation)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07D4F11D-21E2-4FE1-B673-DFC619389BAC} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {084525E5-75F5-4D13-81FF-CFC4C9F30E5C} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {0FBA313F-42DA-4DB5-A040-91E382DAEE2A} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {1048CA66-C882-4970-9007-064408EB1925} - System32\Tasks\Sony Corporation\BP Checker\CheckBPStatusLogon => C:\Program Files\Sony\BP Checker\BPChecker.exe [2016-11-29] (Sony Corporation)
Task: {15DD8226-6DBA-406A-A5A2-1A08EE28B796} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {26372C46-8C8B-4558-8EE4-68257101FF39} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net [Argument = start VSNService]
Task: {40D48C07-F523-497A-B0EE-07022C8ED30B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {4A505F33-30AC-474B-BDDB-99E40C36357B} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {4F290FB1-72EE-4F81-8549-0FE083A1983C} - System32\Tasks\Sony Corporation\VAIO Care\VKSvcWeekly => C:\Program Files\Sony\VAIO Care\VAIOTM\VKSvc.exe [2017-04-19] (Sony Corporation)
Task: {505077DF-9A2F-4AFB-8A8A-FC775FDC6226} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2017-05-11] (Sony Corporation)
Task: {52031DBA-5DC9-403B-A3CD-E2E585CA0D26} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
Task: {5E206916-93CB-49CA-8EA3-DC7A90C4E99A} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {6103856B-42BE-400E-98B5-6D6138B2BED4} - System32\Tasks\Sony Corporation\BP Checker\CheckBPStatusCreate => C:\Program Files\Sony\BP Checker\BPChecker.exe [2016-11-29] (Sony Corporation)
Task: {6C90173C-8304-4123-B686-B1FA51EFE362} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {7063957E-B9B6-4131-9114-0F87AF8655F5} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2018-03-19] (Sony Corporation)
Task: {74299DA7-D5FA-49A3-B54A-8976C0B3C77D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-27] (Google Inc.)
Task: {74EDED6D-7856-4718-9E6A-33D848B6704C} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {7595B397-6E6E-4DF5-8F66-AB0CADA1957C} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2017-05-11] (Sony Corporation)
Task: {75E34B38-9A90-486C-8F2B-5135AADDA9CB} - System32\Tasks\Sony Corporation\VAIO Care\VTUsr => C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe [2017-04-19] (Sony Corporation)
Task: {7BEAC51A-D18F-42C1-B8F5-C7EF11286EA3} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {866E4782-9C98-414F-B185-ABEB39F02098} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {87C2E7FE-508F-4676-BFF1-D9477F562F7F} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {89879B9E-DEBC-4A26-AC4E-75F56B45A85E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-29] (AVAST Software)
Task: {89EDE9DD-280E-485B-A98C-4BFA6311ACB3} - System32\Tasks\{7E8C366A-D0AC-47E9-A58A-9C90B2BE827F} => C:\Windows\system32\pcalua.exe -a C:\Users\Tessa\Documents\SmartSwitchPC.exe -d C:\Users\Tessa\Documents
Task: {8A7027FC-8312-428D-8B9C-31FA2560FC60} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {9109A380-1506-4BD4-AE19-03D32002C748} - System32\Tasks\Sony Corporation\VAIO Care\VKSvcDaily => C:\Program Files\Sony\VAIO Care\VAIOTM\VKSvc.exe [2017-04-19] (Sony Corporation)
Task: {A99288BF-6911-49FA-8ED0-28F93C0BA5DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-27] (Google Inc.)
Task: {B24AA1A0-DCE7-4698-BAF4-61B8E201F5BA} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VSScheduler.exe [2010-12-09] (Sony Electronics Inc.)
Task: {BFA8E6CA-9FF8-4E19-97CD-DA8FE3853233} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2018-03-19] (Sony Corporation)
Task: {C07431C5-8617-4160-A348-B2B29B4317A9} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {C17BBA68-0D91-4E4F-9D39-F1FDC9C3BDD2} - System32\Tasks\Sony\OOBESendInfo => C:\Program Files (x86)\Sony\OOBE\OOBESendInfo.exe [2012-03-15] (Sony Electronics Inc.)
Task: {C663A0C2-E06A-400F-93C9-620F731AD661} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
Task: {C79581F6-1C32-4B76-967A-08DF80E8C800} - System32\Tasks\Sony Corporation\VAIO Care\VTSvc => C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe [2017-04-19] (Sony Corporation)
Task: {CF18D41C-14C8-480D-8988-8FCB69AC7939} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2018-03-07] (Sony Corporation)
Task: {D23D6C89-5695-4D8C-A9DF-429D91BB96A8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-24] (Adobe Systems Incorporated)
Task: {EB02960E-62C9-4279-9B9C-D24C72637B0E} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {EC40A017-02CF-46B6-B5DD-EF27B70A6D8B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {F3CCC81E-5CC5-4AC3-8F46-BDA8B5B14402} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-24] (Adobe Systems Incorporated)
Task: {FE182E5A-333D-4078-BC14-7FD9621BF443} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-10-08 10:40 - 2015-09-01 08:41 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
2018-10-07 10:54 - 2012-03-13 11:01 - 000128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2018-11-06 06:56 - 2018-11-06 06:56 - 000437200 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2012-03-14 15:54 - 2012-03-14 02:57 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-05-24 07:45 - 2018-05-24 07:45 - 000250368 _____ () C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
2018-10-07 11:52 - 2012-03-07 18:57 - 000021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2018-11-19 21:24 - 2018-11-19 21:24 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\318f4e270844db14015db593913440b1\IsdiInterop.ni.dll
2018-10-07 10:58 - 2011-11-29 20:00 - 000059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2018-10-07 10:54 - 2012-03-13 11:02 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44328596.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44328596.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2018-12-01 11:20 - 000000825 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1459080146-1752181985-1471865784-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\ATV_Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: Spotify => C:\Users\Tessa\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{86F2CCFA-1891-4AEB-91AA-5812908C8F2F}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{359BF62C-EEE0-4C6E-A0DE-E564248122E4}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{80ACD008-87A1-4C33-9321-96041C7F905A}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{A0AB810D-C339-48C6-8934-1748D36AEF2E}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe
FirewallRules: [{5348E4EB-2302-4D44-B8EE-3D42BBF9EA36}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B22B0CB9-A37E-4D1F-A92D-CD5EA7692392}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{17CC2025-76A0-44C0-B8DC-18E6BA55DDA0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{96E46E2C-9EF6-44AD-9CC0-8C02FB79AF8B}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{D42C16AB-837B-4793-A998-EC0B71D3344A}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{A302C2EF-8E9E-4C2C-A790-F085718F246C}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{DC4F6D85-3EED-4464-A96C-8C64BADFE88E}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{7364A88F-BEB7-4899-94BF-12E82915A22C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{51E05604-9C52-4E83-9924-0660242B171D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6594D6DE-CCBA-4D7A-A134-0E99C0E5DF6F}] => (Allow) C:\Program Files\Opera\56.0.3051.36\opera.exe
FirewallRules: [{B4A7F6BC-7124-4D5C-882B-841981A29F71}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{47B48ADB-9209-4135-97BD-4B0A70C0A881}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{0539C7D8-2AAB-48FB-AF12-DB7D2349ED46}] => (Allow) C:\Program Files\Opera\56.0.3051.43\opera.exe
FirewallRules: [{BFB86B73-46FA-45EC-BF8F-307FBD8557CC}] => (Block) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{565BFD0B-F8A3-48B6-8D5A-1ACACB9B5A75}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{E759DA56-40BD-46FD-A5DB-D74A88AA6B71}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{632C265B-6480-4833-86D2-D945CF8000A9}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
FirewallRules: [{200179B4-35E6-49B3-9289-7DAFDE09890B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E5F6F696-596C-450F-A13A-D03B427AD83F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{65716FE7-570E-4967-BFD1-C73CA1FC76DA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{306D68CF-BB10-4918-B9DA-CB1F8A587543}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{109E1E3B-42DE-4DC3-AE86-928DE51E08AB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{74794B46-B634-4F4E-858E-67124C0BAADC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{835B22BC-EAB9-455A-BFE5-BEC732F478A3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2286406A-0087-4F03-A294-67373373FFBE}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{06F689B4-2A37-4780-A5E3-13246D367153}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{07CF38E6-BD82-4992-AFC7-F6B6D93AA949}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{524727C0-0A8C-4F10-A82B-2C47493429E8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{B8CA86BB-A8D6-4FF5-82DF-EF77C250CA10}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{C3DAEBD1-F507-4656-AF56-A9D06BE4A6D9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-11-2018 18:56:25 Instalación del paquete de controladores de dispositivo: TAP-NordVPN Windows Provider V9 Adaptadores de red
20-11-2018 21:15:31 Revo Uninstaller's restore point - UsbFix Anti-Malware Premium
21-11-2018 13:41:32 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123
21-11-2018 15:07:41 Revo Uninstaller's restore point - Kaspersky Total Security
21-11-2018 15:14:36 Revo Uninstaller's restore point - Kaspersky Secure Connection
26-11-2018 23:39:24 JRT Pre-Junkware Removal
01-12-2018 11:39:37 Revo Uninstaller's restore point - Panda USB Vaccine 1.0.1.16
03-12-2018 19:07:15 Windows Update
03-12-2018 19:18:50 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2018 07:18:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1459080146-1752181985-1471865784-1003.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.


Operación:
   Evento OnIdentify
   Recopilando datos del escritor

Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {3318004f-0a80-42d3-a7eb-c7a956f8101f}

Error: (12/03/2018 07:07:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1459080146-1752181985-1471865784-1003.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.


Operación:
   Evento OnIdentify
   Recopilando datos del escritor

Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {ecb1cfb8-685e-4938-9453-f6f946e4344f}

Error: (12/01/2018 08:23:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Tessa-VAIO)
Description: Windows no encuentra el perfil local y está iniciando la sesión con un perfil temporal. Los cambios que se efectúen en este perfil se perderán cuando se cierre la sesión.

Error: (12/01/2018 08:23:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Tessa-VAIO)
Description: Windows hizo una copia de seguridad de este perfil de usuario. Windows intentará automáticamente usar la copia de seguridad del perfil la próxima vez que este usuario inicie sesión.

Error: (12/01/2018 11:39:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1459080146-1752181985-1471865784-1003.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.


Operación:
   Evento OnIdentify
   Recopilando datos del escritor

Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {83117480-d098-4329-83d5-b970d4b2bb26}

Error: (12/01/2018 11:39:36 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1459080146-1752181985-1471865784-1003.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.


Operación:
   Evento OnIdentify
   Recopilando datos del escritor

Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {83117480-d098-4329-83d5-b970d4b2bb26}

Error: (12/01/2018 11:39:36 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {9e655306-1aeb-4e24-b607-542d6339644b}

Error: (12/01/2018 11:21:32 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (4828) Al intentar abrir el archivo "C:\Users\Tessa\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).


System errors:
=============
Error: (12/04/2018 08:08:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80070643: Actualización de definición para Windows Defender Antivirus – KB915597 (Definición 1.281.1205.0).

Error: (12/04/2018 11:17:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/03/2018 07:18:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/03/2018 07:11:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80070643: Actualización de definición para Windows Defender Antivirus – KB915597 (Definición 1.281.1205.0).

Error: (12/03/2018 06:51:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/02/2018 05:30:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/01/2018 11:37:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/01/2018 08:23:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Search no respondió después de iniciar.


Windows Defender:
===================================
Date: 2018-12-04 20:07:32.721
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15400.5
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-12-03 19:07:52.387
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15400.5
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 3996.36 MB
Available physical RAM: 2585.32 MB
Total Virtual: 7990.86 MB
Available Virtual: 6454.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:447 GB) (Free:59.64 GB) NTFS

\\?\Volume{79d80838-ca44-11e8-95cd-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS
\\?\Volume{79d80837-ca44-11e8-95cd-806e6f6e6963}\ (Recovery) (Fixed) (Total:18.41 GB) (Free:1.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 78CBB45F)
Partition 1: (Not Active) - (Size=18.4 GB) - (Type=27)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=447 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Gracias

SanMar · 5 Diciembre, 2018 06:23

Hola @CxW7Gab:

Ahora si que has detallado bien el problema todo es mas claro.

Segun Microsoft te pescaste una variante de Ransom:Win32/Reveton

Los síntomas que es muy parecido a lo que te pasa.

Ransomware más antigua como Reveton bloquea las pantallas en lugar de cifrado de archivos. Se muestra una imagen de pantalla completa y, a continuación, deshabilitar al administrador de tareas. Los archivos son seguros, pero son eficazmente inaccesibles. La imagen contiene normalmente un mensaje reclamar ser desde la aplicación de la ley que dice que el equipo se ha usado en actividades de cybercriminal no es válido y necesidades bien que se pagará. Por este motivo, Reveton es que llamamos “Policía troyano” o “Policía ransomware”.

1.- Realiza los pasos indicados en el siguiente enlace, subiendo uno de los archivos encriptados para saber si hay un descifrador para el:

2.- Luego Realiza lo siguiente:

Muy Importante >>> Realizar una copia de Seguridad de su Registro.

Descarga DelFix en el escritorio de Windows.
Clic Derecho, “Ejecutar como Administrador”.
En la ventana principal, marca solamente la casilla “Create Registry Backup”.
Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

3.- Inicias tu ordenador en >>> Modo Seguro.

4.- Luego:

Inicio >>> Ejecutar >>> Escriba notepad.exe o abra un nuevo archivo Notepad y copie y pegue lo siguiente:


CLOSEPROCESSES:
start
Tcpip\..\Interfaces\{221A7E51-8A45-4978-A12D-EDDF7778477A}: [NameServer] 9.9.9.9
Tcpip\..\Interfaces\{221A7E51-8A45-4978-A12D-EDDF7778477A}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F83B8505-F66F-463B-9B71-78B7CC7A17B2}: [DhcpNameServer] 10.0.1.1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-24] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-24] ()
CHR Extension: (PSafe Segurança Online) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\higfhiimhkcmfppmdckdpkdcdolcjooo [2018-12-04]
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [474112 2018-03-15] (Intel Corporation) [File not signed]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BTATH_VDP; system32\drivers\btath_vdp.sys [X]
2018-12-04 14:25 - 2018-10-27 20:03 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Opera Software
18-12-04 14:23 - 2018-12-04 14:23 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\ESET
2018-12-04 14:21 - 2018-12-04 14:21 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\AVAST Software
2018-12-04 14:01 - 2017-02-08 14:04 - 001159912 _____ (Opera Software) C:\Users\ATV_Admin\Downloads\OperaSetup.exe
2018-12-04 14:00 - 2018-10-27 12:45 - 168267120 _____ (Microsoft Corporation) C:\Users\ATV_Admin\Downloads\msert.exe
2018-12-04 14:00 - 2018-10-27 11:18 - 001889656 _____ (Oracle Corporation) C:\Users\ATV_Admin\Downloads\JavaSetup8u191.exe
2018-12-04 14:00 - 2018-10-12 09:45 - 000178320 _____ (AVAST Software) C:\Users\ATV_Admin\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2018-12-04 14:00 - 2017-01-17 01:35 - 006334872 _____ (AVAST Software) C:\Users\ATV_Admin\Downloads\avast_free_antivirus_setup_online (2).exe
2018-12-04 14:00 - 2016-06-20 19:32 - 022851472 _____ (Malwarebytes ) C:\Users\ATV_Admin\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe
2018-12-04 11:36 - 2018-11-06 00:54 - 000002338 _____ C:\Users\ATV_Admin\Desktop\as_15C9.tmp.txt
2018-12-04 11:36 - 2018-11-06 00:53 - 000002338 _____ C:\Users\ATV_Admin\Desktop\as_7880.tmp.txt
2018-12-04 11:36 - 2018-11-01 22:33 - 000001434 _____ C:\Users\ATV_Admin\Desktop\scan_181101-232615.txt
2018-11-21 11:56 - 2018-11-21 15:15 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-11-21 11:53 - 2018-11-21 11:54 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
018-11-20 20:37 - 2018-11-20 20:43 - 000000000 ____D C:\Rem-VBSqt
2018-11-20 19:21 - 2018-11-20 19:21 - 000768736 _____ C:\Users\Tessa\Downloads\Download Rem-VBSworm.pdf
2018-11-16 15:05 - 2018-11-16 15:05 - 000000000 ____D C:\ProgramData\Caphyon
2018-11-16 15:04 - 2018-11-16 15:04 - 000001913 _____ C:\Users\Public\Desktop\NordVPN.lnk
2018-11-16 14:54 - 2018-11-16 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
C:\Program Files (x86)\NordVPN
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [437200 2018-11-06] ()
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2018-06-07] (The OpenVPN Project)
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\NordVPN
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\NordVPN
2018-12-04 14:01 - 2018-11-11 20:43 - 013579176 _____ (NordVPN) C:\Users\ATV_Admin\Downloads\NordVPNSetup.exe
2018-11-24 19:11 - 2018-11-24 19:11 - 000000000 ____D C:\ProgramData\NordVpn
2018-11-19 18:54 - 2018-11-19 18:54 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2018-11-19 15:52 - 2018-11-19 17:35 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\NordVPN
2018-11-16 17:32 - 2018-11-16 17:33 - 003426208 _____ (NordVPN) C:\Users\Tessa\Downloads\NordVPNTapSetup.exe
2018-11-15 23:03 - 2018-11-15 23:04 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\NordVPN
2018-11-15 23:02 - 2018-11-15 23:02 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\AVAST Software
2018-11-11 20:56 - 2018-11-24 19:11 - 000000000 ____D C:\Users\Tessa\AppData\Local\NordVPN
2018-11-11 20:53 - 2018-11-16 15:04 - 000000000 ____D C:\Program Files (x86)\NordVPN
2018-11-11 20:44 - 2018-11-16 14:32 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\NordVPN
2018-11-11 20:43 - 2018-11-11 20:43 - 013579176 _____ (NordVPN) C:\Users\Tessa\Downloads\NordVPNSetup.exe
018-11-06 00:54 - 2018-11-06 00:54 - 000002338 _____ C:\Users\Tessa\Desktop\as_15C9.tmp.txt
2018-11-06 00:53 - 2018-11-06 00:53 - 000002338 _____ C:\Users\Tessa\Desktop\as_7880.tmp.txt
2018-12-01 23:33 - 2018-10-08 10:23 - 000000000 ____D C:\Users\Tessa\AppData\Local\AVAST Software
2018-12-01 23:33 - 2018-10-08 10:12 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-22 15:49 - 2018-10-08 10:21 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {89879B9E-DEBC-4A26-AC4E-75F56B45A85E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-29] (AVAST Software)
Task: {89EDE9DD-280E-485B-A98C-4BFA6311ACB3} - System32\Tasks\{7E8C366A-D0AC-47E9-A58A-9C90B2BE827F} => C:\Windows\system32\pcalua.exe 
C:\Windows\system32\pcalua.exe
2018-11-06 06:56 - 2018-11-06 06:56 - 000437200 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2018-05-24 07:45 - 2018-05-24 07:45 - 000250368 _____ () C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
FirewallRules: [{6594D6DE-CCBA-4D7A-A134-0E99C0E5DF6F}] => (Allow) C:\Program Files\Opera\56.0.3051.36\opera.exe
C:\Program Files\Opera
FirewallRules: [{0539C7D8-2AAB-48FB-AF12-DB7D2349ED46}] => (Allow) C:\Program Files\Opera\56.0.3051.43\opera.exe
FirewallRules: [{109E1E3B-42DE-4DC3-AE86-928DE51E08AB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{74794B46-B634-4F4E-858E-67124C0BAADC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{835B22BC-EAB9-455A-BFE5-BEC732F478A3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2286406A-0087-4F03-A294-67373373FFBE}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Program Files\AVAST Software

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

end

Lo guarda bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe o Frst64.exe según el caso y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajará.

Ejecute Frst.exe/Frst64.exe.
Presione el botón Fix y aguarde a que termine.
Si por alguna razón le pide reiniciar, lo permite
La Herramienta guardara el reporte en su escritorio (Fixlog.txt).
Lo pega en su próxima respuesta.

Cualquier problema vienes y lo comentas, hay ademas de malwares muchos residuos de desinstalaciones de tantas herramientas.

Salu2.

CxW7Gab · 5 Diciembre, 2018 17:54

Hola, Gracias por la paciencia

Si hay muchos programas porque a pesar de 3 reinstalaciones limpias de Windows a principios de octubre, por el hacker que espia(ba) mis equipos, volvio a abrir puertos y escritorio remoto entre otros asi que el equipo esta hecho un desastre.

Subi los archivos encriptados, pero no los reconoció, pero si debe ser una variante del Policía ya que es muy parecido a la descripción que hiciste, solo que no había imagen con mensaje solo el audio.

Este es el reporte Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by ATV_Admin (05-12-2018 12:35:25) Run:1
Running from C:\Users\ATV_Admin\Desktop
Loaded Profiles: ATV_Admin (Available Profiles: Tessa & ATV_Admin)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
CLOSEPROCESSES:
start
Tcpip\..\Interfaces\{221A7E51-8A45-4978-A12D-EDDF7778477A}: [NameServer] 9.9.9.9
Tcpip\..\Interfaces\{221A7E51-8A45-4978-A12D-EDDF7778477A}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F83B8505-F66F-463B-9B71-78B7CC7A17B2}: [DhcpNameServer] 10.0.1.1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-24] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-24] ()
CHR Extension: (PSafe Seguran�a Online) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\higfhiimhkcmfppmdckdpkdcdolcjooo [2018-12-04]
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [474112 2018-03-15] (Intel Corporation) [File not signed]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BTATH_VDP; system32\drivers\btath_vdp.sys [X]
2018-12-04 14:25 - 2018-10-27 20:03 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Opera Software
18-12-04 14:23 - 2018-12-04 14:23 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\ESET
2018-12-04 14:21 - 2018-12-04 14:21 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\AVAST Software
2018-12-04 14:01 - 2017-02-08 14:04 - 001159912 _____ (Opera Software) C:\Users\ATV_Admin\Downloads\OperaSetup.exe
2018-12-04 14:00 - 2018-10-27 12:45 - 168267120 _____ (Microsoft Corporation) C:\Users\ATV_Admin\Downloads\msert.exe
2018-12-04 14:00 - 2018-10-27 11:18 - 001889656 _____ (Oracle Corporation) C:\Users\ATV_Admin\Downloads\JavaSetup8u191.exe
2018-12-04 14:00 - 2018-10-12 09:45 - 000178320 _____ (AVAST Software) C:\Users\ATV_Admin\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2018-12-04 14:00 - 2017-01-17 01:35 - 006334872 _____ (AVAST Software) C:\Users\ATV_Admin\Downloads\avast_free_antivirus_setup_online (2).exe
2018-12-04 14:00 - 2016-06-20 19:32 - 022851472 _____ (Malwarebytes ) C:\Users\ATV_Admin\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe
2018-12-04 11:36 - 2018-11-06 00:54 - 000002338 _____ C:\Users\ATV_Admin\Desktop\as_15C9.tmp.txt
2018-12-04 11:36 - 2018-11-06 00:53 - 000002338 _____ C:\Users\ATV_Admin\Desktop\as_7880.tmp.txt
2018-12-04 11:36 - 2018-11-01 22:33 - 000001434 _____ C:\Users\ATV_Admin\Desktop\scan_181101-232615.txt
2018-11-21 11:56 - 2018-11-21 15:15 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-11-21 11:53 - 2018-11-21 11:54 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
018-11-20 20:37 - 2018-11-20 20:43 - 000000000 ____D C:\Rem-VBSqt
2018-11-20 19:21 - 2018-11-20 19:21 - 000768736 _____ C:\Users\Tessa\Downloads\Download Rem-VBSworm.pdf
2018-11-16 15:05 - 2018-11-16 15:05 - 000000000 ____D C:\ProgramData\Caphyon
2018-11-16 15:04 - 2018-11-16 15:04 - 000001913 _____ C:\Users\Public\Desktop\NordVPN.lnk
2018-11-16 14:54 - 2018-11-16 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
C:\Program Files (x86)\NordVPN
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [437200 2018-11-06] ()
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2018-06-07] (The OpenVPN Project)
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\NordVPN
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\NordVPN
2018-12-04 14:01 - 2018-11-11 20:43 - 013579176 _____ (NordVPN) C:\Users\ATV_Admin\Downloads\NordVPNSetup.exe
2018-11-24 19:11 - 2018-11-24 19:11 - 000000000 ____D C:\ProgramData\NordVpn
2018-11-19 18:54 - 2018-11-19 18:54 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2018-11-19 15:52 - 2018-11-19 17:35 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\NordVPN
2018-11-16 17:32 - 2018-11-16 17:33 - 003426208 _____ (NordVPN) C:\Users\Tessa\Downloads\NordVPNTapSetup.exe
2018-11-15 23:03 - 2018-11-15 23:04 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\NordVPN
2018-11-15 23:02 - 2018-11-15 23:02 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\AVAST Software
2018-11-11 20:56 - 2018-11-24 19:11 - 000000000 ____D C:\Users\Tessa\AppData\Local\NordVPN
2018-11-11 20:53 - 2018-11-16 15:04 - 000000000 ____D C:\Program Files (x86)\NordVPN
2018-11-11 20:44 - 2018-11-16 14:32 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\NordVPN
2018-11-11 20:43 - 2018-11-11 20:43 - 013579176 _____ (NordVPN) C:\Users\Tessa\Downloads\NordVPNSetup.exe
018-11-06 00:54 - 2018-11-06 00:54 - 000002338 _____ C:\Users\Tessa\Desktop\as_15C9.tmp.txt
2018-11-06 00:53 - 2018-11-06 00:53 - 000002338 _____ C:\Users\Tessa\Desktop\as_7880.tmp.txt
2018-12-01 23:33 - 2018-10-08 10:23 - 000000000 ____D C:\Users\Tessa\AppData\Local\AVAST Software
2018-12-01 23:33 - 2018-10-08 10:12 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-22 15:49 - 2018-10-08 10:21 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {89879B9E-DEBC-4A26-AC4E-75F56B45A85E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-29] (AVAST Software)
Task: {89EDE9DD-280E-485B-A98C-4BFA6311ACB3} - System32\Tasks\{7E8C366A-D0AC-47E9-A58A-9C90B2BE827F} => C:\Windows\system32\pcalua.exe 
C:\Windows\system32\pcalua.exe
2018-11-06 06:56 - 2018-11-06 06:56 - 000437200 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2018-05-24 07:45 - 2018-05-24 07:45 - 000250368 _____ () C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
FirewallRules: [{6594D6DE-CCBA-4D7A-A134-0E99C0E5DF6F}] => (Allow) C:\Program Files\Opera\56.0.3051.36\opera.exe
C:\Program Files\Opera
FirewallRules: [{0539C7D8-2AAB-48FB-AF12-DB7D2349ED46}] => (Allow) C:\Program Files\Opera\56.0.3051.43\opera.exe
FirewallRules: [{109E1E3B-42DE-4DC3-AE86-928DE51E08AB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{74794B46-B634-4F4E-858E-67124C0BAADC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{835B22BC-EAB9-455A-BFE5-BEC732F478A3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2286406A-0087-4F03-A294-67373373FFBE}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Program Files\AVAST Software

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

end
*****************

Processes closed successfully.
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{221A7E51-8A45-4978-A12D-EDDF7778477A}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{221A7E51-8A45-4978-A12D-EDDF7778477A}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F83B8505-F66F-463B-9B71-78B7CC7A17B2}\\DhcpNameServer" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer => removed successfully
C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer => removed successfully
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll => moved successfully
CHR Extension: (PSafe Seguran�a Online) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\higfhiimhkcmfppmdckdpkdcdolcjooo [2018-12-04] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\cphs => removed successfully
cphs => service removed successfully
HKLM\System\CurrentControlSet\Services\AthBTPort => removed successfully
AthBTPort => service removed successfully
HKLM\System\CurrentControlSet\Services\BTATH_A2DP => removed successfully
BTATH_A2DP => service removed successfully
HKLM\System\CurrentControlSet\Services\btath_avdt => removed successfully
btath_avdt => service removed successfully
HKLM\System\CurrentControlSet\Services\BTATH_HCRP => removed successfully
BTATH_HCRP => service removed successfully
HKLM\System\CurrentControlSet\Services\BTATH_LWFLT => removed successfully
BTATH_LWFLT => service removed successfully
HKLM\System\CurrentControlSet\Services\BTATH_RCP => removed successfully
BTATH_RCP => service removed successfully
HKLM\System\CurrentControlSet\Services\BTATH_VDP => removed successfully
BTATH_VDP => service removed successfully
C:\Users\ATV_Admin\AppData\Local\Opera Software => moved successfully
18-12-04 14:23 - 2018-12-04 14:23 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\ESET => Error: No automatic fix found for this entry.
C:\Users\ATV_Admin\AppData\Local\AVAST Software => moved successfully
C:\Users\ATV_Admin\Downloads\OperaSetup.exe => moved successfully
C:\Users\ATV_Admin\Downloads\msert.exe => moved successfully
C:\Users\ATV_Admin\Downloads\JavaSetup8u191.exe => moved successfully
C:\Users\ATV_Admin\Downloads\avast_free_antivirus_setup_online_cnet_2.exe => moved successfully
C:\Users\ATV_Admin\Downloads\avast_free_antivirus_setup_online (2).exe => moved successfully
C:\Users\ATV_Admin\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe => moved successfully
C:\Users\ATV_Admin\Desktop\as_15C9.tmp.txt => moved successfully
C:\Users\ATV_Admin\Desktop\as_7880.tmp.txt => moved successfully
C:\Users\ATV_Admin\Desktop\scan_181101-232615.txt => moved successfully
C:\ProgramData\Kaspersky Lab => moved successfully
C:\ProgramData\Kaspersky Lab Setup Files => moved successfully
018-11-20 20:37 - 2018-11-20 20:43 - 000000000 ____D C:\Rem-VBSqt => Error: No automatic fix found for this entry.
C:\Users\Tessa\Downloads\Download Rem-VBSworm.pdf => moved successfully
C:\ProgramData\Caphyon => moved successfully
C:\Users\Public\Desktop\NordVPN.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN => moved successfully
C:\Program Files (x86)\NordVPN\nordvpn-service.exe => No running process found
C:\Program Files (x86)\NordVPN => moved successfully
HKLM\System\CurrentControlSet\Services\nordvpn-service => removed successfully
nordvpn-service => service removed successfully
HKLM\System\CurrentControlSet\Services\tapnordvpn => removed successfully
tapnordvpn => service removed successfully
C:\Users\ATV_Admin\AppData\Local\NordVPN => moved successfully
C:\Users\ATV_Admin\AppData\Roaming\NordVPN => moved successfully
C:\Users\ATV_Admin\Downloads\NordVPNSetup.exe => moved successfully
C:\ProgramData\NordVpn => moved successfully
C:\Program Files (x86)\NordVPN network TAP => moved successfully
C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\NordVPN => moved successfully
C:\Users\Tessa\Downloads\NordVPNTapSetup.exe => moved successfully
C:\Users\TEMP.Tessa-VAIO\AppData\Local\NordVPN => moved successfully
C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\AVAST Software => moved successfully
C:\Users\Tessa\AppData\Local\NordVPN => moved successfully
"C:\Program Files (x86)\NordVPN" => not found
C:\Users\Tessa\AppData\Roaming\NordVPN => moved successfully
C:\Users\Tessa\Downloads\NordVPNSetup.exe => moved successfully
018-11-06 00:54 - 2018-11-06 00:54 - 000002338 _____ C:\Users\Tessa\Desktop\as_15C9.tmp.txt => Error: No automatic fix found for this entry.
C:\Users\Tessa\Desktop\as_7880.tmp.txt => moved successfully
C:\Users\Tessa\AppData\Local\AVAST Software => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Windows\System32\Tasks\Avast Software => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{89879B9E-DEBC-4A26-AC4E-75F56B45A85E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89879B9E-DEBC-4A26-AC4E-75F56B45A85E}" => removed successfully
"C:\Windows\System32\Tasks\Avast Software\Overseer" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89EDE9DD-280E-485B-A98C-4BFA6311ACB3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89EDE9DD-280E-485B-A98C-4BFA6311ACB3}" => removed successfully
C:\Windows\System32\Tasks\{7E8C366A-D0AC-47E9-A58A-9C90B2BE827F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E8C366A-D0AC-47E9-A58A-9C90B2BE827F}" => removed successfully
C:\Windows\system32\pcalua.exe => moved successfully
"C:\Program Files (x86)\NordVPN\nordvpn-service.exe" => not found
"C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6594D6DE-CCBA-4D7A-A134-0E99C0E5DF6F}" => removed successfully
"C:\Program Files\Opera" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0539C7D8-2AAB-48FB-AF12-DB7D2349ED46}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{109E1E3B-42DE-4DC3-AE86-928DE51E08AB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{74794B46-B634-4F4E-858E-67124C0BAADC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{835B22BC-EAB9-455A-BFE5-BEC732F478A3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2286406A-0087-4F03-A294-67373373FFBE}" => removed successfully
"C:\Program Files\AVAST Software" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1459080146-1752181985-1471865784-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1459080146-1752181985-1471865784-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c

========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16503469 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 17835 B
Edge => 0 B
Chrome => 31145773 B
Firefox => 16124418 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 4068 B
Tessa => 4625103 B
Tere.Tessa-VAIO => 0 B
ATV_Admin => 287650 B

RecycleBin => 0 B
EmptyTemp: => 65.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:36:01 ====

SanMar · 5 Diciembre, 2018 18:58

Hola @CxW7Gab:

Gracias a ti por seguirnos…!!!

Si imagine es una versión vieja de lo que te pasa a ti, y no llego a bloquearte por completo.

Si los archivos encriptados son importantes guárdalos en algo externo, para ver si mas adelante hay algún desencriptador, si no lo son, directamente eliminarlos.

1.- No se si lo instalaste tu, pero no vuelvas a instalar NordVpn ni ninguno similar por el momento.

2.- Ejecuta Ccleaner en su opción Limpiador, ya que vi lo tienes instalado. >>> Manual

3.- Vuelve a ejecutar FRST en Modo Normal tal como ya lo has hecho y nos traes un reporte fresco, para ver que quedo por ahí.

Ademas comenta como has notado el equipo.

Salu2.

CxW7Gab · 5 Diciembre, 2018 22:24

Gracias, si yo instale la VPN, pero no la desinstale. No sé si se desinstalo por completo cuando corri el archivo que me dijiste. Voy a revisar y de haber rémanentes los desistalo antes de correr CCleaner.

SanMar · 5 Diciembre, 2018 22:27

Hola:

No no te preocupes, yo lo vole por que cuando lo instalaste, exactamente un segundo después se creo la carpeta Caphyon…

Solo sigue los pasos.

Salu2.

CxW7Gab · 6 Diciembre, 2018 03:02

Hola,

El equipo va mejor, ya no hace ruido mas que cuando se conecta a la red y despues se quita. La maquina es viejita, pero antes de todo esto no hacia ningun ruido y despues de los hackeos que comenzaron en abril, era el ventilador, el disco, todo, bueno hasta el mouse pad se calentaba.

Al inicio sigue cargando, un archivo de note pad de errorlog en blanco. Este debe de ser de alguno de los antivirus que instale para USB, ya que pense se trataba de esos viejos virus que convertian la USB en .INk, ya que cuando queria abrirlo en otro equipo. Esa maquina me decía que se podía por la ext .ink, pero si lo desintalaba y volvia a instalar si me dejaba. Una duda, supongo que fue mala suerte que al instalar la VPN se instalara Caphyon. Espero tus indicaciones antes de instalar algo, pero quisiera saber si es conveniente cuando el equipo este bien instalarla u otra que recomiendes, ya que yo la instale por cuestiones de seguridad tanto para la laptop como para el celular al conectarse a WI-fi.

Va el nuevo log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by ATV_Admin (administrator) on TESSA-VAIO (05-12-2018 21:40:18)
Running from C:\Users\ATV_Admin\Desktop
Loaded Profiles: ATV_Admin (Available Profiles: Tessa & ATV_Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1022592 2012-04-28] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885944 2012-09-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-08] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1459080146-1752181985-1471865784-1006\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2018-11-20] ()
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{F83B8505-F66F-463B-9B71-78B7CC7A17B2}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-04-28] (Atheros Commnucations)
BHO-x32: Aplicación auxiliar de inicio de sesión de Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-27] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: jm0u4abc.default
FF ProfilePath: C:\Users\ATV_Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jm0u4abc.default [2018-12-05]
FF Extension: (French spelling dictionary) - C:\Users\ATV_Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jm0u4abc.default\Extensions\[email protected] [2018-12-01]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default [2018-12-05]
CHR Extension: (Presentaciones) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-04]
CHR Extension: (Documentos) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-04]
CHR Extension: (Google Drive) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-04]
CHR Extension: (YouTube) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-04]
CHR Extension: (Adblock Plus) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-04]
CHR Extension: (OneTab) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2018-12-04]
CHR Extension: (ZenMate VPN - Mejor seguridad para Internet) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-12-04]
CHR Extension: (Hojas de cálculo) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-04]
CHR Extension: (Edición de Office) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-12-04]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-04]
CHR Extension: (Avast Online Security) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-12-04]
CHR Extension: (Botón Guardar de Pinterest) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-12-04]
CHR Extension: (PSafe Segurança Online) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\higfhiimhkcmfppmdckdpkdcdolcjooo [2018-12-04]
CHR Extension: (Xodo PDF Viewer & Editor) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihgdgpjankaehldoaimdlekdidkjfghe [2018-12-04]
CHR Extension: (HTML5 Virtual Classroom - Screen Sharing) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihglikcoelelbbcpahhhfomehdeefmnc [2018-12-04]
CHR Extension: (Cisco Webex Extension) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-12-04]
CHR Extension: (Grammarly for Chrome) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-12-04]
CHR Extension: (Proxy VPN gratis Hotspot Shield: desbloqueo de sitios) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2018-12-04]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-04]
CHR Extension: (SurfEasy VPN - Seguridad, Privacidad, Desbloquear) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiddbcijempnhhobijfbggjogofdlgl [2018-12-04]
CHR Extension: (TunnelBear VPN) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-12-04]
CHR Extension: (Gmail) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-04]
CHR Extension: (Chrome Media Router) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-04]
CHR Profile: C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-05]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [119424 2012-04-28] (Atheros Commnucations) [File not signed]
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
S3 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1667056 2018-03-19] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CxW7Gab · 6 Diciembre, 2018 03:17

La continuacion

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-05 12:35 - 2018-12-05 12:36 - 000018703 _____ C:\Users\ATV_Admin\Desktop\Fixlog.txt
2018-12-05 12:22 - 2018-12-05 12:22 - 000797760 _____ C:\Users\ATV_Admin\Desktop\delfix.exe
2018-12-05 11:59 - 2018-12-05 11:59 - 000000502 _____ C:\Users\ATV_Admin\Desktop\idramsomware_rep.txt
2018-12-04 20:25 - 2018-12-05 21:42 - 000015672 _____ C:\Users\ATV_Admin\Desktop\FRST.txt
2018-12-04 20:25 - 2018-12-04 20:38 - 000042984 _____ C:\Users\ATV_Admin\Desktop\Addition.txt
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Trusteer
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Spotify
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Sony Corporation
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Mozilla
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\mbamtray
2018-12-04 14:25 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\mbam
2018-12-04 14:23 - 2018-12-04 14:23 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Sun
2018-12-04 14:23 - 2018-12-04 14:23 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\ESET
2018-12-04 14:23 - 2018-12-04 14:23 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\ElevatedDiagnostics
2018-12-04 14:22 - 2018-12-05 12:55 - 000000000 ____D C:\Users\ATV_Admin\AppData\LocalLow\Mozilla
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Skype
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Samsung
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\PrimoPDF
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Mozilla
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Macromedia
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\LibreOffice
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\iolo
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Google
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\ArcSoft
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\LocalLow\Sun
2018-12-04 14:22 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\LocalLow\Adobe
2018-12-04 14:22 - 2018-10-24 08:15 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\PeerNetworking
2018-12-04 14:21 - 2018-12-04 14:21 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\CEF
2018-12-04 14:21 - 2018-12-04 14:21 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\BMExplorer
2018-12-04 14:21 - 2018-12-04 14:21 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\ArcSoft
2018-12-04 14:21 - 2018-12-04 14:21 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Apps\2.0
2018-12-04 14:21 - 2018-12-04 14:21 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Adobe
2018-12-04 14:21 - 2018-12-01 12:02 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\CrashDumps
2018-12-04 14:21 - 2018-10-27 12:06 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Deployment
2018-12-04 14:21 - 2018-10-27 00:29 - 003360632 ____H C:\Users\ATV_Admin\AppData\Local\IconCache.db.backup
2018-12-04 14:20 - 2018-12-04 14:20 - 000000000 ____D C:\Users\ATV_Admin\Downloads\TMRBLog
2018-12-04 14:05 - 2018-12-04 14:20 - 000000000 ____D C:\Users\ATV_Admin\Downloads\audios martha
2018-12-04 14:05 - 2018-07-02 09:09 - 082248888 _____ (TunnelBear) C:\Users\ATV_Admin\Downloads\TunnelBear-Installer.exe
2018-12-04 14:04 - 2018-11-12 12:11 - 446803740 _____ C:\Users\ATV_Admin\Downloads\takeout-20181112T155821Z-002.zip
2018-12-04 14:01 - 2018-11-16 17:33 - 003426208 _____ (NordVPN) C:\Users\ATV_Admin\Downloads\NordVPNTapSetup.exe
2018-12-04 14:01 - 2018-11-12 12:35 - 2133097695 _____ C:\Users\ATV_Admin\Downloads\takeout-20181112T155821Z-001.zip
2018-12-04 14:01 - 2018-11-12 01:06 - 001217236 _____ C:\Users\ATV_Admin\Downloads\takeout-20181112T060510Z-001.zip
2018-12-04 14:01 - 2018-10-26 21:49 - 013164256 _____ (Microsoft Corporation) C:\Users\ATV_Admin\Downloads\Silverlight_x64.exe.qrim3b3.partial
2018-12-04 14:01 - 2018-10-17 20:33 - 062637240 _____ (Skype Technologies S.A.) C:\Users\ATV_Admin\Downloads\Skype-8.32.0.53.exe
2018-12-04 14:01 - 2018-10-13 13:32 - 000488952 _____ (IBM Corp.) C:\Users\ATV_Admin\Downloads\RapportSetup.exe
2018-12-04 14:01 - 2018-10-10 23:41 - 062518512 _____ (Skype Technologies S.A.) C:\Users\ATV_Admin\Downloads\Skype-8.31.0.92.exe
2018-12-04 14:01 - 2018-10-08 19:12 - 027885664 _____ (Microsoft Corporation) C:\Users\ATV_Admin\Downloads\OneDriveSetup.exe
2018-12-04 14:01 - 2018-09-24 00:36 - 041109664 _____ (Samsung Electronics) C:\Users\ATV_Admin\Downloads\SmartSwitchPC.exe
2018-12-04 14:01 - 2016-08-30 21:27 - 000356056 _____ (Spotify Ltd) C:\Users\ATV_Admin\Downloads\SpotifySetup.exe
2018-12-04 14:00 - 2018-11-20 19:21 - 000768736 _____ C:\Users\ATV_Admin\Downloads\Download Rem-VBSworm.pdf
2018-12-04 14:00 - 2018-11-19 19:10 - 001206768 _____ (Adobe Systems Incorporated) C:\Users\ATV_Admin\Downloads\flashplayer31_xa_install.exe
2018-12-04 14:00 - 2018-10-15 00:05 - 001265747 _____ C:\Users\ATV_Admin\Downloads\Lo que hacen los millennials para sacarle jugo a su marca personal - Martha Debayle.pdf
2018-12-04 14:00 - 2018-10-07 12:43 - 055915216 _____ (Microsoft Corporation) C:\Users\ATV_Admin\Downloads\IE11-Windows6.1-x64-en-us.exe
2018-12-04 14:00 - 2018-10-04 15:04 - 000314376 _____ (Igor Pavlov) C:\Users\ATV_Admin\Downloads\Firefox Installer.exe
2018-12-04 14:00 - 2018-06-18 20:48 - 245571584 _____ C:\Users\ATV_Admin\Downloads\LibreOffice_5.4.7_Win_x64.msi
2018-12-04 14:00 - 2018-05-03 20:53 - 002637215 _____ C:\Users\ATV_Admin\Downloads\Labour-And-Employment-Law-in-Quebec.pdf
2018-12-04 14:00 - 2017-06-16 01:05 - 000221662 _____ C:\Users\ATV_Admin\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2018-12-04 14:00 - 2017-02-04 18:12 - 037892136 _____ (Malwarebytes ) C:\Users\ATV_Admin\Downloads\MBARW_Setup.exe
2018-12-04 14:00 - 2016-09-20 21:29 - 090889040 _____ (Apple Inc.) C:\Users\ATV_Admin\Downloads\iTunes64Setup.exe
2018-12-04 14:00 - 2016-07-11 22:09 - 001642232 _____ (NCH Software) C:\Users\ATV_Admin\Downloads\debutpsetup (1).exe
2018-12-04 14:00 - 2015-12-21 22:23 - 013916256 _____ (EaseUS ) C:\Users\ATV_Admin\Downloads\drw_free.exe
2018-12-04 14:00 - 2015-12-07 19:18 - 001612560 _____ (NCH Software) C:\Users\ATV_Admin\Downloads\debutpsetup(2).exe
2018-12-04 14:00 - 2015-12-06 01:22 - 001069060 _____ (NCH Software) C:\Users\ATV_Admin\Downloads\debut.exe
2018-12-04 14:00 - 2015-12-05 18:05 - 024210616 _____ (Audacity Team ) C:\Users\ATV_Admin\Downloads\audacity-win-2.1.0.exe
2018-12-04 14:00 - 2015-12-05 15:41 - 000690072 _____ (Dropbox, Inc.) C:\Users\ATV_Admin\Downloads\DropboxInstaller.exe
2018-12-04 14:00 - 2015-12-05 15:03 - 167839512 _____ (Apple Inc.) C:\Users\ATV_Admin\Downloads\iTunes6464Setup.exe
2018-12-04 14:00 - 2015-12-05 01:39 - 007274960 _____ C:\Users\ATV_Admin\Downloads\InternationalPrimoPDF.exe
2018-12-04 14:00 - 2012-12-15 01:19 - 020133880 _____ (Dropbox, Inc.) C:\Users\ATV_Admin\Downloads\Dropbox 1.6.5.exe
2018-12-04 13:56 - 2018-11-12 12:41 - 2899411939 _____ C:\Users\ATV_Admin\Downloads\20170930_173528-003.mp4
2018-12-04 13:26 - 2018-12-04 13:27 - 000000000 ____D C:\Users\ATV_Admin\Documents\tarot
2018-12-04 13:26 - 2018-12-04 13:26 - 000000000 ____D C:\Users\ATV_Admin\Documents\Sony PMB
2018-12-04 12:51 - 2018-12-04 12:51 - 000000000 ____D C:\Users\ATV_Admin\Documents\SmartSwitch
2018-12-04 11:54 - 2018-12-04 12:51 - 000000000 ____D C:\Users\ATV_Admin\Documents\sAMSUNG
2018-12-04 11:54 - 2018-12-04 11:54 - 000000000 ____D C:\Users\ATV_Admin\Documents\rec
2018-12-04 11:54 - 2018-12-04 11:54 - 000000000 ____D C:\Users\ATV_Admin\Documents\Nueva carpeta
2018-12-04 11:54 - 2018-12-04 11:54 - 000000000 ____D C:\Users\ATV_Admin\Documents\Nov2
2018-12-04 11:53 - 2018-12-04 11:54 - 000000000 ____D C:\Users\ATV_Admin\Documents\jobs 2018
2018-12-04 11:46 - 2018-12-04 11:53 - 000000000 ____D C:\Users\ATV_Admin\Documents\iTunes
2018-12-04 11:46 - 2018-12-04 11:46 - 000000000 ____D C:\Users\ATV_Admin\Documents\esoterismo
2018-12-04 11:39 - 2018-12-04 11:39 - 000000000 ____D C:\Users\ATV_Admin\Documents\CVs
2018-12-04 11:38 - 2018-12-04 11:38 - 000000000 ____D C:\Users\ATV_Admin\Documents\Chrome
2018-12-04 11:38 - 2018-12-04 11:38 - 000000000 ____D C:\Users\ATV_Admin\Documents\c
2018-12-04 11:38 - 2018-12-04 11:38 - 000000000 ____D C:\Users\ATV_Admin\Desktop\print
2018-12-04 11:38 - 2018-12-04 11:38 - 000000000 ____D C:\Users\ATV_Admin\Desktop\jobs 2018
2018-12-04 11:38 - 2018-11-01 23:41 - 000000000 ____H C:\Users\ATV_Admin\Documents\Default.rdp
2018-12-04 11:38 - 2018-10-26 23:10 - 000423555 _____ C:\Users\ATV_Admin\Documents\tortas de atun y papa.pdf
2018-12-04 11:38 - 2018-10-21 22:23 - 000155951 _____ C:\Users\ATV_Admin\Documents\Soft and Easy  Pumpkin Cookies with Cream Cheese Frosting.pdf
2018-12-04 11:38 - 2018-10-21 21:31 - 000599124 _____ C:\Users\ATV_Admin\Documents\Aunt Raffy's Holiday Salad - Giadzy.pdf
2018-12-04 11:38 - 2018-10-18 00:44 - 000772476 _____ C:\Users\ATV_Admin\Documents\Cheesecake de mamey.pdf
2018-12-04 11:38 - 2018-10-17 21:56 - 000948049 _____ C:\Users\ATV_Admin\Documents\Super alimentos mexicanos que debes incluir en tu dieta.pdf
2018-12-04 11:38 - 2018-10-17 15:31 - 000161476 _____ C:\Users\ATV_Admin\Documents\Pumpkin Ravioli With Sage Butter Sauce Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-17 14:52 - 000157719 _____ C:\Users\ATV_Admin\Documents\Olive Garden Copycat Zuppa Toscana Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-17 10:35 - 000053229 _____ C:\Users\ATV_Admin\Documents\Vazquez Teresa employment confirmation october 2018.pdf
2018-12-04 11:38 - 2018-10-17 10:23 - 004505358 _____ C:\Users\ATV_Admin\Documents\reclamacion comprobantes e idientificacion.odt
2018-12-04 11:38 - 2018-10-16 23:11 - 000015897 _____ C:\Users\ATV_Admin\Documents\dropship analysys.ods
2018-12-04 11:38 - 2018-10-15 16:03 - 000785714 _____ C:\Users\ATV_Admin\Documents\Gâteau aux fruits et aux noix du Brésil _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-15 15:21 - 000071563 _____ C:\Users\ATV_Admin\Documents\Gâteau à la crème sure et au pamplemousse _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-15 14:53 - 000404303 _____ C:\Users\ATV_Admin\Documents\quatre-quarts d'Hugo _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-15 13:38 - 000067841 _____ C:\Users\ATV_Admin\Documents\Gâteau aux marrons et au chocolat blanc _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-15 11:41 - 000620304 _____ C:\Users\ATV_Admin\Documents\gâteau forêt-noire _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-15 11:10 - 000638303 _____ C:\Users\ATV_Admin\Documents\Charlotte au chocolat et aux framboises _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-15 00:14 - 000759904 _____ C:\Users\ATV_Admin\Documents\Gâteau chocolat-thé aux épices _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-15 00:13 - 000608109 _____ C:\Users\ATV_Admin\Documents\Gâteau très chocolaté _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 23:58 - 000639305 _____ C:\Users\ATV_Admin\Documents\Gâteaux aux mangues, fraises et chocolat blanc _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 23:43 - 000472279 _____ C:\Users\ATV_Admin\Documents\gâteau forêt-noire amélioré _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 22:35 - 000635833 _____ C:\Users\ATV_Admin\Documents\gâteau renversé à l’érable et aux canneberges _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 22:14 - 000649129 _____ C:\Users\ATV_Admin\Documents\gâteau des anges simple _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 21:53 - 000599188 _____ C:\Users\ATV_Admin\Documents\gâteau red velvet _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 21:01 - 000724179 _____ C:\Users\ATV_Admin\Documents\gâteau avocat et chocolat _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 20:42 - 000889522 _____ C:\Users\ATV_Admin\Documents\gâteau biscuit amandes et bleuets _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 20:13 - 000928533 _____ C:\Users\ATV_Admin\Documents\gâteau au chocolat très chocolaté _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 19:53 - 000066525 _____ C:\Users\ATV_Admin\Documents\gâteau marbré chocolat-orange _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 19:19 - 000395644 _____ C:\Users\ATV_Admin\Documents\gâteau fromage chocolat _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-14 18:10 - 000061613 _____ C:\Users\ATV_Admin\Documents\Online Personal Credit Reports & Credit Scores - TransUnion Credit Monitoring2.pdf
2018-12-04 11:38 - 2018-10-14 18:07 - 000068590 _____ C:\Users\ATV_Admin\Documents\Online Personal Credit Reports & Credit Scores - TransUnion Credit Monitoring.pdf
2018-12-04 11:38 - 2018-10-14 17:05 - 000096262 _____ C:\Users\ATV_Admin\Documents\noire au Grand Marnier _ Foodlavie.pdf
2018-12-04 11:38 - 2018-10-13 14:56 - 002632469 _____ C:\Users\ATV_Admin\Documents\ideas affice chandelle.odt
2018-12-04 11:38 - 2018-10-12 23:05 - 000060759 _____ C:\Users\ATV_Admin\Documents\Pumpkin Soup with Pumpkin Seed-Mint Pesto Recipe _ MyRecipes.pdf
2018-12-04 11:38 - 2018-10-12 22:56 - 000063182 _____ C:\Users\ATV_Admin\Documents\Stuffed Pumpkin with Cranberry-Raisin Bread Pudding Recipe _ MyRecipes.pdf
2018-12-04 11:38 - 2018-10-12 22:26 - 000274675 _____ C:\Users\ATV_Admin\Documents\Roast pumpkin with cream thyme  Parmesan.pdf
2018-12-04 11:38 - 2018-10-12 21:59 - 000104571 _____ C:\Users\ATV_Admin\Documents\Brazilian shrimp stuffed pumpkin _ Adore Foods.pdf
2018-12-04 11:38 - 2018-10-10 15:52 - 001544574 _____ C:\Users\ATV_Admin\Documents\Les Benoitons de Papilles et Calamity Darty.pdf
2018-12-04 11:38 - 2018-10-10 15:14 - 002980991 _____ C:\Users\ATV_Admin\Documents\trifle royal.pdf
2018-12-04 11:38 - 2018-10-10 11:55 - 000753309 _____ C:\Users\ATV_Admin\Documents\programas suspension.odt
2018-12-04 11:38 - 2018-10-09 15:09 - 000103894 _____ C:\Users\ATV_Admin\Documents\tofu poke.pdf
2018-12-04 11:38 - 2018-10-09 14:45 - 000071365 _____ C:\Users\ATV_Admin\Documents\comrbcoct2_181009.pdf
2018-12-04 11:38 - 2018-10-09 13:34 - 000099710 _____ C:\Users\ATV_Admin\Documents\kielbalsa cabbage soup.pdf
2018-12-04 11:38 - 2018-10-08 23:21 - 000160295 _____ C:\Users\ATV_Admin\Documents\Kittencals Scalloped Potato And Ground Beef Casserole Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 23:00 - 000151453 _____ C:\Users\ATV_Admin\Documents\Spicy Salmon Poke Taco.pdf
2018-12-04 11:38 - 2018-10-08 22:56 - 000141599 _____ C:\Users\ATV_Admin\Documents\Matcha Red Bean Cake Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 22:50 - 000138174 _____ C:\Users\ATV_Admin\Documents\Chamomile Cake With Honey Buttercream.pdf
2018-12-04 11:38 - 2018-10-08 22:42 - 000223569 _____ C:\Users\ATV_Admin\Documents\Creamy Avocado Coconut Lime Ginger Pops Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 22:39 - 000177158 _____ C:\Users\ATV_Admin\Documents\Chocolate Chip Cookies With cheakpeas Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 22:32 - 000142789 _____ C:\Users\ATV_Admin\Documents\Blackberry Bakewell Tarts  Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 21:09 - 000155287 _____ C:\Users\ATV_Admin\Documents\Vanilla Dream Mille Crêpe Cake  Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 20:55 - 000156631 _____ C:\Users\ATV_Admin\Documents\Piña Colada Cake Bites Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 20:28 - 000141041 _____ C:\Users\ATV_Admin\Documents\Bacon And Egg Breakfast Stromboli Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 19:52 - 000185753 _____ C:\Users\ATV_Admin\Documents\Creamy Ham And Gnocchi Bake Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 19:42 - 000201845 _____ C:\Users\ATV_Admin\Documents\Banana Coffee Cake Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-08 19:16 - 000163718 _____ C:\Users\ATV_Admin\Documents\Cheesy Buffalo Chicken Skulls Recipe - Genius Kitchen.pdf
2018-12-04 11:38 - 2018-10-07 12:27 - 000000000 ____D C:\Users\ATV_Admin\Documents\Bluetooth Folder
2018-12-04 11:38 - 2018-09-24 00:36 - 041109664 _____ (Samsung Electronics) C:\Users\ATV_Admin\Documents\SmartSwitchPC.exe
2018-12-04 11:36 - 2018-12-05 12:23 - 000000267 _____ C:\Users\ATV_Admin\Desktop\DelFix.txt
2018-12-04 11:36 - 2018-12-04 20:08 - 000079243 _____ C:\Users\ATV_Admin\Desktop\FRST1.txt
2018-12-04 11:36 - 2018-12-04 20:08 - 000033744 _____ C:\Users\ATV_Admin\Desktop\Addition1.txt
2018-12-04 11:36 - 2018-12-04 11:37 - 000000000 ____D C:\Users\ATV_Admin\Desktop\CVs
2018-12-04 11:36 - 2018-12-02 16:53 - 002417152 _____ (Farbar) C:\Users\ATV_Admin\Desktop\FRST64.exe
2018-12-04 11:36 - 2018-11-25 00:56 - 000001538 _____ C:\Users\ATV_Admin\Desktop\Malwarebytes251118.txt
2018-12-04 11:36 - 2018-11-19 23:03 - 000092274 _____ C:\Users\ATV_Admin\Desktop\Disabling Windows Script Host _ Microsoft Docs.pdf
2018-12-04 11:36 - 2018-11-19 20:43 - 000090062 _____ C:\Users\ATV_Admin\Desktop\Event ID 10 is logged in the Applicatio...pdf
2018-12-04 11:36 - 2018-11-17 00:18 - 001726925 _____ C:\Users\ATV_Admin\Desktop\Conexiones_establecidas.txt
2018-12-04 11:36 - 2018-11-15 16:27 - 000352455 _____ C:\Users\ATV_Admin\Desktop\151118t.pdf
2018-12-04 11:36 - 2018-11-15 01:47 - 000000073 _____ C:\Users\ATV_Admin\Desktop\forma.txt
2018-12-04 11:36 - 2018-10-31 19:13 - 000002202 _____ C:\Users\ATV_Admin\Desktop\mbar-log-2018-10-31 (19-38-01).txt
2018-12-04 11:36 - 2018-10-29 23:45 - 007197480 _____ (VS Revo Group ) C:\Users\ATV_Admin\Desktop\revosetup.exe
2018-12-04 11:36 - 2018-10-27 12:28 - 000065434 _____ C:\Users\ATV_Admin\Desktop\bookmarks_27_10_18.html
2018-12-04 11:36 - 2018-10-25 09:06 - 006693004 _____ C:\Users\ATV_Admin\Desktop\bookmarks.html
2018-12-04 11:36 - 2018-10-25 09:06 - 002424969 _____ C:\Users\ATV_Admin\Desktop\bookmarks-2018-10-25.json
2018-12-04 11:26 - 2018-12-04 11:36 - 000000000 ____D C:\Users\ATV_Admin\iTunes
2018-12-04 11:11 - 2018-12-04 14:25 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\Google
2018-12-04 11:11 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Sony Corporation
2018-12-04 11:11 - 2018-12-04 14:22 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Adobe
2018-12-04 11:11 - 2018-12-04 11:11 - 000101416 _____ C:\Users\ATV_Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2018-12-04 11:11 - 2018-12-04 11:11 - 000001401 _____ C:\Users\ATV_Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-12-04 11:11 - 2018-12-04 11:11 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Intel Corporation
2018-12-04 11:11 - 2018-12-04 11:11 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Atheros
2018-12-04 11:10 - 2018-12-04 11:26 - 000000000 ____D C:\Users\ATV_Admin
2018-12-04 11:10 - 2018-12-04 11:10 - 000000020 ___SH C:\Users\ATV_Admin\ntuser.ini
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Reciente
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Plantillas
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Mis documentos
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Menú Inicio
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Impresoras
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Entorno de red
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Documents\Mis vídeos
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Documents\Mis imágenes
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Documents\Mi música
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Datos de programa
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\Configuración local
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\AppData\Local\Historial
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\AppData\Local\Datos de programa
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 _SHDL C:\Users\ATV_Admin\AppData\Local\Archivos temporales de Internet
2018-12-04 11:10 - 2018-12-04 11:10 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\VirtualStore
2018-12-04 11:10 - 2012-02-23 23:01 - 000000000 ____D C:\Users\ATV_Admin\AppData\Roaming\Media Center Programs
2018-12-02 16:57 - 2018-12-02 16:58 - 000041660 _____ C:\Users\Tessa\Desktop\Addition.txt
2018-12-02 16:55 - 2018-12-02 16:58 - 000068869 _____ C:\Users\Tessa\Desktop\FRST.txt
2018-12-02 16:54 - 2018-12-05 21:40 - 000000000 ____D C:\FRST
2018-12-02 16:53 - 2018-12-02 16:53 - 002417152 _____ (Farbar) C:\Users\Tessa\Desktop\FRST64.exe
2018-12-01 11:38 - 2018-12-01 11:38 - 000001145 _____ C:\Users\Tessa\Desktop\DelFix.txt
2018-11-26 09:04 - 2018-11-26 09:04 - 000000000 ____D C:\Users\Tessa\Downloads\TMRBLog
2018-11-25 00:56 - 2018-11-25 00:56 - 000001538 _____ C:\Users\Tessa\Desktop\Malwarebytes251118.txt
2018-11-22 12:35 - 2018-11-22 12:36 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET4A19.tmp
2018-11-21 15:29 - 2018-11-21 15:29 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5256B411.sys
2018-11-21 13:59 - 2018-11-21 14:00 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.0
2018-11-21 13:59 - 2018-11-21 13:59 - 000001570 _____ C:\Users\Public\Desktop\LibreOffice 6.0.lnk
2018-11-21 13:44 - 2018-11-21 13:44 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
2018-11-21 13:44 - 2018-11-21 13:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-11-21 13:42 - 2018-11-21 13:42 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-21 12:00 - 2018-11-21 15:12 - 000000000 ____D C:\Program Files\Common Files\AV
2018-11-20 20:37 - 2018-11-20 20:43 - 000000000 ____D C:\Rem-VBSqt
2018-11-19 23:03 - 2018-11-19 23:03 - 000092274 _____ C:\Users\Tessa\Desktop\Disabling Windows Script Host _ Microsoft Docs.pdf
2018-11-19 20:43 - 2018-11-19 20:43 - 000090062 _____ C:\Users\Tessa\Desktop\Event ID 10 is logged in the Applicatio...pdf
2018-11-19 19:25 - 2018-12-05 21:27 - 000002820 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-11-19 19:25 - 2018-12-05 21:14 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-11-19 19:25 - 2018-11-19 19:25 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-19 19:25 - 2018-11-19 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-11-19 19:10 - 2018-11-19 19:10 - 001206768 _____ (Adobe Systems Incorporated) C:\Users\Tessa\Downloads\flashplayer31_xa_install.exe
2018-11-19 15:57 - 2018-11-19 15:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Sony Corporation
2018-11-19 15:52 - 2018-11-19 16:26 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\LocalLow\Mozilla
2018-11-19 15:51 - 2018-11-19 15:58 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Mozilla
2018-11-19 15:51 - 2018-11-19 15:52 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Mozilla
2018-11-19 15:51 - 2018-11-19 15:51 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\AVAST Software
2018-11-19 15:51 - 2018-11-19 15:51 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\CEF
2018-11-19 15:49 - 2018-11-19 15:49 - 000099784 _____ C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Intel Corporation
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Atheros
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Adobe
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Google
2018-11-19 15:48 - 2018-11-19 17:35 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Sony Corporation
2018-11-19 15:48 - 2018-11-19 15:48 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\mbamtray
2018-11-19 15:47 - 2018-11-19 17:37 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Reciente
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Plantillas
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Mis documentos
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Menú Inicio
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Impresoras
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Entorno de red
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mis vídeos
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mis imágenes
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mi música
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Datos de programa
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Configuración local
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Historial
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Datos de programa
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Archivos temporales de Internet
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\VirtualStore
2018-11-19 15:47 - 2012-02-23 23:01 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Media Center Programs
2018-11-17 22:21 - 2018-11-20 23:06 - 000000000 ____D C:\Users\Tessa\Documents\c
2018-11-17 22:21 - 2018-11-20 11:04 - 000000000 ____D C:\Users\Tessa\Documents\Nueva carpeta
2018-11-16 16:35 - 2018-10-17 21:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-16 16:35 - 2018-10-17 21:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-16 16:35 - 2018-10-12 14:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-16 16:35 - 2018-10-11 20:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-16 16:34 - 2018-11-10 20:29 - 005551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-16 16:34 - 2018-11-10 20:28 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-11-16 16:34 - 2018-11-10 20:28 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-11-16 16:34 - 2018-11-10 20:28 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-11-16 16:34 - 2018-11-10 20:28 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-11-16 16:34 - 2018-11-10 20:27 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-11-16 16:34 - 2018-11-10 20:27 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-11-16 16:34 - 2018-11-10 20:26 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-11-16 16:34 - 2018-11-10 20:26 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-11-16 16:34 - 2018-11-10 20:26 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-11-16 16:34 - 2018-11-10 20:26 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-11-16 16:34 - 2018-11-10 20:25 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-11-16 16:34 - 2018-11-10 20:24 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-11-16 16:34 - 2018-11-10 20:24 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-16 16:34 - 2018-11-10 20:24 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-11-16 16:34 - 2018-11-10 20:14 - 004054248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-11-16 16:34 - 2018-11-10 20:14 - 003960040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-11-16 16:34 - 2018-11-10 20:12 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-11-16 16:34 - 2018-11-10 20:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-16 16:34 - 2018-11-10 20:11 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-16 16:34 - 2018-11-10 20:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-11-16 16:34 - 2018-11-10 20:11 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-11-16 16:34 - 2018-11-10 20:10 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-16 16:34 - 2018-11-10 20:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-11-16 16:34 - 2018-11-10 20:10 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-11-16 16:34 - 2018-11-10 20:10 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-16 16:34 - 2018-11-10 20:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-11-16 16:34 - 2018-11-10 20:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-16 16:34 - 2018-11-10 19:52 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-11-16 16:34 - 2018-11-10 19:48 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-11-16 16:34 - 2018-11-10 19:47 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-11-16 16:34 - 2018-11-10 19:44 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-11-16 16:34 - 2018-11-10 19:44 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-11-16 16:34 - 2018-11-10 19:43 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-11-16 16:34 - 2018-10-26 22:42 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-16 16:34 - 2018-10-26 22:42 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-16 16:34 - 2018-10-26 22:42 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-16 16:34 - 2018-10-26 22:42 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2018-11-16 16:34 - 2018-10-26 22:41 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-16 16:34 - 2018-10-26 22:27 - 000173568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-11-16 16:34 - 2018-10-26 22:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-16 16:34 - 2018-10-26 22:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-11-16 16:34 - 2018-10-26 22:11 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-16 16:34 - 2018-10-26 22:11 - 000156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-16 16:34 - 2018-10-26 22:05 - 003227648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-16 16:34 - 2018-10-26 22:04 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-11-16 16:34 - 2018-10-26 22:04 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-11-16 16:34 - 2018-10-26 22:04 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2018-11-16 16:34 - 2018-10-26 22:04 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dispex.dll
2018-11-16 16:34 - 2018-10-18 14:49 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-11-16 16:34 - 2018-10-18 13:51 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-11-16 16:34 - 2018-10-12 15:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-16 16:34 - 2018-10-12 15:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-11-16 16:34 - 2018-10-12 14:55 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-11-16 16:34 - 2018-10-12 14:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-16 16:34 - 2018-10-12 14:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-16 16:34 - 2018-10-11 21:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-16 16:34 - 2018-10-11 21:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-16 16:34 - 2018-10-11 20:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-16 16:34 - 2018-10-11 20:54 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-11-16 16:34 - 2018-10-11 20:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-16 16:34 - 2018-10-11 20:26 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-11-16 16:34 - 2018-10-11 20:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-16 16:34 - 2018-10-11 20:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-16 16:34 - 2018-10-06 11:02 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-16 16:34 - 2018-10-06 08:42 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-11-16 16:34 - 2018-10-06 08:05 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-16 16:34 - 2018-09-22 21:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-16 16:34 - 2018-09-22 21:54 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-16 16:34 - 2018-09-22 21:37 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-11-16 16:34 - 2018-09-22 21:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-11-16 16:34 - 2018-09-22 21:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-11-16 16:34 - 2018-09-22 21:34 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-16 16:34 - 2018-09-22 21:34 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-16 16:34 - 2018-09-22 21:33 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-16 16:34 - 2018-09-22 21:22 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-16 16:34 - 2018-09-22 21:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-16 16:34 - 2018-09-22 21:21 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-16 16:34 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
2018-11-16 16:34 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\system32\locale.nls
2018-11-16 16:33 - 2018-11-10 20:26 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-11-16 16:33 - 2018-11-10 20:26 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-11-16 16:33 - 2018-11-10 20:25 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-11-16 16:33 - 2018-11-10 20:25 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-11-16 16:33 - 2018-11-10 20:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-11-16 16:33 - 2018-11-10 20:10 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-11-16 16:33 - 2018-11-10 20:10 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-11-16 16:33 - 2018-11-10 20:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-11-16 16:33 - 2018-11-10 20:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 19:53 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-11-16 16:33 - 2018-11-10 19:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-11-16 16:33 - 2018-11-10 19:53 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-11-16 16:33 - 2018-11-10 19:48 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-11-16 16:33 - 2018-11-10 19:47 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-11-16 16:33 - 2018-11-10 19:45 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-11-16 16:33 - 2018-11-10 19:44 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-11-16 16:33 - 2018-11-10 19:43 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-11-16 16:33 - 2018-11-10 19:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-11-16 16:33 - 2018-11-10 19:41 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-11-16 16:33 - 2018-11-10 19:40 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-11-16 16:33 - 2018-11-10 19:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-11-16 16:33 - 2018-11-10 19:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-16 16:33 - 2018-10-12 15:25 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-11-16 16:33 - 2018-10-12 15:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-16 16:33 - 2018-10-12 15:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-16 16:33 - 2018-10-12 14:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-11-16 16:33 - 2018-10-12 14:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-16 16:33 - 2018-10-12 14:55 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-11-16 16:33 - 2018-10-11 21:10 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-11-16 16:33 - 2018-10-11 21:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-16 16:33 - 2018-10-11 20:59 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-11-16 16:33 - 2018-10-11 20:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-16 16:33 - 2018-10-11 20:51 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-11-16 16:33 - 2018-10-11 20:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-11-16 16:33 - 2018-10-11 20:42 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-11-16 16:33 - 2018-10-11 20:40 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-11-16 16:33 - 2018-10-11 20:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-16 16:33 - 2018-10-11 20:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-16 16:33 - 2018-10-11 20:26 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-11-16 16:33 - 2018-10-11 19:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-16 16:33 - 2018-09-22 21:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-11-16 16:32 - 2018-11-10 20:25 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-11-16 16:32 - 2018-11-10 20:25 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-11-16 16:32 - 2018-11-10 20:25 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-11-16 16:32 - 2018-11-10 20:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-11-16 16:32 - 2018-11-10 20:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 20:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 19:41 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-11-16 16:32 - 2018-11-10 19:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-11-16 16:32 - 2018-11-10 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-11-16 16:32 - 2018-11-10 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-11-16 16:32 - 2018-10-12 15:36 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-11-16 16:32 - 2018-10-12 15:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-11-16 16:32 - 2018-10-12 15:25 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-11-16 16:32 - 2018-10-12 15:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-11-16 16:32 - 2018-10-12 15:20 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-11-16 16:32 - 2018-10-12 15:20 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-11-16 16:32 - 2018-10-12 15:18 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-11-16 16:32 - 2018-10-12 15:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-11-16 16:32 - 2018-10-12 15:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-11-16 16:32 - 2018-10-12 15:11 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-11-16 16:32 - 2018-10-12 15:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-11-16 16:32 - 2018-10-12 15:07 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-11-16 16:32 - 2018-10-12 15:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-11-16 16:32 - 2018-10-12 15:05 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-11-16 16:32 - 2018-10-12 15:04 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-11-16 16:32 - 2018-10-12 15:03 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-11-16 16:32 - 2018-10-12 15:02 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-11-16 16:32 - 2018-10-12 14:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-16 16:32 - 2018-10-11 21:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-11-16 16:32 - 2018-10-11 21:11 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-11-16 16:32 - 2018-10-11 21:10 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-11-16 16:32 - 2018-10-11 21:10 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-11-16 16:32 - 2018-10-11 21:04 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-11-16 16:32 - 2018-10-11 21:03 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-11-16 16:32 - 2018-10-11 21:00 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-11-16 16:32 - 2018-10-11 21:00 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-11-16 16:32 - 2018-10-11 20:46 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-11-16 16:32 - 2018-10-11 20:45 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-11-16 16:32 - 2018-10-11 20:44 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-11-16 16:32 - 2018-10-11 20:38 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-11-16 16:32 - 2018-09-22 21:54 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-11-16 16:32 - 2018-09-22 21:54 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-11-16 16:32 - 2018-09-22 21:54 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2018-11-16 16:32 - 2018-09-22 21:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2018-11-16 16:32 - 2018-09-22 21:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2018-11-16 16:32 - 2018-09-22 21:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2018-11-16 16:32 - 2018-09-22 21:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2018-11-16 16:32 - 2018-09-22 21:21 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2018-11-16 16:31 - 2018-10-11 21:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-11-15 23:52 - 2018-11-15 23:52 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\iolo
2018-11-15 23:02 - 2018-11-15 23:02 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\CEF
2018-11-15 23:01 - 2018-11-15 23:05 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\Sony Corporation
2018-11-15 22:57 - 2018-11-15 23:20 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\Google
2018-11-15 22:57 - 2018-11-15 22:57 - 000099784 _____ C:\Users\TEMP.Tessa-VAIO\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-15 22:57 - 2018-11-15 22:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Intel Corporation
2018-11-15 22:57 - 2018-11-15 22:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Atheros
2018-11-15 22:56 - 2018-11-16 14:32 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Sony Corporation
2018-11-15 22:56 - 2018-11-15 22:56 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Adobe
2018-11-15 22:56 - 2018-11-15 22:56 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\mbamtray
2018-11-15 22:55 - 2018-11-16 14:37 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Reciente
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Plantillas
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Mis documentos
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Menú Inicio
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Impresoras
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Entorno de red
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Documents\Mis vídeos
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Documents\Mis imágenes
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Documents\Mi música
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Datos de programa
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\Configuración local
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Local\Historial
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Local\Datos de programa
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO\AppData\Local\Archivos temporales de Internet
2018-11-15 22:55 - 2018-11-15 22:55 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\VirtualStore
2018-11-15 22:55 - 2012-02-23 23:01 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Media Center Programs
2018-11-15 16:27 - 2018-11-15 16:27 - 000352455 _____ C:\Users\Tessa\Desktop\151118t.pdf
2018-11-15 01:47 - 2018-11-17 00:18 - 001726925 _____ C:\Users\Tessa\Desktop\Conexiones_establecidas.txt
2018-11-15 01:47 - 2018-11-15 01:47 - 000000073 _____ C:\Users\Tessa\Desktop\forma.txt
2018-11-12 21:23 - 2018-11-21 15:12 - 000000000 ____D C:\Users\TEMP
2018-11-12 12:14 - 2018-11-12 12:14 - 000000000 ____D C:\Users\Tessa\Desktop\print
2018-11-12 12:12 - 2018-11-12 16:21 - 000000000 ____D C:\Users\Tessa\Desktop\jobs 2018
2018-11-12 12:10 - 2018-11-16 22:10 - 000000000 ____D C:\Users\Tessa\Desktop\CVs
2018-11-12 12:04 - 2018-11-12 12:41 - 2899411939 _____ C:\Users\Tessa\Downloads\20170930_173528-003.mp4
2018-11-12 12:03 - 2018-11-12 12:35 - 2133097695 _____ C:\Users\Tessa\Downloads\takeout-20181112T155821Z-001.zip
2018-11-12 12:03 - 2018-11-12 12:11 - 446803740 _____ C:\Users\Tessa\Downloads\takeout-20181112T155821Z-002.zip
2018-11-12 01:06 - 2018-11-12 01:06 - 001217236 _____ C:\Users\Tessa\Downloads\takeout-20181112T060510Z-001.zip
2018-11-08 22:04 - 2018-11-16 17:21 - 000000000 ____D C:\Program Files\Google
2018-11-08 22:04 - 2018-11-08 22:07 - 000000000 ____D C:\Program Files\Recuva
2018-11-08 22:04 - 2018-11-08 22:04 - 000001658 _____ C:\Users\Public\Desktop\Recuva.lnk
2018-11-08 22:04 - 2018-11-08 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2018-11-08 10:23 - 2018-12-05 12:23 - 000000267 _____ C:\DelFix.txt
2018-11-08 10:23 - 2018-11-08 10:23 - 000000000 ____D C:\Windows\ERUNT
2018-11-06 00:54 - 2018-11-06 00:54 - 000002338 _____ C:\Users\Tessa\Desktop\as_15C9.tmp.txt
2018-11-05 00:32 - 2018-11-05 00:32 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-11-05 00:32 - 2018-11-05 00:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-11-05 00:32 - 2018-11-05 00:32 - 000000000 ____D C:\Program Files\VS Revo Group

CxW7Gab · 6 Diciembre, 2018 03:19


==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-05 21:35 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-12-05 21:26 - 2018-10-15 09:38 - 000000000 ____D C:\Program Files (x86)\Samsung
2018-12-05 21:26 - 2018-10-07 10:45 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-12-05 21:13 - 2009-07-13 23:45 - 000021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-05 21:13 - 2009-07-13 23:45 - 000021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-05 21:04 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-05 12:17 - 2018-10-07 11:18 - 000747970 _____ C:\Windows\system32\perfh00A.dat
2018-12-05 12:17 - 2018-10-07 11:18 - 000159410 _____ C:\Windows\system32\perfc00A.dat
2018-12-05 12:17 - 2009-07-14 00:13 - 001678218 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-04 11:26 - 2018-10-07 12:22 - 000000000 ____D C:\Users\Tessa
2018-12-03 19:17 - 2018-10-08 10:38 - 000000000 ____D C:\Users\Tessa\AppData\LocalLow\Mozilla
2018-12-01 23:30 - 2018-10-08 10:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-01 12:02 - 2018-10-08 10:38 - 000000000 ____D C:\Users\Tessa\AppData\Local\CrashDumps
2018-11-27 00:08 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-11-26 23:58 - 2018-10-12 19:20 - 000000000 ____D C:\Users\Tessa\AppData\Local\ElevatedDiagnostics
2018-11-26 20:33 - 2010-11-20 22:27 - 000592416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-11-26 18:17 - 2018-10-27 12:11 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-26 18:17 - 2018-10-27 12:11 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-24 22:29 - 2018-10-08 11:30 - 000004494 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-24 22:29 - 2018-10-07 12:03 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-11-24 22:29 - 2018-10-07 12:03 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-24 22:29 - 2018-10-07 12:03 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-11-24 22:29 - 2018-10-07 12:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-24 22:29 - 2018-10-07 12:03 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-22 15:49 - 2018-11-03 10:20 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-22 15:49 - 2018-10-27 12:08 - 000003534 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-22 15:49 - 2018-10-27 12:08 - 000003406 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-22 15:49 - 2018-10-07 11:56 - 000003886 _____ C:\Windows\System32\Tasks\VHDInformationCheck
2018-11-21 16:18 - 2018-10-28 22:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-11-21 15:18 - 2009-07-13 23:45 - 000442240 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-21 15:09 - 2018-10-07 12:22 - 000101416 _____ C:\Users\Tessa\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-21 14:00 - 2018-10-12 00:26 - 000000000 ____D C:\Program Files\LibreOffice
2018-11-20 19:20 - 2018-10-14 17:03 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\PrimoPDF
2018-11-20 14:56 - 2018-10-08 10:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-20 14:56 - 2018-10-08 10:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-20 09:57 - 2009-07-14 00:08 - 000032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-11-19 19:34 - 2018-11-03 10:17 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-19 19:32 - 2018-10-10 23:49 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\Skype
2018-11-19 19:25 - 2018-10-08 10:29 - 000000000 ____D C:\Program Files\CCleaner
2018-11-19 19:18 - 2018-10-08 17:42 - 000000000 ____D C:\Users\Tessa\AppData\Local\Adobe
2018-11-19 17:40 - 2018-10-25 09:16 - 000000000 ____D C:\Users\Tere.Tessa-VAIO
2018-11-19 17:35 - 2018-10-18 20:47 - 000000000 ____D C:\ProgramData\Atheros
2018-11-19 17:35 - 2018-10-07 11:04 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
2018-11-19 17:35 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\AppCompat
2018-11-19 17:34 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-11-16 17:21 - 2018-10-08 10:24 - 000000000 ____D C:\Program Files (x86)\Google
2018-11-16 17:12 - 2018-10-10 11:00 - 000000000 ____D C:\Windows\system32\MRT
2018-11-16 16:54 - 2018-10-10 10:59 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-11-16 16:46 - 2011-02-10 18:03 - 001652804 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-11-16 16:22 - 2018-10-08 10:24 - 000000000 ____D C:\Users\Tessa\AppData\Local\Google
2018-11-16 14:34 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-11-16 14:32 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-11-09 01:43 - 2018-10-07 12:40 - 000000000 ____D C:\Users\Public\Documents\Songs
2018-11-07 09:55 - 2018-10-07 13:21 - 000000000 ____D C:\Users\Tessa\AppData\Roaming\iolo

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-14 15:21

==================== End of FRST.txt ============================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by ATV_Admin (05-12-2018 21:42:40)
Running from C:\Users\ATV_Admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2018-10-07 17:22:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1459080146-1752181985-1471865784-500 - Administrator - Disabled)
ATV_Admin (S-1-5-21-1459080146-1752181985-1471865784-1006 - Administrator - Enabled) => C:\Users\ATV_Admin
Invitado (S-1-5-21-1459080146-1752181985-1471865784-501 - Limited - Disabled)
Tere (S-1-5-21-1459080146-1752181985-1471865784-1003 - Limited - Enabled)
Tessa (S-1-5-21-1459080146-1752181985-1471865784-1000 - Administrator - Enabled) => C:\Users\Tessa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACID Music Studio 8.0 (HKLM-x32\...\{7B70781E-6D04-11E0-A566-005056C00008}) (Version: 8.0.178 - Sony)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.457 - ArcSoft)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.135 - Atheros)
BPCx64 (HKLM\...\{C25C68CF-E4A1-4B6F-9F28-5559264F23FD}) (Version: 1.0.0 - Sony Corporation) Hidden
BPCx86 (HKLM-x32\...\{F5802A74-7CAF-42E7-AC98-BB8D99B90C7D}) (Version: 1.0.0 - Sony Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diagnóstico de ventilador de CPU VAIO (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
DVD Architect Studio 5.0 (HKLM-x32\...\{7AFBA1EE-24FE-11E1-A28A-F04DA23A5C58}) (Version: 5.0.157 - Sony)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
FDUx86 (HKLM-x32\...\{3490653F-2789-46A1-B1BF-6BD4CF4131AB}) (Version: 1.0.0 - Sony Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KUx86 (HKLM-x32\...\{6FD21053-829D-40E7-B04C-CAFB7D5CD025}) (Version: 1.0.0 - Sony Corporation ) Hidden
LibreOffice 6.0.7.3 (HKLM\...\{54B10C43-7DD3-4C32-B0D1-9F90C9FBB6E3}) (Version: 6.0.7.3 - The Document Foundation)
Manual de VAIO (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.3.0.12300 - Sony Corporation)
Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.2.3.04170 - Sony Corporation)
Media Go (HKLM-x32\...\{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}) (Version: 2.0.317 - Sony)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NordVPN (HKLM-x32\...\{A19C08C0-A154-4055-ADC1-F36BE5758EA6}) (Version: 6.18.9 - NordVPN) Hidden
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.1.01.14210 - Sony Corporation)
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.5.15.13232 - Sony Computer Entertainment Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Qualcomm Atheros Direct Connect (HKLM-x32\...\{21DD6041-7251-40FA-9D06-C5EB30268E0F}) (Version: 3.1 - Qualcomm Atheros) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.91 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Remote Keyboard (HKLM-x32\...\{6466EF6E-700E-470F-94CB-D0050302C84E}) (Version: 1.2.0.09270 - Sony Corporation) Hidden
Remote Play with PlayStation(R)3 (HKLM-x32\...\{D56DA747-5FDB-4AD5-9A6A-3481C0ED44BD}) (Version: 1.1.0.21090 - Sony Corporation) Hidden
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Skype versión 8.34 (HKLM-x32\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{0B5CD700-A1D3-11E0-AD24-005056C00008}) (Version: 10.0.176 - Sony)
SSLx64 (HKLM\...\{312395BC-7CC2-434C-A660-30250276A926}) (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (HKLM-x32\...\{63C43435-F428-42BA-8E7B-5848749D9262}) (Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.6 - Synaptics Incorporated)
TrackID(TM) with BRAVIA (HKLM-x32\...\{858B32BD-121C-4AC8-BD87-CE37C51C03E2}) (Version: 1.2.0.09270 - Sony Corportaion) Hidden
V3DPx86 (HKLM-x32\...\{D4E7BB46-310E-4A21-B261-052A5997EA2F}) (Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.01.03310 - Sony Corporation)
VAIO - Teclado a distancia (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Teclado a distancia con PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation)
VAIO - TrackID™ con BRAVIA (HKLM-x32\...\{2F41EF61-A066-4EBF-84F8-21C1B317A780}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Uso a distancia con PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.21090 - Sony Corporation)
VAIO 3D Portal (HKLM-x32\...\{C14EAE86-C526-4E00-B245-CFF86233C3D2}) (Version: 1.2.0.10131 - Sony Corporation)
VAIO Care (HKLM\...\{CFF47016-B212-4D89-8DC2-15D5508A73BA}) (Version: 8.4.6.05111 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.1.15070 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{5156C9BF-1C27-430B-96D8-7129F11699A8}) (Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.9.0.13190 - Sony Corporation)
VAIO Easy Connect (HKLM-x32\...\{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.2.02200 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{AE5F3379-8B81-457E-8E09-7E61D941AFA4}) (Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.5.2.02090 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 1.0.0.12300 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{C8544A9A-76BE-4F82-811E-979799AE493B}) (Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{C9EFF66F-B0CF-4B1A-9371-2FC647658CDF}) (Version: 17.00.0109 - Sony Corporation)
VAIO OOBE (HKLM-x32\...\{D9777637-33B7-47A9-800C-F6A2CD4EB0FE}) (Version: 12.2.1.2483 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.0.09010 - Sony Corporation)
VAIO Satisfaction Survey. (HKLM-x32\...\VAIO Satisfaction Survey.3.0) (Version: 3.0 - Sony Electronics Inc.)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.14.1.07010 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.7.1.06040 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.3.0.03150 - Sony Corporation)
VCCx64 (HKLM\...\{549AD5FB-F52D-4307-864A-C0008FB35D96}) (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (HKLM-x32\...\{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}) (Version: 1.0.0 - Sony Corporation) Hidden
Vegas Movie Studio HD Platinum 11.0 (HKLM-x32\...\{CF30A821-F384-11E0-AC56-F04DA23A5C58}) (Version: 11.0.256 - Sony)
VGClientX64 (HKLM\...\{99E6C2F3-59B2-4308-B1CD-4928B55B7E30}) (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (HKLM-x32\...\{8B583EF5-FA7B-4AE2-9008-51B7FD505886}) (Version: 1.0.0 - Sony Corporation) Hidden
VHD (HKLM-x32\...\{DB1A3EA7-0C25-4BEC-A108-176195190369}) (Version: 1.0.0 - Microsoft) Hidden
VMLx86 (HKLM-x32\...\{7E5A5CA6-B7D0-406E-A75E-157CAB47EB94}) (Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (HKLM\...\{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}) (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (HKLM\...\{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}) (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (HKLM-x32\...\{A49A517F-5332-4665-922C-6D9AD31ADD4F}) (Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (HKLM\...\{4F31AC31-0A28-4F5A-8416-513972DA1F79}) (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (HKLM-x32\...\{B24BB74E-8359-43AA-985A-8E80C9219C70}) (Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (HKLM\...\{6B7DE186-374B-4873-AEC1-7464DA337DD6}) (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (HKLM-x32\...\{9D12A8B5-9D41-4465-BF11-70719EB0CD02}) (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (HKLM-x32\...\{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}) (Version: 1.0.0 - Sony Corporation ) Hidden
VUx64 (HKLM\...\{A0A2BE14-D3FF-41C8-9545-4B130E3FE9A4}) (Version: 1.2.0 - Sony Corporation) Hidden
VUx86 (HKLM-x32\...\{D04F1D22-4A47-42C6-A2B9-094A7B844D9B}) (Version: 1.2.0 - Sony Corporation) Hidden
VWSTx86 (HKLM-x32\...\{B8991D99-88FD-41F2-8C32-DB70278D5C30}) (Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2012-04-28] (Atheros Commnucations)
ContextMenuHandlers2: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => C:\Program Files\Sony\VAIO Gate\VAIOGateShellExt.dll [2012-02-20] (Sony Corporation)
ContextMenuHandlers3: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => C:\Program Files\Sony\VAIO Gate\VAIOGateShellExt.dll [2012-02-20] (Sony Corporation)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2012-04-28] (Atheros Commnucations)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-14] (Intel Corporation)
ContextMenuHandlers6: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => C:\Program Files\Sony\VAIO Gate\VAIOGateShellExt.dll [2012-02-20] (Sony Corporation)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07D4F11D-21E2-4FE1-B673-DFC619389BAC} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {084525E5-75F5-4D13-81FF-CFC4C9F30E5C} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {0FBA313F-42DA-4DB5-A040-91E382DAEE2A} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {1048CA66-C882-4970-9007-064408EB1925} - System32\Tasks\Sony Corporation\BP Checker\CheckBPStatusLogon => C:\Program Files\Sony\BP Checker\BPChecker.exe [2016-11-29] (Sony Corporation)
Task: {15DD8226-6DBA-406A-A5A2-1A08EE28B796} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {26372C46-8C8B-4558-8EE4-68257101FF39} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net [Argument = start VSNService]
Task: {40D48C07-F523-497A-B0EE-07022C8ED30B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {4A505F33-30AC-474B-BDDB-99E40C36357B} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {4D3FCA27-F3DD-4B98-A6B6-0960F1AA489A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2018-03-19] (Sony Corporation)
Task: {4F290FB1-72EE-4F81-8549-0FE083A1983C} - System32\Tasks\Sony Corporation\VAIO Care\VKSvcWeekly => C:\Program Files\Sony\VAIO Care\VAIOTM\VKSvc.exe [2017-04-19] (Sony Corporation)
Task: {505077DF-9A2F-4AFB-8A8A-FC775FDC6226} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2017-05-11] (Sony Corporation)
Task: {52031DBA-5DC9-403B-A3CD-E2E585CA0D26} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
Task: {5E206916-93CB-49CA-8EA3-DC7A90C4E99A} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {6103856B-42BE-400E-98B5-6D6138B2BED4} - System32\Tasks\Sony Corporation\BP Checker\CheckBPStatusCreate => C:\Program Files\Sony\BP Checker\BPChecker.exe [2016-11-29] (Sony Corporation)
Task: {6C90173C-8304-4123-B686-B1FA51EFE362} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {74299DA7-D5FA-49A3-B54A-8976C0B3C77D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-27] (Google Inc.)
Task: {74EDED6D-7856-4718-9E6A-33D848B6704C} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {7595B397-6E6E-4DF5-8F66-AB0CADA1957C} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2017-05-11] (Sony Corporation)
Task: {75E34B38-9A90-486C-8F2B-5135AADDA9CB} - System32\Tasks\Sony Corporation\VAIO Care\VTUsr => C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe [2017-04-19] (Sony Corporation)
Task: {7BEAC51A-D18F-42C1-B8F5-C7EF11286EA3} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {866E4782-9C98-414F-B185-ABEB39F02098} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {87C2E7FE-508F-4676-BFF1-D9477F562F7F} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {8A7027FC-8312-428D-8B9C-31FA2560FC60} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {9109A380-1506-4BD4-AE19-03D32002C748} - System32\Tasks\Sony Corporation\VAIO Care\VKSvcDaily => C:\Program Files\Sony\VAIO Care\VAIOTM\VKSvc.exe [2017-04-19] (Sony Corporation)
Task: {A99288BF-6911-49FA-8ED0-28F93C0BA5DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-27] (Google Inc.)
Task: {B24AA1A0-DCE7-4698-BAF4-61B8E201F5BA} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VSScheduler.exe [2010-12-09] (Sony Electronics Inc.)
Task: {BFA8E6CA-9FF8-4E19-97CD-DA8FE3853233} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2018-03-19] (Sony Corporation)
Task: {C07431C5-8617-4160-A348-B2B29B4317A9} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {C17BBA68-0D91-4E4F-9D39-F1FDC9C3BDD2} - System32\Tasks\Sony\OOBESendInfo => C:\Program Files (x86)\Sony\OOBE\OOBESendInfo.exe [2012-03-15] (Sony Electronics Inc.)
Task: {C663A0C2-E06A-400F-93C9-620F731AD661} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
Task: {C79581F6-1C32-4B76-967A-08DF80E8C800} - System32\Tasks\Sony Corporation\VAIO Care\VTSvc => C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe [2017-04-19] (Sony Corporation)
Task: {CF18D41C-14C8-480D-8988-8FCB69AC7939} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2018-03-07] (Sony Corporation)
Task: {D23D6C89-5695-4D8C-A9DF-429D91BB96A8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-24] (Adobe Systems Incorporated)
Task: {EB02960E-62C9-4279-9B9C-D24C72637B0E} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {EC40A017-02CF-46B6-B5DD-EF27B70A6D8B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)
Task: {F3CCC81E-5CC5-4AC3-8F46-BDA8B5B14402} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-24] (Adobe Systems Incorporated)
Task: {FE182E5A-333D-4078-BC14-7FD9621BF443} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2017-05-11] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-10-08 10:40 - 2015-09-01 08:41 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
2018-10-07 10:54 - 2012-03-13 11:01 - 000128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-03-14 15:54 - 2012-03-14 02:57 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-10-07 11:52 - 2012-03-07 18:57 - 000021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2018-11-19 21:24 - 2018-11-19 21:24 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\318f4e270844db14015db593913440b1\IsdiInterop.ni.dll
2018-10-07 10:58 - 2011-11-29 20:00 - 000059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2018-10-07 10:54 - 2012-03-13 11:02 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44328596.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44328596.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2018-12-05 12:35 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1459080146-1752181985-1471865784-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\ATV_Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: Spotify => C:\Users\Tessa\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{86F2CCFA-1891-4AEB-91AA-5812908C8F2F}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{359BF62C-EEE0-4C6E-A0DE-E564248122E4}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{80ACD008-87A1-4C33-9321-96041C7F905A}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{A0AB810D-C339-48C6-8934-1748D36AEF2E}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe
FirewallRules: [{5348E4EB-2302-4D44-B8EE-3D42BBF9EA36}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B22B0CB9-A37E-4D1F-A92D-CD5EA7692392}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{17CC2025-76A0-44C0-B8DC-18E6BA55DDA0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{96E46E2C-9EF6-44AD-9CC0-8C02FB79AF8B}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{D42C16AB-837B-4793-A998-EC0B71D3344A}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{A302C2EF-8E9E-4C2C-A790-F085718F246C}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{DC4F6D85-3EED-4464-A96C-8C64BADFE88E}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{7364A88F-BEB7-4899-94BF-12E82915A22C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{51E05604-9C52-4E83-9924-0660242B171D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B4A7F6BC-7124-4D5C-882B-841981A29F71}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{47B48ADB-9209-4135-97BD-4B0A70C0A881}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{BFB86B73-46FA-45EC-BF8F-307FBD8557CC}] => (Block) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{565BFD0B-F8A3-48B6-8D5A-1ACACB9B5A75}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{E759DA56-40BD-46FD-A5DB-D74A88AA6B71}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{632C265B-6480-4833-86D2-D945CF8000A9}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
FirewallRules: [{200179B4-35E6-49B3-9289-7DAFDE09890B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E5F6F696-596C-450F-A13A-D03B427AD83F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{65716FE7-570E-4967-BFD1-C73CA1FC76DA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{306D68CF-BB10-4918-B9DA-CB1F8A587543}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{06F689B4-2A37-4780-A5E3-13246D367153}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{07CF38E6-BD82-4992-AFC7-F6B6D93AA949}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{524727C0-0A8C-4F10-A82B-2C47493429E8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{B8CA86BB-A8D6-4FF5-82DF-EF77C250CA10}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{C3DAEBD1-F507-4656-AF56-A9D06BE4A6D9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-11-2018 13:41:32 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123
21-11-2018 15:07:41 Revo Uninstaller's restore point - Kaspersky Total Security
21-11-2018 15:14:36 Revo Uninstaller's restore point - Kaspersky Secure Connection
26-11-2018 23:39:24 JRT Pre-Junkware Removal
01-12-2018 11:39:37 Revo Uninstaller's restore point - Panda USB Vaccine 1.0.1.16
03-12-2018 19:07:15 Windows Update
03-12-2018 19:18:50 Windows Update
05-12-2018 21:25:44 Removed Smart Switch

==================== Faulty Device Manager Devices =============

Name: TAP-NordVPN Windows Adapter V9
Description: TAP-NordVPN Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-NordVPN Windows Provider V9
Service: tapnordvpn
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2018 09:25:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1459080146-1752181985-1471865784-1003.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.


Operación:
   Evento OnIdentify
   Recopilando datos del escritor

Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {04b03029-c66f-421e-bb10-550bfb138410}

Error: (12/05/2018 12:02:19 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Error al generar el contexto de activación para "G:\iTunes64Setup.exe". Error en el archivo de manifiesto o directiva "G:\iTunes64Setup.exe" en la línea 0.
Sintaxis XML no válida.

Error: (12/03/2018 07:18:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1459080146-1752181985-1471865784-1003.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.


Operación:
   Evento OnIdentify
   Recopilando datos del escritor

Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {3318004f-0a80-42d3-a7eb-c7a956f8101f}

Error: (12/03/2018 07:07:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1459080146-1752181985-1471865784-1003.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.


Operación:
   Evento OnIdentify
   Recopilando datos del escritor

Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {ecb1cfb8-685e-4938-9453-f6f946e4344f}

Error: (12/01/2018 08:23:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Tessa-VAIO)
Description: Windows no encuentra el perfil local y está iniciando la sesión con un perfil temporal. Los cambios que se efectúen en este perfil se perderán cuando se cierre la sesión.

Error: (12/01/2018 08:23:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Tessa-VAIO)
Description: Windows hizo una copia de seguridad de este perfil de usuario. Windows intentará automáticamente usar la copia de seguridad del perfil la próxima vez que este usuario inicie sesión.

Error: (12/01/2018 11:39:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1459080146-1752181985-1471865784-1003.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.


Operación:
   Evento OnIdentify
   Recopilando datos del escritor

Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {83117480-d098-4329-83d5-b970d4b2bb26}

Error: (12/01/2018 11:39:36 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-1459080146-1752181985-1471865784-1003.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.


Operación:
   Evento OnIdentify
   Recopilando datos del escritor

Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {83117480-d098-4329-83d5-b970d4b2bb26}


System errors:
=============
Error: (12/05/2018 09:42:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80070643: Actualización de definición para Windows Defender Antivirus – KB915597 (Definición 1.281.1395.0).

Error: (12/05/2018 12:56:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/05/2018 12:36:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/05/2018 12:35:46 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1068" al intentar iniciar el servicio BITS con argumentos "" para ejecutar el servidor:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (12/05/2018 12:33:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (12/05/2018 12:33:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (12/05/2018 12:33:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (12/05/2018 12:33:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.


Windows Defender:
===================================
Date: 2018-12-05 21:42:22.760
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15400.5
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-12-04 20:07:32.721
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15400.5
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-12-03 19:07:52.387
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15400.5
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 67%
Total physical RAM: 3996.36 MB
Available physical RAM: 1316.3 MB
Total Virtual: 7990.86 MB
Available Virtual: 5478.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:447 GB) (Free:64.13 GB) NTFS

\\?\Volume{79d80838-ca44-11e8-95cd-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS
\\?\Volume{79d80837-ca44-11e8-95cd-806e6f6e6963}\ (Recovery) (Fixed) (Total:18.41 GB) (Free:1.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 78CBB45F)
Partition 1: (Not Active) - (Size=18.4 GB) - (Type=27)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=447 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

SanMar · 6 Diciembre, 2018 05:28

Hola:

Vamos de nuevo…

Lo dudo, justo un segundo después da que el ejecutable o la extensión venían con regalito.

Por ahora no instales nada aun, en el próximo script eliminaremos todas las VPN, la verdad yo no puedo recomendarte nada.

Así como tu eres paranoic… a instalar cosas creyendo que te dan mas seguridad, yo soy hiper paranoic de no instalar nada , son años de experiencia me gustan los SO y navegadores totalmente limpios, y jamas conecto a WIFFi ajenas, aunque a veces no queda otra lo se.

Para cual VPN lo que te recomiendo cuando terminemos, abras un nuevo tema pidiendo recomendaciones sobre que software es mejor, allí los [email protected] podrán ayudarte.

1.- Luego Realiza lo siguiente:

Inicias tu ordenador en >>> Modo Seguro.

2.- Luego:

Inicio >>> Ejecutar >>> Escriba notepad.exe o abra un nuevo archivo Notepad y copie y pegue lo siguiente:


CLOSEPROCESSES:
start

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2018-11-20] ()
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Extension: (ZenMate VPN - Mejor seguridad para Internet) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-12-04]
CHR Extension: (Avast Online Security) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-12-04]
CHR Extension: (PSafe Segurança Online) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\higfhiimhkcmfppmdckdpkdcdolcjooo [2018-12-04]
CHR Extension: (Proxy VPN gratis Hotspot Shield: desbloqueo de sitios) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2018-12-04]
CHR Extension: (SurfEasy VPN - Seguridad, Privacidad, Desbloquear) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiddbcijempnhhobijfbggjogofdlgl [2018-12-04]
CHR Extension: (TunnelBear VPN) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-12-04]
2018-12-04 14:23 - 2018-12-04 14:23 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\ESET
2018-12-04 14:05 - 2018-07-02 09:09 - 082248888 _____ (TunnelBear) C:\Users\ATV_Admin\Downloads\TunnelBear-Installer.exe
2018-12-04 14:01 - 2018-11-16 17:33 - 003426208 _____ (NordVPN) C:\Users\ATV_Admin\Downloads\NordVPNTapSetup.exe
2018-12-04 14:00 - 2018-11-20 19:21 - 000768736 _____ C:\Users\ATV_Admin\Downloads\Download Rem-VBSworm.pdf
2018-12-04 14:00 - 2015-12-07 19:18 - 001612560 _____ (NCH Software) C:\Users\ATV_Admin\Downloads\debutpsetup(2).exe
2018-12-04 14:00 - 2015-12-06 01:22 - 001069060 _____ (NCH Software) C:\Users\ATV_Admin\Downloads\debut.exe
2018-11-20 20:37 - 2018-11-20 20:43 - 000000000 ____D C:\Rem-VBSqt
2018-11-19 15:57 - 2018-11-19 15:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Sony Corporation
2018-11-19 15:52 - 2018-11-19 16:26 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\LocalLow\Mozilla
2018-11-19 15:51 - 2018-11-19 15:58 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Mozilla
2018-11-19 15:51 - 2018-11-19 15:52 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Mozilla
2018-11-19 15:51 - 2018-11-19 15:51 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\AVAST Software
2018-11-19 15:51 - 2018-11-19 15:51 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\CEF
2018-11-19 15:49 - 2018-11-19 15:49 - 000099784 _____ C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Intel Corporation
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Atheros
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Adobe
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Google
2018-11-19 15:48 - 2018-11-19 17:35 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Sony Corporation
2018-11-19 15:48 - 2018-11-19 15:48 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\mbamtray
2018-11-19 15:47 - 2018-11-19 17:37 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Reciente
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Plantillas
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Mis documentos
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Menú Inicio
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Impresoras
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Entorno de red
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mis vídeos
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mis imágenes
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mi música
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Datos de programa
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Configuración local
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Historial
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Datos de programa
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Archivos temporales de Internet
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\VirtualStore
2018-11-19 15:47 - 2012-02-23 23:01 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Media Center Programs
2018-11-15 23:52 - 2018-11-15 23:52 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\iolo
2018-11-15 23:02 - 2018-11-15 23:02 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\CEF
2018-11-15 23:01 - 2018-11-15 23:05 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\Sony Corporation
2018-11-15 22:57 - 2018-11-15 23:20 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\Google
2018-11-15 22:57 - 2018-11-15 22:57 - 000099784 _____ C:\Users\TEMP.Tessa-VAIO\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-15 22:57 - 2018-11-15 22:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Intel Corporation
2018-11-15 22:57 - 2018-11-15 22:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Atheros
2018-11-15 22:56 - 2018-11-16 14:32 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Sony Corporation
2018-11-15 22:56 - 2018-11-15 22:56 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Adobe
2018-11-15 22:56 - 2018-11-15 22:56 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\mbamtray

EMPTYTEMP:
END

Lo guarda bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe o Frst64.exe según el caso y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajará.

Ejecute Frst.exe/Frst64.exe.
Presione el botón Fix y aguarde a que termine.
Si por alguna razón le pide reiniciar, lo permite
La Herramienta guardara el reporte en su escritorio (Fixlog.txt).
Lo pega en su próxima respuesta.

Cualquier problema vienes y lo comentas, no puse todo en el primer script por las dudas se colgara el Sistema ya que era mucho, en esta parte terminamos de eliminar restos.

Te esperamos para continuar.

Salu2.

CxW7Gab · 6 Diciembre, 2018 18:05

Hola,

Ya corrí el reporte que enviaste, no hubo problemas para ejecutarlo.

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by ATV_Admin (06-12-2018 12:54:46) Run:2
Running from C:\Users\ATV_Admin\Desktop
Loaded Profiles: ATV_Admin (Available Profiles: Tessa & ATV_Admin)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
CLOSEPROCESSES:
start

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2018-11-20] ()
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Extension: (ZenMate VPN - Mejor seguridad para Internet) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-12-04]
CHR Extension: (Avast Online Security) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-12-04]
CHR Extension: (PSafe Seguran�a Online) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\higfhiimhkcmfppmdckdpkdcdolcjooo [2018-12-04]
CHR Extension: (Proxy VPN gratis Hotspot Shield: desbloqueo de sitios) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2018-12-04]
CHR Extension: (SurfEasy VPN - Seguridad, Privacidad, Desbloquear) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiddbcijempnhhobijfbggjogofdlgl [2018-12-04]
CHR Extension: (TunnelBear VPN) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-12-04]
2018-12-04 14:23 - 2018-12-04 14:23 - 000000000 ____D C:\Users\ATV_Admin\AppData\Local\ESET
2018-12-04 14:05 - 2018-07-02 09:09 - 082248888 _____ (TunnelBear) C:\Users\ATV_Admin\Downloads\TunnelBear-Installer.exe
2018-12-04 14:01 - 2018-11-16 17:33 - 003426208 _____ (NordVPN) C:\Users\ATV_Admin\Downloads\NordVPNTapSetup.exe
2018-12-04 14:00 - 2018-11-20 19:21 - 000768736 _____ C:\Users\ATV_Admin\Downloads\Download Rem-VBSworm.pdf
2018-12-04 14:00 - 2015-12-07 19:18 - 001612560 _____ (NCH Software) C:\Users\ATV_Admin\Downloads\debutpsetup(2).exe
2018-12-04 14:00 - 2015-12-06 01:22 - 001069060 _____ (NCH Software) C:\Users\ATV_Admin\Downloads\debut.exe
2018-11-20 20:37 - 2018-11-20 20:43 - 000000000 ____D C:\Rem-VBSqt
2018-11-19 15:57 - 2018-11-19 15:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Sony Corporation
2018-11-19 15:52 - 2018-11-19 16:26 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\LocalLow\Mozilla
2018-11-19 15:51 - 2018-11-19 15:58 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Mozilla
2018-11-19 15:51 - 2018-11-19 15:52 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Mozilla
2018-11-19 15:51 - 2018-11-19 15:51 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\AVAST Software
2018-11-19 15:51 - 2018-11-19 15:51 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\CEF
2018-11-19 15:49 - 2018-11-19 15:49 - 000099784 _____ C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Intel Corporation
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Atheros
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Adobe
2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Google
2018-11-19 15:48 - 2018-11-19 17:35 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Sony Corporation
2018-11-19 15:48 - 2018-11-19 15:48 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\mbamtray
2018-11-19 15:47 - 2018-11-19 17:37 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Reciente
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Plantillas
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Mis documentos
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Men� Inicio
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Impresoras
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Entorno de red
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mis v�deos
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mis im�genes
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Documents\Mi m�sica
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Datos de programa
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\Configuraci�n local
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Historial
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Datos de programa
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 _SHDL C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Archivos temporales de Internet
2018-11-19 15:47 - 2018-11-19 15:47 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\VirtualStore
2018-11-19 15:47 - 2012-02-23 23:01 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Media Center Programs
2018-11-15 23:52 - 2018-11-15 23:52 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\iolo
2018-11-15 23:02 - 2018-11-15 23:02 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\CEF
2018-11-15 23:01 - 2018-11-15 23:05 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\Sony Corporation
2018-11-15 22:57 - 2018-11-15 23:20 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\Google
2018-11-15 22:57 - 2018-11-15 22:57 - 000099784 _____ C:\Users\TEMP.Tessa-VAIO\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-15 22:57 - 2018-11-15 22:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Intel Corporation
2018-11-15 22:57 - 2018-11-15 22:57 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Atheros
2018-11-15 22:56 - 2018-11-16 14:32 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Sony Corporation
2018-11-15 22:56 - 2018-11-15 22:56 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Adobe
2018-11-15 22:56 - 2018-11-15 22:56 - 000000000 ____D C:\Users\TEMP.Tessa-VAIO\AppData\Local\mbamtray

EMPTYTEMP:
END

*****************

Processes closed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
CHR Extension: (ZenMate VPN - Mejor seguridad para Internet) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-12-04] => Error: No automatic fix found for this entry.
CHR Extension: (Avast Online Security) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-12-04] => Error: No automatic fix found for this entry.
CHR Extension: (PSafe Seguran�a Online) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\higfhiimhkcmfppmdckdpkdcdolcjooo [2018-12-04] => Error: No automatic fix found for this entry.
CHR Extension: (Proxy VPN gratis Hotspot Shield: desbloqueo de sitios) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2018-12-04] => Error: No automatic fix found for this entry.
CHR Extension: (SurfEasy VPN - Seguridad, Privacidad, Desbloquear) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiddbcijempnhhobijfbggjogofdlgl [2018-12-04] => Error: No automatic fix found for this entry.
CHR Extension: (TunnelBear VPN) - C:\Users\ATV_Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-12-04] => Error: No automatic fix found for this entry.
C:\Users\ATV_Admin\AppData\Local\ESET => moved successfully
C:\Users\ATV_Admin\Downloads\TunnelBear-Installer.exe => moved successfully
C:\Users\ATV_Admin\Downloads\NordVPNTapSetup.exe => moved successfully
C:\Users\ATV_Admin\Downloads\Download Rem-VBSworm.pdf => moved successfully
C:\Users\ATV_Admin\Downloads\debutpsetup(2).exe => moved successfully
C:\Users\ATV_Admin\Downloads\debut.exe => moved successfully
C:\Rem-VBSqt => moved successfully
C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Sony Corporation => moved successfully
C:\Users\TEMP.Tessa-VAIO.000\AppData\LocalLow\Mozilla => moved successfully
C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Mozilla => moved successfully
C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Mozilla => moved successfully
C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\AVAST Software => moved successfully
C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\CEF => moved successfully
C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\GDIPFONTCACHEV1.DAT => moved successfully
C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Intel Corporation => moved successfully
C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Atheros => moved successfully
C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Adobe => moved successfully
C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Google => moved successfully
C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Sony Corporation => moved successfully
C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\mbamtray => moved successfully
C:\Users\TEMP.Tessa-VAIO.000 => moved successfully
"C:\Users\TEMP.Tessa-VAIO.000\Reciente" => not found
"C:\Users\TEMP.Tessa-VAIO.000\Plantillas" => not found
"C:\Users\TEMP.Tessa-VAIO.000\Mis documentos" => not found
"C:\Users\TEMP.Tessa-VAIO.000\Men� Inicio" => not found
"C:\Users\TEMP.Tessa-VAIO.000\Impresoras" => not found
"C:\Users\TEMP.Tessa-VAIO.000\Entorno de red" => not found
"C:\Users\TEMP.Tessa-VAIO.000\Documents\Mis v�deos" => not found
"C:\Users\TEMP.Tessa-VAIO.000\Documents\Mis im�genes" => not found
"C:\Users\TEMP.Tessa-VAIO.000\Documents\Mi m�sica" => not found
"C:\Users\TEMP.Tessa-VAIO.000\Datos de programa" => not found
"C:\Users\TEMP.Tessa-VAIO.000\Configuraci�n local" => not found
"C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programas" => not found
"C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Historial" => not found
"C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Datos de programa" => not found
"C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\Archivos temporales de Internet" => not found
"C:\Users\TEMP.Tessa-VAIO.000\AppData\Local\VirtualStore" => not found
"C:\Users\TEMP.Tessa-VAIO.000\AppData\Roaming\Media Center Programs" => not found
C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\iolo => moved successfully
C:\Users\TEMP.Tessa-VAIO\AppData\Local\CEF => moved successfully
C:\Users\TEMP.Tessa-VAIO\AppData\Local\Sony Corporation => moved successfully
C:\Users\TEMP.Tessa-VAIO\AppData\Local\Google => moved successfully
C:\Users\TEMP.Tessa-VAIO\AppData\Local\GDIPFONTCACHEV1.DAT => moved successfully
C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Intel Corporation => moved successfully
C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Atheros => moved successfully
C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Sony Corporation => moved successfully
C:\Users\TEMP.Tessa-VAIO\AppData\Roaming\Adobe => moved successfully
C:\Users\TEMP.Tessa-VAIO\AppData\Local\mbamtray => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13339322 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 8660 B
Edge => 0 B
Chrome => 0 B
Firefox => 17505952 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Tessa => 0 B
Tere.Tessa-VAIO => 0 B
ATV_Admin => 214535 B

RecycleBin => 0 B
EmptyTemp: => 29.6 MB temporary data Removed.

================================


The system needed a reboot.

SanMar · 7 Diciembre, 2018 04:22

Hola @CxW7Gab:

Has olvidado comentar como va el equipo.

Ademas:

1.- Verifica si se están realizando las actualizaciones automáticas.

2.- Para eliminar las herramientas utilizadas:

Descargas >> Delfix, a tu escritorio.

Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)
Marca solamente las casilla Remove disinfection tools y Purge System Restore.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Esto ademas de eliminar las herramientas usadas, eliminara tus puntos de restauración si los tuvieras activados para no volver a algún punto donde estuvieras infectada.

3.- Crea un punto de restauración manualmente, si es que no los tuvieras desactivados.

Nos comentas.

Salu2.

CxW7Gab · 7 Diciembre, 2018 19:19

Hola SanMar,

Ouch! olvide mencionar que el equipo va menor, tanto para iniciar como para cerrar, solo al cerrar dice que hay un proceso que debe terminar antes de cerrar. (No se cual es, porque no aparecía indicado cual) y luego inmediatamente comenzaba a cerrar. La ultima sesión, sí apareció el proceso como por 2 segundos, fue tan rápido que no alcance a leer.

En cuanto a las actualizaciones se han instalado todas menos las de windows defender del 3/4/5 /7 de este mes. que indica errores. Y si voy a la seccion de Windows defender solicita que la actualización se haga manual.

Ya corrí Delfix y cree el punto de restauración. ¿Quieres que suba el reporte?

Gracias y Salu2

SanMar · 7 Diciembre, 2018 20:34

Hola:

Por el momento no es necesario…

Veamos que pasa por allí.

Descarga FSS.exe a tu escritorio.

Ejecuta FSS.exe (Presiona clic derecho y seleccionas Ejecutar como administrador)

Marca las siguientes opciones:

Internet Services.
Windows Firewall
System Restore.
Security Center/Action Center.
Windows Update.
Windows Defender.

Presiona el botón Scan y esperá a que termine su trabajo.

Se abrirá un Bloc de notas. Copia y pega el contenido en tu próxima respuesta.

Salu2.

CxW7Gab · 7 Diciembre, 2018 23:07

Hola SanMar,

Ya corrí el reporte, este es el resultado:

Farbar Service Scanner Version: 27-01-2016
Ran by ATV_Admin (administrator) on 07-12-2018 at 18:02:58
Running from "C:\Users\ATV_Admin\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

SanMar · 8 Diciembre, 2018 00:55

Hola:

Se ve todo en orden…

Intenta volver a actualizar y toma una imagen del error que te de y la pegas en tu próxima respuesta.

Y si voy a la sección de Windows defender solicita que la actualización se haga manual.

Si desde Windows Update no se puede intenta:

https://www.microsoft.com/en-us/wdsi/definitions

Entra a ese enlace busca donde dice “Windows Defender in Windows 7 and Windows Vista”, selecciona tu arquitectura (64 bits) y sigue los pasos.

Nos comentas.

Salu2.