Ayuda con Troyano Occamy. C

Pako · 14 Abril, 2019 17:57

Hola chicos en primer lugar, daros las gracias por la ayuda que dais en este foro.

Mi problema es que hace unos días el antivirus de Windows 10, me “canta” esta amenaza; Trojan: Win32 / Occamy.C como Grave y me dice que está en C:\Windows\Tempg9B9A.tmp.exe, aunque no localizo ese nombre o extensión en la carpeta Temp.

¿Sabéis de que se trata, si es tan grave como dice el antivirus y en ese caso como poder eliminarlo?

Muchas gracias de antemano.

Nota: Estoy en este momento haciendo un examen completo con el Defender.

Miguelgrado · 14 Abril, 2019 17:58

Realiza los siguientes pasos, , sin cambiar el orden

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware,

Manual Malwarebytes, para que sepas usarlo y configurarlo.

Realiza un Análisis Personalizado,marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

Desactiva tu antivirus Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.
Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.
Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
Si no encuentra nada, pulsamos “Omitir Reparación”
El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Descarga Ccleaner

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, AdwCleaner y comentas como va el problema.

Pako · 16 Abril, 2019 18:30

Buenas tardes.

Pues ayer por fin pude realizar las acciones que me recomendaste, el análisis del Malwarebytes se me hizo eterno (10 h.), pero una vez hechos los tres pasos, no ha vuelto a salir ningún aviso ni en el Defender, ni en el propio Malwarebytes, sobre ninguna amenaza y mi portátil va bien en todos los sentidos.

Mil gracias por todo, os dejo los reportes que me pedíais.

Pako · 16 Abril, 2019 18:31

Reporte Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 15/4/19
Hora del análisis: 16:00
Archivo de registro: d7cffe06-5f86-11e9-bec4-dc4a3ed5f078.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10172
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17763.437)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-2I0OLCP\javin

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 563620
Amenazas detectadas: 30
Amenazas en cuarentena: 24
Tiempo transcurrido: 10 hr, 57 min, 4 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 1
Trojan.Wdfload.TskLnk, C:\PROGRAM FILES\STARTWOP PC PORT\STARTWOP PC PORT.DLL, En cuarentena, [8497], [424430],1.0.10172

Clave del registro: 6
Trojan.Wdfload.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\StartWop PC Port, En cuarentena, [8497], [424430],1.0.10172
Trojan.Wdfload.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EC99BB55-F37F-442C-A726-B80F93BDF18A}, En cuarentena, [8497], [424430],1.0.10172
Trojan.Wdfload.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{EC99BB55-F37F-442C-A726-B80F93BDF18A}, En cuarentena, [8497], [424430],1.0.10172
Trojan.Wdfload.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartWop PC Port, En cuarentena, [8497], [-1],0.0.0
Trojan.Wdfload.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC99BB55-F37F-442C-A726-B80F93BDF18A}, En cuarentena, [8497], [-1],0.0.0
Trojan.Wdfload.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EC99BB55-F37F-442C-A726-B80F93BDF18A}, En cuarentena, [8497], [-1],0.0.0

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 23
Trojan.Wdfload.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\StartWop PC Port, En cuarentena, [8497], [424430],1.0.10172
Trojan.Wdfload.TskLnk, C:\PROGRAM FILES\STARTWOP PC PORT\STARTWOP PC PORT.DLL, En cuarentena, [8497], [424430],1.0.10172
Trojan.Wdfload.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\StartWop PC Port, En cuarentena, [8497], [-1],0.0.0
HackTool.Patcher, C:\$RECYCLE.BIN\S-1-5-21-901605512-485480021-31954508-1001\$RWU670K.1-PVP\2018.7.3.1-PVP\ACTIVATION\ADOBE.SNR.PATCH.V2.0-PAINTER.ZIP, En cuarentena, [7760], [473286],1.0.10172
HackTool.Patcher, C:\$RECYCLE.BIN\S-1-5-21-901605512-485480021-31954508-1001\$RWU670K.1-PVP\2018.7.3.1-PVP\ACTIVATION.RAR, En cuarentena, [7760], [473286],1.0.10172
PUP.Optional.Booking, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\BOOKING.COM.LNK, En cuarentena, [883], [347183],1.0.10172
CrackTool.Agent, C:\USERS\JAVIN\APPDATA\LOCAL\PACKAGES\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_8WEKYB3D8BBWE\LOCALSTATE\FILES\S0\1\ATTACHMENTS\ATER.V0.9.2[6041].RAR, Error durante la eliminación, [6104], [445980],1.0.10172
CrackTool.Agent, C:\USERS\JAVIN\APPDATA\LOCAL\PACKAGES\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_8WEKYB3D8BBWE\LOCALSTATE\FILES\S0\1\ATTACHMENTS\ATER.V0.9.2[6042].RAR, Error durante la eliminación, [6104], [445980],1.0.10172
CrackTool.Agent, C:\USERS\JAVIN\APPDATA\LOCAL\PACKAGES\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_8WEKYB3D8BBWE\LOCALSTATE\FILES\S0\1\ATTACHMENTS\ATER.V0.9.2[6044].RAR, Error durante la eliminación, [6104], [445980],1.0.10172
CrackTool.Agent, C:\USERS\JAVIN\APPDATA\LOCAL\PACKAGES\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_8WEKYB3D8BBWE\LOCALSTATE\FILES\S0\1\ATER.V0.9.2[725].RAR, Error durante la eliminación, [6104], [445980],1.0.10172
CrackTool.Agent, C:\USERS\JAVIN\APPDATA\LOCAL\PACKAGES\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_8WEKYB3D8BBWE\LOCALSTATE\FILES\S0\1\ATER.V0.9.2[724].RAR, Error durante la eliminación, [6104], [445980],1.0.10172
CrackTool.Agent, C:\USERS\JAVIN\APPDATA\LOCAL\PACKAGES\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_8WEKYB3D8BBWE\LOCALSTATE\FILES\S0\1\ATER.V0.9.2[727].RAR, Error durante la eliminación, [6104], [445980],1.0.10172
Adware.Agent, C:\USERS\JAVIN\APPDATA\ROAMING\Microsoft\Windows\Recent\kmspico 10.2.0final.lnk, En cuarentena, [99], [418665],1.0.10172
Adware.Agent, C:\USERS\JAVIN\DOWNLOADS\KMSPICO 10.2.0FINAL.ZIP, En cuarentena, [99], [418665],1.0.10172
Adware.Agent, C:\USERS\JAVIN\DOWNLOADS\KMSPICO 10.2.0FINAL\KMSPICO 10.2.0 FINAL\KMSPICO_SETUP.EXE, En cuarentena, [99], [418665],1.0.10172
CrackTool.Agent, C:\USERS\JAVIN\DOWNLOADS\ALT092-MW\ATER.V0.9.2.RAR, En cuarentena, [6104], [445980],1.0.10172
PUP.Optional.HiddenStart.H, C:\USERS\JAVIN\DOWNLOADS\NTWIND.SOFTWARE.WINSNAP.V3.5.5.CRACKED-ERES\NTWIND.SOFTWARE.WINSNAP.V3.5.5.CRACKED-ERES\WINSNAP_3.5.5-SETUP.EXE, En cuarentena, [9341], [147296],1.0.10172
Generic.Malware/Suspicious, C:\USERS\JAVIN\DOWNLOADS\NTWIND.SOFTWARE.WINSNAP.V3.5.5.CRACKED-ERES\NTWIND.SOFTWARE.WINSNAP.V3.5.5.CRACKED-ERES\WINSNAP_3.5.5-SETUP.EXE, En cuarentena, [0], [392686],1.0.10172
CrackTool.Agent, C:\USERS\JAVIN\DOWNLOADS\PARCHE CC 2018.RAR, En cuarentena, [6104], [445980],1.0.10172
PUP.Optional.HiddenStart.H, C:\USERS\JAVIN\DOWNLOADS\NTWIND.SOFTWARE.WINSNAP.V3.5.5.CRACKED-ERES.RAR, En cuarentena, [9341], [147296],1.0.10172
Generic.Malware/Suspicious, C:\USERS\JAVIN\DOWNLOADS\NTWIND.SOFTWARE.WINSNAP.V3.5.5.CRACKED-ERES.RAR, En cuarentena, [0], [392686],1.0.10172
HackTool.FilePatch, C:\EASY.GIF.ANIMATOR.PRO.6.1.0.52\EASY.GIF.ANIMATOR.PRO.6.1.0.52.RAR, En cuarentena, [7745], [281135],1.0.10172
MachineLearning/Anomalous.100%, C:\DREAMSPELLV1\R-STUDIO+KEYGEN RECUPERAR ARCHIVOS DAñADOS\KEYGEN.EXE, En cuarentena, [0], [392687],1.0.10172

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Pako · 16 Abril, 2019 18:33

Reporte Adwcleaner: # ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-04-15.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-16-2019 # Duration: 00:00:08 # OS: Windows 10 Home # Cleaned: 23 # Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\firstbitcoinrevshare.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\huawei-hisuite.softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pageqq.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\plarium.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\revshare-monitor.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\revshare.life
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.firstbitcoinrevshare.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.pageqq.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\firstbitcoinrevshare.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\huawei-hisuite.softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pageqq.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\plarium.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\revshare-monitor.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\revshare.life
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.firstbitcoinrevshare.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.pageqq.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [6382 octets] - [16/04/2019 10:43:33]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Miguelgrado · 16 Abril, 2019 18:38

Tenias infecciones y demasiados Craks para piratear programas, y eso amigo

Vamos a ver que no quede nada por ahi:

Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.
Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) ¿Cómo saber si mi Windows es de 32 o 64 bits?
Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.
En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.
Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

Pako · 16 Abril, 2019 18:41

Si razón tienes amigo Miguel, de hecho, lo ultimo que he hecho ha sido comprarme la suscripción para los programas de adobe que uso.

Me pongo con lo que me recomiendas.

Un saludo y gracias de nuevo.

Pako · 16 Abril, 2019 19:07

Aquí te dejo los reportes FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2019 01 Ran by javin (administrator) on DESKTOP-2I0OLCP (16-04-2019 20:46:39) Running from C:\Users\javin\Desktop Loaded Profiles: javin (Available Profiles: javin) Platform: Windows 10 Home Version 1809 17763.437 (X64) Language: Español (España, internacional) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe
() [File not signed] C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe
(Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19032.714.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\MsMpEng.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\NisSrv.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8911872 2017-02-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2017-02-16] (Wondershare software CO., LIMITED -> )
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [588288 2016-01-08] (Nikon Corporation) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-901605512-485480021-31954508-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-05] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-05-31]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{a01621d5-856d-4a31-803a-01d3c7ed1056}: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{d012875d-ea29-4e32-a8fa-650270ae9837}: [DhcpNameServer] 80.58.61.254 80.58.61.250

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-901605512-485480021-31954508-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.es/
HKU\S-1-5-21-901605512-485480021-31954508-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 -> {E205D7C8-9188-4A27-8BAC-11B823C052A4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-901605512-485480021-31954508-1001 -> {E205D7C8-9188-4A27-8BAC-11B823C052A4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2017-02-16] (Wondershare software CO., LIMITED -> Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

Edge: 
======
Edge Extension: (Traductor para Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.51.0_neutral__8wekyb3d8bbwe [2019-02-03]

FireFox:
========
FF DefaultProfile: oixtpnh5.default-1506765810143
FF ProfilePath: C:\Users\javin\AppData\Roaming\Mozilla\Firefox\Profiles\oixtpnh5.default-1506765810143 [2019-04-16]
FF Homepage: Mozilla\Firefox\Profiles\oixtpnh5.default-1506765810143 -> hxxp://es.beruby.com/portal/home/?user_page=693593
FF Extension: (SimilarWeb - Traffic Rank & Website Analysis) - C:\Users\javin\AppData\Roaming\Mozilla\Firefox\Profiles\oixtpnh5.default-1506765810143\Extensions\[email protected] [2018-10-29]
FF Extension: (Real Madrid Blue) - C:\Users\javin\AppData\Roaming\Mozilla\Firefox\Profiles\oixtpnh5.default-1506765810143\Extensions\{14ad30be-4624-49a9-b138-29c1a71947f8}.xpi [2019-03-21]
FF Extension: (ColorZilla) - C:\Users\javin\AppData\Roaming\Mozilla\Firefox\Profiles\oixtpnh5.default-1506765810143\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-10-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected]_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected]_xpi [2017-02-19] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] (WildTangent Inc -> )
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)

Chrome: 
=======
CHR Profile: C:\Users\javin\AppData\Local\Google\Chrome\User Data\Default [2019-04-16]
CHR Extension: (Presentaciones) - C:\Users\javin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documentos) - C:\Users\javin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\javin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-12]
CHR Extension: (YouTube) - C:\Users\javin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-12]
CHR Extension: (Hojas de cálculo) - C:\Users\javin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\javin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-24]
CHR Extension: (HP Network Check Launcher) - C:\Users\javin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2018-09-15]
CHR Extension: (Player para ver Movistar+) - C:\Users\javin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenfcfndncbbggmafjjeihkdclggbojn [2019-03-13]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\javin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-25]
CHR Extension: (Gmail) - C:\Users\javin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-12]
CHR Extension: (Chrome Media Router) - C:\Users\javin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-03]
CHR Profile: C:\Users\javin\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-16]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [264224 2015-09-25] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-01-09] (AMD) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2015-09-18] (Realtek Semiconductor Corp -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11082312 2019-04-02] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-08] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-08] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-18] (Intel(R) Software -> Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent Inc -> WildTangent)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370640 2019-02-25] (Intel Corporation -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2017-02-08] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [326656 2017-02-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [687072 2018-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
R2 ThemlerApache; C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe [20992 2015-07-13] (Apache Software Foundation) [File not signed]
R2 ThemlerMySql; C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe [8148480 2015-07-13] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\NisSrv.exe [3856504 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MsMpEng.exe [113992 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare software CO., LIMITED -> Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21653520 2015-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [684560 2015-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corp. -> CyberLink Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-18] (Intel(R) Software -> Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2015-08-18] (Intel(R) Software -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-18] (Intel(R) Software -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-04-14] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-16] (Malwarebytes Corporation -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek Semiconductor Corp -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-13] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205952 2017-04-18] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343520 2019-04-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [68576 2019-04-09] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35600 2019-02-01] (HP Inc. -> HP)
R3 WsAudio_Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare Software Co., Ltd.  -> Wondershare)

Pako · 16 Abril, 2019 19:08

CONTINUACIÓN FRST ==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-16 20:46 - 2019-04-16 20:49 - 000031880 _____ C:\Users\javin\Desktop\FRST.txt
2019-04-16 20:46 - 2019-04-16 20:46 - 000000000 ____D C:\FRST
2019-04-16 20:44 - 2019-04-16 20:44 - 002434048 _____ (Farbar) C:\Users\javin\Desktop\FRST64.exe
2019-04-16 11:35 - 2019-04-16 11:36 - 000007970 _____ C:\Users\javin\Desktop\cc_20190416_113552.reg
2019-04-16 11:33 - 2019-04-16 11:33 - 021254208 _____ (Piriform Software Ltd) C:\Users\javin\Downloads\ccsetup556.exe
2019-04-16 11:28 - 2019-04-16 11:29 - 000880408 _____ C:\Users\javin\Desktop\cc_20190416_112759.reg
2019-04-16 10:59 - 2019-04-16 11:34 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-04-16 10:59 - 2019-04-16 11:34 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-04-16 10:59 - 2019-04-16 10:59 - 000002888 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-04-16 10:59 - 2019-04-16 10:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-04-16 10:59 - 2019-04-16 10:59 - 000000000 ____D C:\Program Files\CCleaner
2019-04-16 10:52 - 2019-04-16 10:52 - 021205512 _____ (Piriform Software Ltd) C:\Users\javin\Downloads\ccsetup555.exe
2019-04-16 10:49 - 2019-04-16 10:49 - 000006150 _____ C:\Users\javin\Desktop\AdwCleaner[C00].txt
2019-04-16 10:46 - 2019-04-16 10:46 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-16 10:44 - 2019-04-16 10:44 - 000006382 _____ C:\Users\javin\Desktop\AdwCleaner[S00].txt
2019-04-16 10:41 - 2019-04-16 10:45 - 000000000 ____D C:\AdwCleaner
2019-04-16 10:37 - 2019-04-16 10:37 - 007025360 _____ (Malwarebytes) C:\Users\javin\Desktop\adwcleaner_7.3.exe
2019-04-16 10:29 - 2019-04-16 10:29 - 000006303 _____ C:\Users\javin\Desktop\Malwarebytes-3.txt
2019-04-16 10:29 - 2019-04-16 10:29 - 000006303 _____ C:\Users\javin\Desktop\Malwarebytes-2.txt
2019-04-16 10:14 - 2019-04-16 10:14 - 000006836 _____ C:\Users\javin\Desktop\Malwarebytes.txt
2019-04-15 14:44 - 2019-04-16 16:52 - 000003112 _____ C:\WINDOWS\System32\Tasks\AMDLinkUpdate
2019-04-14 20:16 - 2019-04-14 20:16 - 000000000 ____D C:\Users\javin\AppData\Local\mbam
2019-04-14 20:15 - 2019-04-14 20:15 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-04-14 20:15 - 2019-04-14 20:15 - 000000000 ____D C:\Users\javin\AppData\Local\mbamtray
2019-04-14 20:15 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-04-14 20:14 - 2019-04-14 20:14 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-14 20:14 - 2019-04-14 20:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-14 20:14 - 2019-04-14 20:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-14 20:14 - 2019-04-14 20:14 - 000000000 ____D C:\Program Files\Malwarebytes
2019-04-14 20:14 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-13 21:59 - 2019-04-13 21:59 - 000000000 ____D C:\WINDOWS\pss
2019-04-12 11:22 - 2019-04-12 11:23 - 000204437 _____ C:\Users\javin\Downloads\NOTA PRENSA PLENO E. MARZO LAS NAVAS.pdf
2019-04-12 00:00 - 2019-04-12 00:12 - 000000000 ____D C:\Program Files\KMSpico
2019-04-12 00:00 - 2019-04-12 00:00 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe
2019-04-12 00:00 - 2019-04-12 00:00 - 000003584 _____ C:\WINDOWS\SECOH-QAD.dll
2019-04-11 23:59 - 2019-04-11 23:59 - 000000000 ____D C:\Users\javin\Downloads\kmspico 10.2.0final
2019-04-11 10:36 - 2019-04-01 20:02 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-11 10:36 - 2019-04-01 20:02 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-11 10:20 - 2019-04-11 10:20 - 020815360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 019025408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 012139008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 007919104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 006071296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 003904512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 003690496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2019-04-11 10:20 - 2019-04-11 10:20 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 003421696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2019-04-11 10:20 - 2019-04-11 10:20 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 001521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 001459080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 001297120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 001294520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 001259320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-04-11 10:20 - 2019-04-11 10:20 - 001072424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000454144 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000263600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-04-11 10:20 - 2019-04-11 10:20 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2019-04-11 10:20 - 2019-04-11 10:20 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-04-11 10:20 - 2019-04-11 10:20 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfts.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2019-04-11 10:20 - 2019-04-11 10:20 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfts.dll
2019-04-11 10:19 - 2019-04-11 10:20 - 008898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 026810368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 023440896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 012843520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 007877120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 006544824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 006440960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 005765120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 005205448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 004660224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 004527624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 003496448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AI.MachineLearning.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 002346496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 002275896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 002127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001615872 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuin.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001590064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001506304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001467344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001458056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001370624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001249280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001221944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001155072 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001072640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001019392 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000964096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000909840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-04-11 10:19 - 2019-04-11 10:19 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-11 10:19 - 2019-04-11 10:19 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000828728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-04-11 10:19 - 2019-04-11 10:19 - 000772608 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000762880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000731648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000730112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000653040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000617784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000540448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000460800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000408528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-11 10:19 - 2019-04-11 10:19 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000312632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvsetup.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2019-04-11 10:19 - 2019-04-11 10:19 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscapi.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2019-04-11 10:19 - 2019-04-11 10:19 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-11 10:19 - 2019-04-11 10:19 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscdll.dll
2019-04-11 10:18 - 2019-04-11 10:19 - 015223296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-11 10:18 - 2019-04-11 10:18 - 006925824 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 004704272 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 004588536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-04-11 10:18 - 2019-04-11 10:18 - 004304896 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 003657728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-11 10:18 - 2019-04-11 10:18 - 002925880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-11 10:18 - 2019-04-11 10:18 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-04-11 10:18 - 2019-04-11 10:18 - 002777224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 002701304 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 002689024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 002627384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-11 10:18 - 2019-04-11 10:18 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001994768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001969464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-04-11 10:18 - 2019-04-11 10:18 - 001918464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001830200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001711104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001697752 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-11 10:18 - 2019-04-11 10:18 - 001687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001647632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001641400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001478968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001468952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-11 10:18 - 2019-04-11 10:18 - 001395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001360184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-04-11 10:18 - 2019-04-11 10:18 - 001342400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-11 10:18 - 2019-04-11 10:18 - 001311232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001256448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 001179680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-11 10:18 - 2019-04-11 10:18 - 001145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000998712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-04-11 10:18 - 2019-04-11 10:18 - 000981816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-04-11 10:18 - 2019-04-11 10:18 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000821048 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000809784 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-04-11 10:18 - 2019-04-11 10:18 - 000737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000730936 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000725928 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000672256 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000620560 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000598544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000568632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000553784 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-04-11 10:18 - 2019-04-11 10:18 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_PCDisplay.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000474928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-04-11 10:18 - 2019-04-11 10:18 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-04-11 10:18 - 2019-04-11 10:18 - 000461112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-04-11 10:18 - 2019-04-11 10:18 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-04-11 10:18 - 2019-04-11 10:18 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-11 10:18 - 2019-04-11 10:18 - 000257696 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.CredentialProvider.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-04-11 10:18 - 2019-04-11 10:18 - 000159272 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-11 10:18 - 2019-04-11 10:18 - 000147496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-04-11 10:18 - 2019-04-11 10:18 - 000143880 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-11 10:18 - 2019-04-11 10:18 - 000134456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000115360 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-04-11 10:18 - 2019-04-11 10:18 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000107832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000071208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscapi.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000039736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WppRecorder.sys
2019-04-11 10:18 - 2019-04-11 10:18 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-11 10:18 - 2019-04-11 10:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-11 10:18 - 2019-04-11 10:18 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscdll.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 017513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 007645608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 004991112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AI.MachineLearning.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 003557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 003377976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-11 10:17 - 2019-04-11 10:17 - 003334496 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 002842624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 002592816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 002469376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-11 10:17 - 2019-04-11 10:17 - 002438368 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 002042368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 001892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 001856000 ____R (The ICU Project) C:\WINDOWS\system32\icuin.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 001844448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 001671680 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 001616384 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 001567232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 001259320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-04-11 10:17 - 2019-04-11 10:17 - 001213752 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 001191728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 001133568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2019-04-11 10:17 - 2019-04-11 10:17 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-11 10:17 - 2019-04-11 10:17 - 001054200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-11 10:17 - 2019-04-11 10:17 - 001053192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-04-11 10:17 - 2019-04-11 10:17 - 001035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 001022616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000984888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-04-11 10:17 - 2019-04-11 10:17 - 000982880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000974352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000882176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-04-11 10:17 - 2019-04-11 10:17 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000871792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000865784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2019-04-11 10:17 - 2019-04-11 10:17 - 000807424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-11 10:17 - 2019-04-11 10:17 - 000799568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000793832 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000761280 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000757664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-11 10:17 - 2019-04-11 10:17 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000675096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000651064 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-04-11 10:17 - 2019-04-11 10:17 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000552448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-11 10:17 - 2019-04-11 10:17 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-04-11 10:17 - 2019-04-11 10:17 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000513040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000508208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000506168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000485192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000407504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000404792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-04-11 10:17 - 2019-04-11 10:17 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000386872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000386360 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000384312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000343984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000283032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiCloudStore.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000255128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmBroker.exe
2019-04-11 10:17 - 2019-04-11 10:17 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000169784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-11 10:17 - 2019-04-11 10:17 - 000159112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winquic.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000157496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2019-04-11 10:17 - 2019-04-11 10:17 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winquic.sys
2019-04-11 10:17 - 2019-04-11 10:17 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-04-11 10:17 - 2019-04-11 10:17 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000098664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000097808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2019-04-11 10:17 - 2019-04-11 10:17 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-04-11 10:17 - 2019-04-11 10:17 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2019-04-11 10:17 - 2019-04-11 10:17 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-04-11 10:17 - 2019-04-11 10:17 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-11 10:17 - 2019-04-11 10:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-04-11 10:17 - 2019-04-11 10:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-04-11 10:17 - 2019-04-11 10:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-04-11 10:17 - 2019-04-11 10:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-04-11 10:17 - 2019-04-11 10:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-04-11 10:17 - 2019-04-11 10:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-04-11 10:17 - 2019-04-11 10:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-04-11 10:17 - 2019-04-11 10:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-04-11 10:16 - 2019-04-11 10:17 - 002720256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-11 10:16 - 2019-04-11 10:16 - 002022304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-11 10:16 - 2019-04-11 10:16 - 002017792 _____ C:\WINDOWS\system32\rdpnano.dll
2019-04-11 10:16 - 2019-04-11 10:16 - 001672704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-11 10:16 - 2019-04-11 10:16 - 001496576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-11 10:16 - 2019-04-11 10:16 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-11 10:16 - 2019-04-11 10:16 - 001044280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-11 10:16 - 2019-04-11 10:16 - 000651792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-11 10:16 - 2019-04-11 10:16 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-04-11 10:16 - 2019-04-11 10:16 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-11 10:16 - 2019-04-11 10:16 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-11 10:16 - 2019-04-11 10:16 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-04-11 10:16 - 2019-04-11 10:16 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2019-04-11 10:16 - 2019-04-11 10:16 - 000306488 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-04-11 10:16 - 2019-04-11 10:16 - 000300344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2019-04-11 10:16 - 2019-04-11 10:16 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-11 10:16 - 2019-04-11 10:16 - 000234808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2019-04-11 10:16 - 2019-04-11 10:16 - 000195896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-11 10:16 - 2019-04-11 10:16 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-04-11 10:16 - 2019-04-11 10:16 - 000131384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-04-11 10:16 - 2019-04-11 10:16 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-11 10:16 - 2019-04-11 10:16 - 000090424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-10 23:40 - 2019-04-11 10:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-04-10 01:12 - 2019-04-10 01:12 - 000000000 ____D C:\Users\javin\Downloads\Microsoft_Toolkit v2.6.2_PS2050
2019-04-10 01:09 - 2019-04-10 01:09 - 058280620 _____ C:\Users\javin\Downloads\Microsoft_Toolkit v2.6.2_PS2050.rar
2019-04-10 00:53 - 2019-04-10 00:53 - 000002631 _____ C:\Users\javin\Desktop\configuraciones.bat
2019-04-10 00:48 - 2019-04-10 00:48 - 000000000 ____D C:\Users\javin\Downloads\Office_2016_+configuracion
2019-04-10 00:47 - 2019-04-10 00:48 - 001934753 _____ C:\Users\javin\Downloads\Office_2016_+configuracion.zip
2019-04-10 00:46 - 2019-04-10 00:46 - 001504927 _____ C:\Users\javin\Downloads\Office 2016 Profesional 64 Bits.rar
2019-04-10 00:46 - 2019-04-10 00:46 - 000000000 ____D C:\Users\javin\Downloads\Office 2016 Profesional 64 Bits
2019-04-08 19:55 - 2019-04-08 19:55 - 000323886 _____ C:\Users\javin\Downloads\Gatitos.zip
2019-04-06 10:41 - 2019-04-06 10:41 - 009697565 _____ C:\Users\javin\Downloads\CATALOGO_CURVAS.pdf
2019-04-06 10:41 - 2019-04-06 10:41 - 000418433 _____ C:\Users\javin\Downloads\INVITACION ARTISTAS_EXPO M CALVO.pdf
2019-04-05 22:38 - 2019-04-05 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-04-05 21:51 - 2019-04-05 21:51 - 000004164 _____ C:\Users\javin\Downloads\JAVIER SOMOZA - Muestra Presets.zip
2019-04-03 22:59 - 2019-04-03 22:59 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-04-03 22:59 - 2019-04-03 22:59 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-04-03 22:59 - 2019-04-03 22:59 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-04-03 22:59 - 2019-04-03 22:59 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-04-03 01:19 - 2019-04-03 01:19 - 000001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom CC.lnk
2019-04-03 01:19 - 2019-04-03 01:19 - 000001055 _____ C:\Users\javin\Desktop\Lightroom CC.lnk
2019-04-03 01:10 - 2019-04-03 01:10 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2019.lnk
2019-04-03 00:50 - 2019-04-03 00:51 - 000001278 _____ C:\Users\javin\Desktop\Adobe Lightroom Classic CC.lnk
2019-04-03 00:50 - 2019-04-03 00:50 - 000001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic CC.lnk
2019-04-03 00:05 - 2019-04-03 00:05 - 000001409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2019-04-03 00:05 - 2019-04-03 00:05 - 000001397 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2019-04-02 23:50 - 2019-04-02 23:50 - 000000000 ____D C:\Users\Public\Documents\Adobe
2019-04-02 23:44 - 2019-04-03 00:19 - 000000000 ___RD C:\Users\javin\Creative Cloud Files
2019-04-02 18:21 - 2019-04-02 18:21 - 000185358 _____ C:\Users\javin\Downloads\NP_Casi 200 eventos y actividades forman parte de la programación de Las Navas del Marqués.pdf
2019-04-01 22:41 - 2019-04-01 22:41 - 000000000 ____D C:\Users\javin\Downloads\JAVIER SOMOZA - Colección Completa Presets
2019-04-01 21:40 - 2019-04-01 21:41 - 003246982 _____ C:\Users\javin\Downloads\JAVIER SOMOZA - Colección Completa Presets.zip
2019-04-01 10:43 - 2019-04-01 10:43 - 000207106 _____ C:\Users\javin\Downloads\LM_Imagenes_optimizadas.pdf
2019-03-31 18:47 - 2019-03-31 18:48 - 000965222 _____ C:\Users\javin\Downloads\Ingediente secreto portafolio Web que vende bodas (1).pdf
2019-03-28 21:56 - 2019-03-28 21:56 - 001511153 _____ C:\Users\javin\Desktop\avanzav-2.psd

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-16 20:47 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-16 19:57 - 2017-02-08 21:13 - 000000000 ____D C:\Users\javin\AppData\LocalLow\Mozilla
2019-04-16 19:55 - 2019-03-13 02:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-16 18:09 - 2019-03-13 03:07 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjavin
2019-04-16 18:09 - 2017-10-20 00:38 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjavin.job
2019-04-16 17:08 - 2017-06-10 02:28 - 000000000 ____D C:\Users\javin\AppData\Local\PokerStars.ES
2019-04-16 16:54 - 2017-02-08 20:58 - 000000000 ____D C:\Users\javin\Documents\YouCam
2019-04-16 16:51 - 2017-04-17 01:50 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-04-16 16:51 - 2017-02-08 20:57 - 000000000 __SHD C:\Users\javin\IntelGraphicsProfiles
2019-04-16 11:21 - 2017-02-19 18:21 - 000000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2019-04-16 11:18 - 2019-03-12 20:28 - 000000000 ___DC C:\WINDOWS\Panther
2019-04-16 11:18 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-04-16 11:18 - 2018-09-15 09:31 - 000000000 ____D C:\WINDOWS\INF
2019-04-16 11:18 - 2017-02-12 03:33 - 000000000 ____D C:\Users\javin\AppData\Local\CrashDumps
2019-04-16 10:46 - 2019-03-13 03:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-16 10:45 - 2018-09-15 08:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-16 10:20 - 2017-04-12 02:06 - 000000000 ____D C:\Easy.GIF.Animator.Pro.6.1.0.52
2019-04-16 10:20 - 2017-02-09 20:51 - 000000000 ____D C:\Users\javin\Downloads\ALT092-MW
2019-04-16 10:17 - 2017-05-31 18:34 - 000000000 ____D C:\Users\javin\AppData\Local\HP
2019-04-16 03:02 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-16 03:02 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-15 15:47 - 2018-04-25 02:44 - 000000000 ____D C:\Users\javin\Documents\MEGAsync Downloads
2019-04-15 15:42 - 2017-02-10 11:31 - 000000000 ____D C:\Users\javin\Documents\Documentos 10
2019-04-14 20:15 - 2018-09-15 09:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-14 18:07 - 2017-02-10 02:49 - 000000000 ____D C:\Program Files\Microsoft Office
2019-04-13 22:14 - 2019-03-13 02:37 - 001927984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-13 22:14 - 2018-09-15 18:36 - 000831554 _____ C:\WINDOWS\system32\perfh00A.dat
2019-04-13 22:14 - 2018-09-15 18:36 - 000175746 _____ C:\WINDOWS\system32\perfc00A.dat
2019-04-13 21:57 - 2018-05-19 13:05 - 000000000 ____D C:\Users\javin\AppData\Local\D3DSCache
2019-04-13 21:23 - 2017-03-10 11:29 - 000000000 ____D C:\Users\javin\AppData\Local\ElevatedDiagnostics
2019-04-13 10:02 - 2019-03-13 02:12 - 000000000 ____D C:\Users\javin
2019-04-12 23:10 - 2018-09-15 09:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-12 11:24 - 2017-11-16 19:23 - 000000000 ____D C:\Users\javin\AppData\Local\Packages
2019-04-12 10:33 - 2018-09-15 08:09 - 000000000 ____D C:\WINDOWS\servicing
2019-04-11 10:52 - 2018-05-18 22:50 - 000000000 ____D C:\Users\javin\AppData\Local\PlaceholderTileLogoFolder
2019-04-11 10:35 - 2019-03-13 02:05 - 000497328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-11 10:34 - 2017-02-08 21:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-11 10:32 - 2018-09-15 09:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-04-11 10:32 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-04-11 10:32 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-04-11 10:32 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-11 10:32 - 2018-09-15 08:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-04-11 09:52 - 2017-02-08 21:12 - 000001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-04-10 18:55 - 2017-02-08 23:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-10 18:16 - 2017-02-08 23:50 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-09 19:04 - 2019-03-13 03:07 - 000004618 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-09 19:04 - 2019-03-13 03:07 - 000004394 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-04-09 19:04 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-04-09 19:04 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-04-09 10:06 - 2018-02-26 11:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-07 17:30 - 2017-02-10 03:00 - 000000000 ____D C:\Users\javin\AppData\Local\MSfree Inc
2019-04-05 22:39 - 2017-02-08 18:33 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-04-05 20:29 - 2018-09-15 09:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-04-05 10:48 - 2017-02-12 02:59 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-03 01:21 - 2017-02-09 02:13 - 000000000 ____D C:\Users\javin\AppData\Local\Adobe
2019-04-03 01:21 - 2017-02-08 20:57 - 000000000 ____D C:\Users\javin\AppData\Roaming\Adobe
2019-04-03 01:19 - 2017-02-09 19:45 - 000000000 ____D C:\Program Files\Adobe
2019-04-03 01:10 - 2017-02-09 20:10 - 000000000 ____D C:\Users\javin\Documents\Adobe
2019-04-03 01:10 - 2017-02-09 19:47 - 000000000 ____D C:\Program Files\Common Files\Adobe
2019-04-03 00:51 - 2017-02-09 19:37 - 000000000 ____D C:\ProgramData\Adobe
2019-04-03 00:02 - 2017-02-09 19:37 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-04-02 23:45 - 2017-02-08 18:03 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-01 19:16 - 2017-02-08 18:10 - 000000000 ____D C:\ProgramData\Realtek
2019-04-01 11:13 - 2018-06-26 10:41 - 047754314 _____ C:\Users\javin\Downloads\CartelDosPerros-FLASH.psd
2019-03-31 18:14 - 2019-03-13 03:07 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-901605512-485480021-31954508-1001
2019-03-31 18:14 - 2019-03-13 02:12 - 000002400 _____ C:\Users\javin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-31 18:14 - 2017-02-08 21:02 - 000000000 ___RD C:\Users\javin\OneDrive
2019-03-29 23:09 - 2017-02-09 21:58 - 000000000 ____D C:\Users\javin\Documents\Camtasia Studio
2019-03-28 21:55 - 2017-02-25 12:48 - 000001456 _____ C:\Users\javin\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2019-03-28 11:42 - 2019-03-13 03:07 - 000003618 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 11:42 - 2019-03-13 03:07 - 000003494 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-23 20:16 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\ServiceState
2019-03-19 19:24 - 2017-06-10 02:26 - 000000000 ____D C:\Program Files (x86)\PokerStars.ES
2019-03-18 12:05 - 2017-04-17 01:50 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat

==================== Files in the root of some directories =======

2017-07-20 21:24 - 2018-04-03 16:30 - 000000033 _____ () C:\Users\javin\AppData\Roaming\AdobeWLCMCache.dat
2018-05-19 12:39 - 2018-05-19 12:39 - 000000268 ___RH () C:\Users\javin\AppData\Roaming\Mallets
2018-05-19 12:39 - 2018-05-19 12:39 - 000000268 ___RH () C:\Users\javin\AppData\Roaming\MediaFolder
2017-02-25 12:48 - 2019-03-28 21:55 - 000001456 _____ () C:\Users\javin\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2017-02-08 20:57 - 2019-04-16 16:53 - 001851813 _____ () C:\Users\javin\AppData\Local\BTServer.log
2018-01-19 01:06 - 2018-01-19 01:06 - 000000001 _____ () C:\Users\javin\AppData\Local\llftool.4.40.agreement
2018-09-29 09:45 - 2018-09-29 09:45 - 000000000 _____ () C:\Users\javin\AppData\Local\oobelibMkey.log
2017-09-16 13:16 - 2017-09-16 13:16 - 000007605 _____ () C:\Users\javin\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Pako · 16 Abril, 2019 19:14

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2019 01
Ran by javin (16-04-2019 20:52:29)
Running from C:\Users\javin\Desktop
Windows 10 Home Version 1809 17763.437 (X64) (2019-03-13 01:09:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-901605512-485480021-31954508-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-901605512-485480021-31954508-503 - Limited - Disabled)
Invitado (S-1-5-21-901605512-485480021-31954508-501 - Limited - Disabled)
javin (S-1-5-21-901605512-485480021-31954508-1001 - Administrator - Enabled) => C:\Users\javin
WDAGUtilityAccount (S-1-5-21-901605512-485480021-31954508-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.1.435 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Lightroom CC (HKLM-x32\...\LRCC_2_2) (Version: 2.2 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_2) (Version: 8.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.1.1 - Advanced Micro Devices, Inc.)
Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.3 - Extensoft)
Bejeweled 3 (HKLM-x32\...\WTA-616397ca-2962-4c07-a272-ffaf4581d2aa) (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Build-a-lot (HKLM-x32\...\WTA-e3e8dc38-55f1-4ed4-b46d-77e8905c294c) (Version: 3.0.2.59 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-921a95df-0b2d-46e0-a1cb-28ef2abb3c3f) (Version: 3.0.2.48 - WildTangent) Hidden
Camtasia 9 (HKLM\...\{5B345FC0-9E6D-4D22-9718-682DB0CF2414}) (Version: 9.0.0.1306 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{357abfe9-0513-4326-9e53-3b7654e9819d}) (Version: 9.0.0.1306 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
ClacRadio v5.9 (HKLM-x32\...\{21B2F09D-B40F-4A51-8415-653383B3FF85}_is1) (Version:  - ClacSoft)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Crazy Chicken Soccer (HKLM-x32\...\WTA-54cb9f0a-2115-484c-b092-f981bd344e9c) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - Nombre de su organización) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - Nombre de su organización) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-dd2139b6-24ab-4bb1-ba85-d740b5f39d72) (Version: 3.0.2.59 - WildTangent) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
digiCamControl (HKLM-x32\...\digiCamControl) (Version: 1.1.795 - Duka Istvan)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DIYPhotoBits.com Camera Control 5.2 (HKLM-x32\...\{6A5B1D32-CC86-4689-B43C-AD52A9B8773B}) (Version: 5.2 - Raymond Lowe)
DJ_AIO_06_F2400_SW_Min (HKLM-x32\...\{D1E8CEBA-EC2B-4B37-97B8-C87AF6302601}) (Version: 140.0.851.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 70.4.93 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Easy GIF Animator 6.1 (HKLM-x32\...\Easy GIF Animator_is1) (Version: Easy GIF Animator 6.0 - Karlis Blumentals)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
F2400 (HKLM-x32\...\{60F0F139-0C04-4D9C-9C6C-DEF35766BAB3}) (Version: 140.0.851.000 - Hewlett-Packard) Hidden
FileZilla Client 3.28.0 (HKLM-x32\...\FileZilla Client) (Version: 3.28.0 - Tim Kosse)
FormatFactory 4.5.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.5.0.0 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
Hard Disk Low Level Format Tool 4.40 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{BCDD692B-172D-440A-9A1B-501C71D72CC8}) (Version: 14.0 - HP)
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F5A806D1-650F-40B3-92F0-AFB2E7B0075E}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5063 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-414ab5d5-a4f4-46f1-9a88-82a38a9554ad) (Version: 2.2.0.97 - WildTangent) Hidden
Juegos WildTangent (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Local by Flywheel 2.0.6 (only current user) (HKU\S-1-5-21-901605512-485480021-31954508-1001\...\67ab15dc-0a8b-5db2-8ebe-bd4994c956f6) (Version: 2.0.6 - Flywheel)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11425.20204 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-901605512-485480021-31954508-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 66.0.3 (x64 es-ES) (HKLM\...\Mozilla Firefox 66.0.3 (x64 es-ES)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.3.0 - Nikon Corporation)
Nikon Transfer 2 (HKLM-x32\...\{4D5EE11A-0D0A-4214-ABAC-72419F7BE24D}) (Version: 2.12.11 - Nikon Corporation)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Nombre de su organización)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.11425.20204 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.20 (HKLM\...\{CD6E345E-ECBC-4F98-BB28-276ACBBCD4DE}) (Version: 5.1.20 - Oracle Corporation)
Photo Mechanic 5 (HKLM-x32\...\{DE924CF0-B8BB-42BA-BDA0-14535F79DF3F}) (Version: 5.0 - Camera Bits, Inc)
Picture Control Utility 2 (HKLM\...\{46BEAB85-B86A-4AAB-B085-136ECA032CF4}) (Version: 2.3.1 - Nikon Corporation)
PokerStars.es (HKLM-x32\...\PokerStars.es) (Version:  - PokerStars.es)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-ea121c86-8a23-4b13-8c32-d8853296b3f8) (Version: 3.0.2.59 - WildTangent) Hidden
Programa Saal Design (HKLM-x32\...\{CB151870-B711-E4E0-EDC2-19D7A047E986}) (Version: 4.1 - Saal Digital Fotoservice GmbH) Hidden
Programa Saal Design (HKLM-x32\...\ProgramaSaalDesign) (Version: 4.1 - Saal Digital Fotoservice GmbH)
PX Profile Update (HKLM-x32\...\{6989BE86-B5BE-BF83-3AE9-4908B41EC1A2}) (Version: 1.00.1. - AMD) Hidden
QuickTransfer (HKLM-x32\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-2d63d392-8b99-429a-834e-5f080909c553) (Version: 2.2.0.97 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.46 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.60 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Runefall (HKLM-x32\...\WTA-0146b895-65f4-4006-83e2-9c71a27b02ee) (Version: 3.0.2.126 - WildTangent) Hidden
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{a47edec4-fa11-4d02-b329-4424d0197af8}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Songr (HKU\S-1-5-21-901605512-485480021-31954508-1001\...\Songr) (Version: 2.1 - Xamasoft)
Spreaker Studio (HKU\S-1-5-21-901605512-485480021-31954508-1001\...\spreaker) (Version: 1.4.2 - Spreaker)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Telegram Desktop version 1.5.15 (HKU\S-1-5-21-901605512-485480021-31954508-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.5.15 - Telegram Messenger LLP)
Themler (HKLM-x32\...\Themler) (Version: 1.0 - Themler)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Trinklit Supreme (HKLM-x32\...\WTA-9624b003-a0d1-4a8c-affd-8facfb0f4913) (Version: 2.2.0.98 - WildTangent) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-187e731f-f3db-4584-99bc-698c3008b910) (Version: 3.0.2.59 - WildTangent) Hidden
ViewNX-i (HKLM\...\{C02E1F40-7EB2-4084-991B-EBFC7F586E26}) (Version: 1.2.11 - Nikon Corporation)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-2) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Wedding Dash (HKLM-x32\...\WTA-b2f08cb7-5e30-4dc3-abc2-91f41281f71f) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App para HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.16 - WildTangent) Hidden
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinSnap (HKLM-x32\...\WinSnap) (Version: 4.5.5 - NTWind Software)
Wondershare Video Converter Ultimate(Build 9.0.1.4) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 9.0.1.4 - Wondershare Software)
WPS Office (9.1.0.5113) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5113 - Kingsoft Corp.)
Youda Jewel Shop (HKLM-x32\...\WTA-0b582f64-5848-4657-aba2-b19675eef36f) (Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-901605512-485480021-31954508-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-901605512-485480021-31954508-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D45C45644AD1} -> [Creative Cloud Files] => C:\Users\javin\Creative Cloud Files [2019-04-02 23:44]
CustomCLSID: HKU\S-1-5-21-901605512-485480021-31954508-1001_Classes\CLSID\{BC77EA64-1A70-4BA1-863C-AEC5CFDC0D36} -> [MEGAsync] => C:\Users\javin\Documents\MEGAsync [2018-04-25 02:44]
CustomCLSID: HKU\S-1-5-21-901605512-485480021-31954508-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-901605512-485480021-31954508-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\javin\Dropbox [2017-02-08 21:58]
CustomCLSID: HKU\S-1-5-21-901605512-485480021-31954508-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_105.dll [2018-11-29] (Free Time) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWoW64\WSCM64.dll [2015-02-27] () [File not signed]
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_105.dll [2018-11-29] (Free Time) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers4: [PMShellExt] -> {D33CAA34-6010-4798-A3A3-11600C03EDDB} => C:\Program Files (x86)\Camera Bits\Photo Mechanic 5\PMShellMenu.dll [2016-04-11] (Camera Bits, Inc.) [File not signed]
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)

Pako · 16 Abril, 2019 19:17

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05AE7135-A8F6-421F-BB73-0D6E9AD0AC07} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {136142C1-7917-4649-B854-914D04C3B087} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {169C4288-CE60-46AD-8BEC-DE2482416A72} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {1DA0F2A7-5B7F-4F0E-BD6C-FABE43DEFA51} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {2123FDB8-6E1F-4A16-9C73-0CC846870D5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {26997F93-D2F9-4EC0-8C10-4C21D670FB47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {27E2132C-83C0-4ED4-86BF-933E1AF90101} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe (Advanced Micro Devices, Inc.) [File not signed]
Task: {2EFB323E-3E9A-442A-A845-7D5ED8791426} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.)
Task: {3576C192-DFA3-4E00-9901-E33A72F6C2AA} - System32\Tasks\Apagado => C:\Windows\System32\shutdown.exe (Microsoft Windows -> Microsoft Corporation)
Task: {36F4DAD8-9058-4409-819E-5CF115217A33} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {491C5168-69C2-4598-BBBF-E67C0E571C8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
Task: {500BC8DA-393F-4A44-B580-99C47BEDD26D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {54FAC8BF-092F-435D-964B-544F1C528D77} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe (Adobe Inc. -> Adobe)
Task: {5B7A4E5C-C2D7-4173-B0B7-B3E6ED4D09EA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {68D3BDE7-80D9-468A-BD9A-F51B2DE5DF09} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe (Advanced Micro Devices, Inc.) [File not signed]
Task: {695D25A9-A25F-45B0-A5EB-35CA54690941} - System32\Tasks\AutoKMSCustom => C:\WINDOWS\AutoKMS\AutoKMS.exe () [File not signed]
Task: {6D74E1A7-CA5A-4A20-BE0D-1ECF6E9B7847} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {71670424-FB7D-4EC4-841E-38A1BA8465CD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {74F096EF-123D-452A-94A8-988F180B2896} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7A3436DC-F623-4E81-AB39-9065EFBDBAC4} - System32\Tasks\HPCeeScheduleForjavin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> Hewlett-Packard)
Task: {7E674074-8ABC-40F7-A219-9C5436D1A59E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Inc. -> Adobe)
Task: {8162317A-59A2-4CBA-B7B1-7B1A064E97CB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {8311302F-38CD-427E-BB5E-65FE40D40A34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {88687932-0ECB-46FA-A783-A77413D09E24} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe (CyberLink Corp. -> CyberLink Corp.)
Task: {8964F090-84AD-49C7-9DA9-18FDFD936029} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe (Dropbox, Inc -> )
Task: {8BFAE887-93B3-4DB9-BE95-BE8E1DDBEAB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {936EB9E6-C184-44B9-A5EF-8CD1EF600EE0} - System32\Tasks\WpsUpdateTask_javin => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {99B091AF-9DAE-4FBF-A621-9B7A009FAC8A} - System32\Tasks\Apaga => C:\Windows\System32\shutdown.exe (Microsoft Windows -> Microsoft Corporation)
Task: {9D7F89A5-5AC1-4C58-A92D-AAE02BA9CF83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {A0A1EE70-CC6B-4CF7-84E8-204E9B3DE072} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-901605512-485480021-31954508-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe (Mega Limited -> Mega Limited)
Task: {A9A415E3-9B0F-4C3A-B539-AE575C415208} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {AEBAC6DA-09B1-452F-8901-2DF1C9B46EAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {B4A67850-1904-4723-A9EE-9CFD361A3D13} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {BCE14B87-C141-4A5E-8FA9-8EDAA929D59E} - System32\Tasks\apagar => C:\Windows\System32\shutdown.exe (Microsoft Windows -> Microsoft Corporation)
Task: {C36A2D18-A251-4BF8-A9C3-44A64F276385} - System32\Tasks\S-1-5-21-901605512-485480021-31954508-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {DCD065A2-5D75-4391-B2E1-8DE766FDD778} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DF64051E-E056-4ED7-B535-E25CBE93715B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {E086451F-8F7C-41AC-AC80-9B2C1EFD2586} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E2846F55-BEF2-4EDA-8B4B-9F75E1546A73} - System32\Tasks\Apagados => C:\Windows\System32\shutdown.exe (Microsoft Windows -> Microsoft Corporation)
Task: {E4185066-1B6F-47B6-8096-C53ADAB006C0} - System32\Tasks\WpsNotifyTask_javin => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {E4CC9150-3533-43C4-98B8-1B0BC9AC0871} - \StartWop PC Port -> No File <==== ATTENTION
Task: {E77CCC22-21DC-42F1-86A5-F50CEBFA69CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {EE5CDEF1-E7D8-4D17-BB02-C29293B38DC7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F1C3374B-5692-411C-A758-7838244CA35C} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {F4B8797A-6147-4DE0-B98B-B3C41D4679FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\DJ_AIO_06_F2400_NonNet_Full_Win_WW_140_404-4.exe <==== ATTENTION
Task: {FB89736B-614D-4881-AA83-B3596A93D9A6} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {FE0899CD-B431-4BE3-A3DB-B0ADDCD43CC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForjavin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\WebReg HP Deskjet F2400 Series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_javin.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_javin.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-07-13 13:09 - 2015-07-13 13:09 - 000020992 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe
2015-07-13 13:09 - 2015-07-13 13:09 - 008148480 _____ () [File not signed] C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe
2017-02-19 18:22 - 2016-11-16 15:15 - 000331776 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppCommon.dll
2017-02-19 18:22 - 2016-11-10 16:20 - 000489984 _____ (Newtonsoft) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\Newtonsoft.Json.dll
2017-02-19 18:22 - 2016-11-16 15:15 - 000072704 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppCollect.dll
2019-01-09 19:52 - 2019-01-09 19:52 - 000043008 _____ (AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
2019-01-09 19:52 - 2019-01-09 19:52 - 000573952 _____ (AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
2015-02-19 01:13 - 2015-02-19 01:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2018-03-13 04:47 - 2018-03-13 04:47 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2018-03-13 04:47 - 2018-03-13 04:47 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 000598528 _____ () [File not signed] C:\ProgramData\MEGAsync\ShellExtX64.dll
2017-02-19 18:21 - 2015-02-27 15:38 - 000721263 _____ () [File not signed] C:\WINDOWS\SysWoW64\WSCM64.dll
2018-11-29 02:55 - 2018-11-29 02:55 - 000302080 _____ (Free Time) [File not signed] C:\Program Files (x86)\FormatFactory\ShellEx64_105.dll
2017-02-10 02:49 - 2017-02-10 02:49 - 000000000 ____LMicrosoft Corporation C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2017-02-10 02:49 - 2017-02-10 02:49 - 000000000 ____LMicrosoft Corporation C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2015-09-21 15:11 - 2015-09-21 15:11 - 000145408 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\bin\libapr-1.dll
2015-09-21 15:11 - 2015-09-21 15:11 - 000327168 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\bin\libhttpd.dll
2015-09-21 15:11 - 2015-09-21 15:11 - 000197120 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\bin\libaprutil-1.dll
2015-09-21 15:11 - 2015-09-21 15:11 - 000284672 _____ () [File not signed] C:\Program Files (x86)\Themler\bin\apache\bin\pcre.dll
2015-09-21 15:11 - 2015-09-21 15:11 - 000027136 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\bin\libapriconv-1.dll
2015-09-21 15:11 - 2015-09-21 15:11 - 000013312 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_access_compat.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000011264 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_actions.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000014848 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_alias.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000010240 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_allowmethods.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000010752 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_asis.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000014848 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_auth_basic.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000012288 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_authn_core.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000011264 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_authn_file.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000018432 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_authz_core.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000013312 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_authz_groupfile.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000011776 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_authz_host.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000010240 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_authz_user.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000030208 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_autoindex.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000020480 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_cgi.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000013312 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_dir.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000010752 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_env.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000017920 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_headers.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000039936 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_include.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000024064 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_isapi.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000023040 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_log_config.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000017408 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_mime.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000028160 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_negotiation.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000053248 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_rewrite.so
2015-09-21 15:11 - 2015-09-21 15:11 - 000014336 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Themler\bin\apache\modules\mod_setenvif.so
2015-07-13 13:09 - 2015-07-13 13:09 - 006666752 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\Themler\bin\php\php5ts.dll
2015-07-13 13:09 - 2015-07-13 13:09 - 000026624 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\Themler\bin\php\php5apache2_4.dll
2015-07-13 13:09 - 2015-07-13 13:09 - 000376320 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\Themler\bin\php\ext\php_curl.dll
2015-09-21 15:11 - 2015-09-21 15:11 - 001175040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Themler\bin\apache\bin\LIBEAY32.dll
2015-07-13 13:09 - 2015-07-13 13:09 - 000166912 _____ () [File not signed] C:\Program Files (x86)\Themler\bin\apache\bin\libssh2.dll
2015-09-21 15:11 - 2015-09-21 15:11 - 000276992 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Themler\bin\apache\bin\SSLEAY32.dll
2015-07-13 13:09 - 2015-07-13 13:09 - 001559040 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\Themler\bin\php\ext\php_gd2.dll
2015-07-13 13:09 - 2015-07-13 13:09 - 001209856 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\Themler\bin\php\ext\php_mbstring.dll
2015-07-13 13:09 - 2015-07-13 13:09 - 000035840 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\Themler\bin\php\ext\php_mysql.dll
2015-07-13 16:38 - 2015-07-13 16:38 - 000090624 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\Themler\bin\php\ext\php_mysqli.dll
2015-07-13 13:09 - 2015-07-13 13:09 - 000024576 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\Themler\bin\php\ext\php_pdo_mysql.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-04-14 20:14 - 2019-03-13 09:22 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2019-03-13 02:30 - 2019-03-13 02:30 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2011-04-29 19:08 - 2011-04-29 19:08 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2017-10-01 19:13 - 000001294 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 oscount.techsmith.com
127.0.0.1 65.52.240.48
127.0.0.1 69.167.144.18
127.0.0.1 157.56.8.159
127.0.0.1 69.167.144.15
127.0.0.1 updater.techsmith.com
127.0.0.1 camtasiatudi.techsmith.com
127.0.0.1 tsccloud.cloudapp.net
127.0.0.1 assets.cloud.techsmith.com
192.168.95.100 multisat24.dev #Local Site
192.168.95.100 photomagoblanco.dev #Local Site

2017-04-29 17:56 - 2017-04-29 17:56 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-901605512-485480021-31954508-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\javin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\70280_1366_768.jpg
DNS Servers: 80.58.61.254 - 80.58.61.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKU\S-1-5-21-901605512-485480021-31954508-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{85EB2AB4-ED71-4302-BB02-1778E959579A}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{AB641933-BCE6-4F80-95B0-DC01708E11FC}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{8CCC57AA-F16B-46BC-9500-03A996240ADD}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{90B91CD1-9552-49CD-B523-11E665E1DD7A}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{FDFF36C4-9660-42C6-9EE4-F910E5161EF6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0193D03F-6EB6-48D0-B333-3C17EE897298}C:\users\javin\appdata\local\spreaker\app-1.4.2\spreaker-studio.exe] => (Block) C:\users\javin\appdata\local\spreaker\app-1.4.2\spreaker-studio.exe (Spreaker Inc -> Spreaker, Inc.) [File not signed]
FirewallRules: [TCP Query User{96B2AE44-155B-403B-9D45-3CEE31CD3A15}C:\users\javin\appdata\local\spreaker\app-1.4.2\spreaker-studio.exe] => (Block) C:\users\javin\appdata\local\spreaker\app-1.4.2\spreaker-studio.exe (Spreaker Inc -> Spreaker, Inc.) [File not signed]
FirewallRules: [UDP Query User{A8F5C1FD-5F46-4CE5-B77F-716C6E9B8FA5}C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe] => (Allow) C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe (Camera Bits, Inc. -> Camera Bits, Inc.)
FirewallRules: [TCP Query User{D3A3EA33-B691-4789-8761-C7FBFB83A0C4}C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe] => (Allow) C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe (Camera Bits, Inc. -> Camera Bits, Inc.)
FirewallRules: [UDP Query User{3C2A271A-0703-4CCE-A01F-C20EF730E301}C:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe (Wondershare Software) [File not signed]
FirewallRules: [TCP Query User{D78DCDC5-8A42-41D6-80A4-C128C8F6D0C2}C:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe (Wondershare Software) [File not signed]
FirewallRules: [UDP Query User{2F4DA4E3-DC5E-43E1-BAE0-42A416759437}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{6EFD3378-7EF9-470E-ABFE-CAA9FD7EE00F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0A725476-ABCC-4B92-9EEF-3CB2B2684ADD}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{390E6618-27D1-4C83-980F-8D6E46A67227}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9AC731DB-1F07-4113-89D0-5758017E1E10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{2C9AB103-11EA-447E-8DE5-EF85B3F0D0A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard)
FirewallRules: [{16C7CCDD-A306-4EA2-A0AC-9254D733CB20}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{53D27426-E050-46CC-A08A-03F21A88CCF5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{0E443230-5340-4FF0-95F4-D96CD7E20B10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{881BA0B7-6537-4D2A-A5C1-694910CE9E0B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{0589881D-9B84-405D-935F-5432BA1EA6A2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{E36DFEBA-E2D8-4EA3-A322-A71DB39CE403}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{5FEC4A6E-54DD-4573-BF14-0824CAB3D044}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9C747379-7F92-4CD8-B7DE-D4A6AF3E4E9D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{FFDA8C4F-D4CD-49D2-9EBE-6D996E49296C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [UDP Query User{BF72953D-C37E-44A5-BC9F-CAB358A541DF}C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe] => (Allow) C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe (Camera Bits, Inc. -> Camera Bits, Inc.)
FirewallRules: [TCP Query User{CBC4765D-F8EF-4B9D-A62D-63BF169CBF03}C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe] => (Allow) C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe (Camera Bits, Inc. -> Camera Bits, Inc.)
FirewallRules: [{64A7089D-75D8-4773-8D37-59F32D4FC329}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{4231D1BF-8AAB-44C4-9CA5-EDEF763A7FDC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{39CBDEC0-9E78-46C9-AED0-340D8ACBBB3C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F76BD508-D853-4994-AFFD-AE4A570DDB77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0E0A4E14-EBD3-4BAC-AFFC-F1EED557B455}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
FirewallRules: [{33B05385-B56D-4DC8-A2FE-77D8BE19BA4F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{289D441D-2F40-42CF-AF25-47C2E0C529C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{58551D5D-4FE2-4D4F-89CD-AC0E29C36144}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0B5F4F4F-144B-464D-84BC-4E69891E3FAC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{16D9F330-D54B-4566-801A-D0261C1D7969}] => (Allow) LPort=8318
FirewallRules: [{9CCCC13E-8C2E-427C-B3B2-AD7510ACE78F}] => (Allow) C:\Program Files (x86)\Artisteer 4\bin\Artisteer.exe (ExtenSoft) [File not signed]
FirewallRules: [{7B6F60DA-70E3-415A-9F57-A789F6C6DD18}] => (Allow) C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [{2502280E-E875-4F88-93B8-689B18140F2A}] => (Allow) C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [{C6F3D3A9-BCC1-477D-AC6A-83570D5592C6}] => (Allow) C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe () [File not signed]
FirewallRules: [{EBAFFBE4-296D-4D40-A87E-65F70AE12459}] => (Allow) C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe () [File not signed]
FirewallRules: [TCP Query User{F1755A3D-033F-4670-A878-1A59C9F12F7F}C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe (Wondershare software CO., LIMITED -> Wondershare)
FirewallRules: [UDP Query User{0649A9BD-4094-465B-9802-69F316414CEC}C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe (Wondershare software CO., LIMITED -> Wondershare)
FirewallRules: [{0EBF47A7-0932-488A-994A-813E4A81F1B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{0C7A636F-A56C-419B-A67D-7F538F59C75D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{964DA5E6-1B85-4620-B9C2-B01D81B3AFA2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4FB7F3D5-2953-4DDF-A980-FAC407BF0EB3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{10CA07F5-3B69-4941-B148-C223EB0B1435}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DAA0F1F7-2963-4641-8158-FA2A2920BD7E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{9EF44B5C-340A-478B-8354-15A93C48DA64}] => (Allow) C:\WINDOWS\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{79245FE9-FBAE-4C16-A690-103255675EDE}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B47888F1-873B-489B-97B1-B920A7BAFF23}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)

==================== Restore Points =========================

08-04-2019 19:04:38 Punto de control programado
16-04-2019 03:39:01 Punto de control programado

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2019 11:17:42 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (480,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\javin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (04/16/2019 11:15:44 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (480,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\javin\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (04/16/2019 11:15:44 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (480,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\javin\AppData\Local\Microsoft\Windows\WebCache\V01.log" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (04/16/2019 11:15:34 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (480,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\javin\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (04/16/2019 11:15:34 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (480,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\javin\AppData\Local\Microsoft\Windows\WebCache\V01.log" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (04/16/2019 11:15:24 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (480,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\javin\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (04/16/2019 11:15:24 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (480,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\javin\AppData\Local\Microsoft\Windows\WebCache\V01.log" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (04/16/2019 11:15:13 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (480,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\javin\AppData\Local\Microsoft\Windows\WebCache\V01.log.


System errors:
=============
Error: (04/16/2019 08:44:22 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2I0OLCP)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-2I0OLCP\javin con SID (S-1-5-21-901605512-485480021-31954508-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/16/2019 08:44:22 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2I0OLCP)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-2I0OLCP\javin con SID (S-1-5-21-901605512-485480021-31954508-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/16/2019 08:34:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2I0OLCP)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-2I0OLCP\javin con SID (S-1-5-21-901605512-485480021-31954508-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/16/2019 08:34:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2I0OLCP)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-2I0OLCP\javin con SID (S-1-5-21-901605512-485480021-31954508-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/16/2019 08:20:25 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2I0OLCP)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-2I0OLCP\javin con SID (S-1-5-21-901605512-485480021-31954508-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/16/2019 08:00:21 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2I0OLCP)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-2I0OLCP\javin con SID (S-1-5-21-901605512-485480021-31954508-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/16/2019 08:00:20 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2I0OLCP)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-2I0OLCP\javin con SID (S-1-5-21-901605512-485480021-31954508-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/16/2019 08:00:20 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2I0OLCP)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-2I0OLCP\javin con SID (S-1-5-21-901605512-485480021-31954508-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2019-04-16 20:53:01.424
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS.D&threatid=2147731321&enterprise=0
Nombre: HackTool:Win32/AutoKMS.D
Id.: 2147731321
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Windows\AutoKMS\AutoKMS.exe->[SAResource]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-2I0OLCP\javin
Nombre de proceso: C:\Users\javin\Desktop\FRST64.exe
Versión de firma: AV: 1.291.2027.0, AS: 1.291.2027.0, NIS: 1.291.2027.0
Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1

Date: 2019-04-16 02:32:38.104
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {7A70026B-575D-41B9-AC0F-1F3F58A8AA71}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-16 01:10:52.725
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {D7B623D7-5504-43BF-8800-F0F61C40C5D4}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-16 00:43:27.698
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS.D&threatid=2147731321&enterprise=0
Nombre: HackTool:Win32/AutoKMS.D
Id.: 2147731321
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Windows\AutoKMS\AutoKMS.exe->[SAResource]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de firma: AV: 1.291.1944.0, AS: 1.291.1944.0, NIS: 1.291.1944.0
Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1

Date: 2019-04-15 15:26:14.112
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Patcher&threatid=2147659947&enterprise=0
Nombre: HackTool:Win32/Patcher
Id.: 2147659947
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_W:\Cossas web\ATER.v0.9.2\ATER.v0.9.2\ATER.v0.9.2\amtemu.v0.9.2-painter.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-2I0OLCP\javin
Nombre de proceso: C:\Windows\explorer.exe
Versión de firma: AV: 1.291.1944.0, AS: 1.291.1944.0, NIS: 1.291.1944.0
Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1

Date: 2019-04-11 09:59:49.327
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.291.1573.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15800.1
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-04-03 08:25:43.954
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 1.291.1051.0
Versión de firma anterior: 1.291.1016.0
Origen de actualización: Usuario
Tipo de firma: AntiSpyware
Tipo de actualización: Diferencia
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 1.1.15800.1
Versión de motor anterior: 1.1.15800.1
Código de error: 0x80509004
Descripción del error: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-04-03 08:25:43.954
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 1.291.1051.0
Versión de firma anterior: 1.291.1016.0
Origen de actualización: Usuario
Tipo de firma: AntiVirus
Tipo de actualización: Diferencia
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 1.1.15800.1
Versión de motor anterior: 1.1.15800.1
Código de error: 0x80509004
Descripción del error: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-03-19 17:31:29.675
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.289.1512.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15700.9
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-03-16 18:28:01.882
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.289.1247.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15700.9
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2019-04-12 17:24:39.458
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-04-12 17:24:25.295
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-04-12 17:24:14.379
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 45%
Total physical RAM: 8107.39 MB
Available physical RAM: 4417.68 MB
Total Virtual: 9387.39 MB
Available Virtual: 5175.09 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:449.27 GB) (Free:233.91 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.16 GB) (Free:1.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (fotos exposición) (CDROM) (Total:0.56 GB) (Free:0.53 GB) UDF

\\?\Volume{6312b4a1-d370-43df-a51c-56ce644cb8c3}\ () (Fixed) (Total:0.95 GB) (Free:0.4 GB) NTFS
\\?\Volume{486c3cc8-2645-48b1-925e-c052ff2611fd}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 87615C7D)

Partition: GPT.

==================== End of Addition.txt ============================

Miguelgrado · 16 Abril, 2019 19:32

No se ve nada extraño

Te recomiendo que el progrma Format Factory, no lo uses, pues aunque es bueno, trae malware que no se puede ni evitar durante la instalacion.

Te recomiendo que le pegues un repaso al pc, desde nuestra sección de guias y manuales, con Zhpcleaner y Eset online,y que instales algun antivirus free, como**Kaspersky**, por ejemplo

Alguna duda?

Pako · 16 Abril, 2019 19:41

Ok, bueno como dudas no se para que sirven los programas que me recomiendas, ¿algo de optimización? Y sobre el antivirus lo hare, me comentaron que para W10 el Defender se bastaba, sin necesidad de ningún otro antivirus. Mirare el Kaspersky, aunque en otros sistemas siempre use Avast, ¿algún problema con Avast en W10? Quiero recordar que leí hace tiempo que había algún problema.

Gracias Miguel.

Miguelgrado · 16 Abril, 2019 20:26

Los programas que te recomiendo, si los miras, no son para nada optimiza dores, son programas antimalware, para revisar que no te quede nada por ahi…Eset es la version online del antivirus, Zhpcleane res semejante a Adwcleaner.

Todos los antivirus funcionan, por supuesto con windows 10, lo que no quiere decir que puntualmente alguna versión tenga algun problema, de cualquiera de ellos.

Windows Defender podrá ser suficiente,perooooo, si los hay mucho mejores y gratis…si te gusta Avast adelante, pero Kis es algo superior por ahora

Para eliminar las herramientas usadas en la desinfección, realizas:

Descargas y Ejecutas >> Delfix, en tu escritorio.
Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)
Marca solamente la casilla Remove disinfection tools
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.

Me alegro de haberte podido ayudar!

TEMA SOLUCIONADO