Bloqueo Total de Windows 7 64bits

#1

Hola buenas. Desde hace unas semanas vengo presentando problemas con mi Windows 7. De la nada se bloquea totalmente la PC, el teclado y el mouse. Incluso la luz de la tecla “Bloq Mayus” se bloquea. No hay forma de hacer nada hasta que la reinicie con el botón de reinicio. He estado presentado este problema desde que ocurrió un intento fallido de restaurar sistema. Antes de eso la maquina funcionaba con total normalidad. Incluso si dejo la PC encendida sin hacer nada, en cualquier momento se bloquea totalmente. He intentado de todo y no consigo dar con el problema. Por favor y gracias por la ayuda.

#2

Hola y bienvenido @eduardaniel1.

Usa la computadora un rato navegando por carpetas desde el Modo Seguro y me comentas si se te tilda la pc o produce algun error. Te dejo el manual nuestro para que leas como iniciar el modo seguro.

Terminas todo y me comentas, saludos.

#3

Hola y gracias por su respuesta. Bueno estuve usando el Modo Seguro por un par de horas y todo normal. Pero estoy seguro que en alguna ocasión anterior llego a bloquearse en el Modo Seguro. Antes de que respondieras el sistema se volvió a bloquear totalmente y estropeo el inicio, el cual pude solucionar mediante chkdsk /F. Pero temo de que pueda volverse a bloquear en algún momento ya que ha pasado con anterioridad.

#4

Hola, Lee bien todos los pasos para eliminar correctamente todo lo que se encuentre.

1) Descarga y/o actualiza y ejecuta Malwarebytes’ Anti-Malware.

  • Para instalar las ultimas definiciones ( actualizaciones ) de virus realiza click en el boton azul “ actual ” de la ventana principal icon.
  • Para instalar las ultimas actualizaciones del programa y corregir otros errores ve a config y click en >> config

Si tienes mas duda tienes el Manual Malwarebytes , para que sepas usarlo y configurarlo.

  • Realiza un Análisis Personalizado, haciendo click en la sección “ Analizar ” y seguidamente haciendo click “ Analisis personalizado ” en y luego click en “ Configurar análisis ”, marcando Todas las casillas incluida la de rootkits y unidades que se muestran.
  • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
  • Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward: Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona “Ejecutar como Administrador.”)
  • Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Si no encuentra nada, pulsamos “Omitir Reparación”
  • El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Descarga Ccleaner . Aqui tienes manual para que sepas configurar y usarlo.

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, AdwCleaner y comentas como va el problema.

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo :

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA(programas/software/complementos/extensiones del navegador…)
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…)
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Coloca el reporte pedido por el usuario que lo asiste como se muestra en la siguiente imagen:

Saludos

#6

Hola, aqui los reportes:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 9/12/16
Hora del análisis: 20:22
Archivo de registro: c2fb7818-be6e-11e6-84a2-00016c613a45.json

-Información del software-
Versión: 3.0.4.1269
Versión de los componentes: 1.0.39
Versión del paquete de actualización: 1.0.680
Licencia: Premium

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: Eduard-PC\Eduard

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 312001
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 4 min, 34 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-06-2019
# Duration: 00:00:01
# OS:       Windows 7 Ultimate
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\rvlkl

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1245 octets] - [07/06/2018 13:05:48]
AdwCleaner[S01].txt - [1306 octets] - [11/06/2018 18:38:39]
AdwCleaner[S02].txt - [1621 octets] - [14/06/2018 03:00:15]
AdwCleaner[C02].txt - [1769 octets] - [14/06/2018 03:00:59]
AdwCleaner[S03].txt - [1489 octets] - [14/06/2018 03:05:40]
AdwCleaner[S04].txt - [1550 octets] - [15/06/2018 17:24:08]
AdwCleaner[S05].txt - [1611 octets] - [21/06/2018 00:56:37]
AdwCleaner[S06].txt - [1672 octets] - [30/06/2018 21:22:24]
AdwCleaner[S07].txt - [1733 octets] - [30/06/2018 21:23:11]
AdwCleaner[S08].txt - [1794 octets] - [03/07/2018 16:32:48]
AdwCleaner[S09].txt - [26061 octets] - [29/07/2018 00:26:04]
AdwCleaner[S10].txt - [26123 octets] - [29/07/2018 16:15:23]
AdwCleaner[C10].txt - [23122 octets] - [29/07/2018 16:19:09]
AdwCleaner[S11].txt - [26518 octets] - [28/08/2018 18:17:29]
AdwCleaner[C11].txt - [23443 octets] - [28/08/2018 18:19:51]
AdwCleaner[S12].txt - [2165 octets] - [28/08/2018 18:29:52]
AdwCleaner[S13].txt - [2234 octets] - [07/09/2018 16:29:19]
AdwCleaner[S14].txt - [2283 octets] - [18/09/2018 19:37:23]
AdwCleaner[S15].txt - [2356 octets] - [15/10/2018 00:37:48]
AdwCleaner[S16].txt - [2417 octets] - [18/10/2018 18:16:02]
AdwCleaner[S17].txt - [2478 octets] - [05/12/2018 00:07:14]
AdwCleaner[S18].txt - [2564 octets] - [27/12/2018 18:13:32]
AdwCleaner[S19].txt - [2625 octets] - [02/03/2019 19:24:50]
AdwCleaner[S20].txt - [3442 octets] - [06/04/2019 03:16:33]
AdwCleaner[C20].txt - [3493 octets] - [06/04/2019 04:12:45]
AdwCleaner[S21].txt - [2808 octets] - [06/04/2019 12:43:45]
AdwCleaner[S22].txt - [3625 octets] - [10/04/2019 00:38:10]
AdwCleaner[C22].txt - [3676 octets] - [10/04/2019 01:24:33]
AdwCleaner[S23].txt - [2991 octets] - [21/04/2019 01:07:56]
AdwCleaner[S24].txt - [3052 octets] - [02/05/2019 02:35:30]
AdwCleaner[S25].txt - [3113 octets] - [06/05/2019 02:19:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C25].txt ##########

El problema persiste, sigue congelándose totalmente y debo reiniciarla forzosamente, y cada vez daña parcialmente o totalmente el inicio.

#7

Hola,

:one:

====Descarga a tu escritorio====

Glary Utilities

  • Ejecutalo como administrador
  • Vamos a la pestaña Mantenimiento 1 Click y marcamos las siguientes casillas: →Limpiador de registro →Limpiador de accesos directos →Reparador de disco →Borrador de pistas→Limpiador de archivos temporales →Admnistrador de inicio
  • Clickea en el boton Buscar Problemas y deja que termine
  • Vamos a la seccion “Herramientas Avanzadas” y luego a la pestaña “Optimizar y Mejorar”
  • Click en “Desfagmentador de registro” y click en “Siguiente” y click en “Aceptar”
  • Deja que termine de escanear, no te preocupes si baja el brillo.
  • Si te pide reiniciar, reinicias.

:two:

Libera espacio de los discos siguiendo esta guía: Liberar espacios en Discos y Particiones

Desfragmenta el/los discos duros y particiones del PC, siguiendo esta guía: Desfragmentar Discos y Particiones

Realiza todos los pasos, y me comentas si se logro un poco mas de rapidez.

#8

Hola. Ya he hecho lo que me indicas con anterioridad, pero volvi a hacerlo para probar y aun sigue bloqueandose totalmente. No es un problema de lentitud. Si no que literalmente se bloquea sin darme Blue Screen. Se mantiene congelada tanto mouse como teclado. Si espero un rato el mouse lo puedo mover pero la pantalla y el teclado se mantienen congeladas hasta que oprimo el botón de reinicio.

He tenido este problema desde que hice un restaurar sistema el cual falló. Anterior a eso, todo funcionaba perfectamente en cuanto al problema actual. Gracias

#9

Hola,

Intentaste actualizar los drivers o buscar actualizaciones mediante Windows Update?

Fijate si no tienes controladores desactualizados con DriversCloud :

  • Click en el botón Instalar
  • Guarda el instalador en el escritorio, búscalo y ejecútalo como administrador realizando click derecho sobre el.
  • Iniciara y buscara los drivers y al terminar te re-direccionara a su web en tu navegador predeterminado.
  • Realiza click en Mis Controladores de la parte de arriba de la pagina.

En esa pagina te mostrara todos los controladores que faltan actualizar, si los controladores aparece en rojo no lo actualices, si esta en verde si.

#10

Hola, mantengo al día mi Windows Update, y en DriversCloud no me apareció ningún driver que actualizar, alguna otra solución?

#11

Hola y con permiso. :+1:

Realiza estos pasos , por favor :

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:)

:two: Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los dos informes en tu próxima respuesta.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Saludos, Javier.

#12

Hola Javier, gracias por tu ayuda. Aqui el contenido de FRST.log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05.2019
Ran by Eduard (administrator) on EDUARD-PC (FOXCONN M61PMV) (09-05-2019 10:23:37)
Running from C:\Users\Eduard\Desktop
Loaded Profiles: Eduard (Available Profiles: Eduard)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2019-04-21] (Glarysoft LTD -> Glarysoft Ltd)
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-21] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
BootExecute: autocheck autochk *  BootDefrag.exe
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C7B378-F7CA-4B7B-9D35-3C3388A5052C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-11-16] (Google Inc -> Google Inc.)
Task: {04065DC3-B1F7-46FB-9B47-3C37FB719456} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {06C6F708-42AE-4CA4-A667-C22A2E375E90} - System32\Tasks\{39711E92-D052-4D6B-A7FC-15945BAED2BD} => C:\Users\Eduard\Desktop\KMPlayer_4.1.5.3.exe
Task: {14F4ED33-2E28-4BD2-B288-D59AAF29BE24} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe
Task: {18D93874-713D-46E7-B73A-566CAD6BA1B5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {263502ED-AE82-414E-9026-4BFA7748CB67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {45B24344-D672-421C-9BEE-6613939521D5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [661864 2018-01-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F914CE5-B546-4647-91CD-1CC2E07E5C4A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {803618B2-FB33-4B37-8ACD-26D6C994D544} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {83384EFC-2D1F-4EED-ADC5-BEAC6401E4DA} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [526184 2018-01-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {93888383-30DD-491E-AD55-6266FDFE3864} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [661864 2018-01-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {955F7B86-8ED1-4514-926D-3D4576366FFE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-11-16] (Google Inc -> Google Inc.)
Task: {BB80DB17-8FC6-4709-82C3-2577A4566EF4} - System32\Tasks\GPU Temp\Startup => C:\Program Files (x86)\GPU Temp\GPUTemp.exe [1032192 2011-10-01] (gputemp.com) [File not signed]
Task: {BB9EACF3-3CC1-44A7-927B-F344FF95A425} - System32\Tasks\Core Temp Autostart Eduard => C:\Program Files\Core Temp\Core Temp.exe [998488 2019-01-08] (ALCPU -> ALCPU)
Task: {CA31D65D-66F8-4504-B560-345218765F41} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [747880 2018-01-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CB9C4B5D-9FD2-4551-9C4C-47BF4F28AB37} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [747880 2018-01-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CDD20CB2-0194-41D0-8F02-AF89E40489A5} - System32\Tasks\{C1C7BFDC-3973-4E69-B032-A085C66012DB} => C:\Users\Eduard\Desktop\KMPlayer_4.1.5.3.exe
Task: {D0942079-9EE2-4F16-82FC-7E90076C0DC6} - System32\Tasks\{CC13EC92-801C-41FB-BA96-39A79AE0C376} => C:\Windows\system32\pcalua.exe -a C:\Users\Eduard\Desktop\FacebookGameroom.exe -d C:\Users\Eduard\Desktop
Task: {D5676BE6-178C-4EA2-8262-954F7042B78D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [1367552 2018-05-17] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {F0DFFB65-709D-466F-B8EF-ED4A1D00F9D8} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [915952 2019-04-21] (Glarysoft LTD -> Glarysoft Ltd)
Task: {FC7390C5-2B4E-4D25-A324-11403D035B3C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9A83FBE6-A15E-4FA5-A542-43B96FB891DA}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-711283570-2395005781-3656168384-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ve/?ocid=iehp
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-19] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF DefaultProfile: y10xvr4t.default
FF ProfilePath: C:\Users\Eduard\AppData\Roaming\Mozilla\Firefox\Profiles\y10xvr4t.default [2019-05-08]
FF Homepage: Mozilla\Firefox\Profiles\y10xvr4t.default -> hxxps://www.google.co.ve/
FF Extension: (NeoBuxOx) - C:\Users\Eduard\AppData\Roaming\Mozilla\Firefox\Profiles\y10xvr4t.default\Extensions\[email protected] [2018-07-10]
FF Extension: (S3.Translator) - C:\Users\Eduard\AppData\Roaming\Mozilla\Firefox\Profiles\y10xvr4t.default\Extensions\[email protected] [2018-09-07]
FF Extension: (NeoBux AdAlert) - C:\Users\Eduard\AppData\Roaming\Mozilla\Firefox\Profiles\y10xvr4t.default\Extensions\{eb80b076-a444-444c-a590-5aee5d977d80}.xpi [2018-07-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-17] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-17] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2017-11-16] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2017-11-16] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default [2019-05-09]
CHR Extension: (Presentaciones) - C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-21]
CHR Extension: (Documentos) - C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-24]
CHR Extension: (Google Drive) - C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-24]
CHR Extension: (YouTube) - C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-24]
CHR Extension: (S3.Translator) - C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnnjfbneojbmioajinefnflopdohjk [2019-02-16]
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2018-11-08]
CHR Extension: (Hojas de cálculo) - C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-21]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (GiveAway.su - Get games for free!) - C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Extensions\modkgipgommbdobanfinadelfafeiadk [2018-07-10]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (TunnelBear VPN) - C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2019-03-27]
CHR Extension: (Gmail) - C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S3 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53120 2018-06-15] (AnchorFree Inc -> AnchorFree Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-07-21] (Microsoft Windows -> Microsoft Corporation)
S3 BEService; "C:\Program Files (x86)\Common Files\BattlEye\BEService.exe" [X]
S3 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S3 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-06-11] (AnchorFree Inc -> AnchorFree Inc.)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [303712 2019-02-04] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2016-06-22] (Glarysoft Ltd -> Glarysoft Ltd)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2018-07-09] (Glarysoft LTD -> Glarysoft Ltd)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Microsoft Corporation)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-05-05] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-05-09] (Malwarebytes Corporation -> Malwarebytes)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Apple, Inc.) [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [2206864 2012-10-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 ViGEmBus; C:\Windows\System32\DRIVERS\ViGEmBus.sys [54208 2017-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-09 10:23 - 2019-05-09 10:24 - 000017873 _____ C:\Users\Eduard\Desktop\FRST.txt
2019-05-09 10:20 - 2019-05-09 10:20 - 002430976 _____ (Farbar) C:\Users\Eduard\Desktop\FRST64.exe
2019-05-09 10:15 - 2019-05-09 10:15 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-05-08 22:27 - 2019-05-08 22:27 - 000050932 _____ C:\Users\Eduard\Desktop\sfcdetails.txt
2019-05-08 07:23 - 2019-05-08 07:24 - 000291104 _____ C:\Windows\Minidump\050819-25630-01.dmp
2019-05-08 07:23 - 2019-05-08 07:23 - 411769762 _____ C:\Windows\MEMORY.DMP
2019-05-08 03:28 - 2019-05-08 03:29 - 968265375 _____ C:\Users\Eduard\Downloads\[PuyaSubs!] Boruto - Naruto Next Generations - 101 [1080p][F3EFBA54].mkv
2019-05-08 01:18 - 2019-05-08 02:14 - 068070882 _____ C:\Users\Eduard\Downloads\Macmillan - Attitude 1 Teacher_s Book.pdf
2019-05-08 00:06 - 2019-05-08 00:07 - 000000176 _____ C:\Windows\ntbtlog.txt
2019-05-06 02:47 - 2019-05-06 02:47 - 000181522 _____ C:\Users\Eduard\Desktop\cc_20190506_024734.reg
2019-05-05 21:02 - 2019-05-09 00:21 - 000002814 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-05-05 21:02 - 2019-05-05 21:02 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-05-05 21:02 - 2019-05-05 21:02 - 000000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-05-05 21:02 - 2019-05-05 21:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-05-05 21:02 - 2019-05-05 21:02 - 000000000 ____D C:\Program Files\CCleaner
2019-05-05 20:58 - 2019-05-05 20:58 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-05-05 20:53 - 2019-05-05 20:55 - 021254208 _____ (Piriform Software Ltd) C:\Users\Eduard\Downloads\ccsetup556.exe
2019-05-05 20:44 - 2019-05-05 20:44 - 000408743 __RSH C:\QZMNX
2019-05-05 13:15 - 2019-05-05 13:15 - 000000000 ____D C:\found.007
2019-05-05 03:29 - 2019-05-05 03:30 - 1094177523 _____ C:\Users\Eduard\Downloads\[PuyaSubs!] Boruto - Naruto Next Generations - 103 [1080p][D6016971].mkv
2019-05-05 00:01 - 2019-05-05 02:01 - 1063368131 _____ C:\Users\Eduard\Downloads\[PuyaSubs!] Boruto - Naruto Next Generations - 102 [1080p][F09E1AF4].mkv
2019-05-04 23:59 - 2019-05-05 00:00 - 1134592684 _____ C:\Users\Eduard\Downloads\[PuyaSubs!] Boruto - Naruto Next Generations - 100 [1080p][6A64F34C].mkv
2019-05-01 23:23 - 2019-05-07 23:51 - 000000000 ____D C:\Users\Eduard\Downloads\Windows6 1-KB947821-v34-x64
2019-05-01 23:23 - 2019-05-02 00:06 - 564744309 _____ C:\Users\Eduard\Desktop\Windows6.1-KB947821-v34-x64.msu
2019-05-01 20:27 - 2019-05-01 20:27 - 000059435 _____ C:\Users\Eduard\Downloads\memtest86+-5.01.zip
2019-05-01 19:49 - 2019-05-01 20:04 - 000000000 ____D C:\Users\Eduard\Desktop\Nueva carpeta (3)
2019-05-01 04:43 - 2019-05-01 04:43 - 000000207 _____ C:\Windows\tweaking.com-regbackup-EDUARD-PC-Windows-7-Ultimate-(64-bit).dat
2019-05-01 04:43 - 2019-05-01 04:43 - 000000000 ____D C:\RegBackup
2019-05-01 03:47 - 2019-05-01 03:47 - 000000000 ____D C:\Users\Public\BlueStacks
2019-05-01 02:45 - 2019-05-08 11:17 - 000000000 ____D C:\SFCFix
2019-05-01 02:29 - 2019-05-08 11:17 - 000000000 ____D C:\Users\Eduard\AppData\Local\niemiro
2019-05-01 02:21 - 2019-05-01 02:22 - 002358744 _____ (niemiro) C:\Users\Eduard\Desktop\SFCFix.exe
2019-05-01 01:34 - 2019-05-01 01:34 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-05-01 01:17 - 2019-05-01 01:17 - 002792106 _____ C:\Users\Eduard\Downloads\Windows_Repair_Toolbox.zip
2019-05-01 00:38 - 2019-05-09 10:23 - 000000000 ____D C:\FRST
2019-05-01 00:30 - 2019-05-01 00:33 - 033636727 _____ C:\Users\Eduard\Desktop\mb-check-results.zip
2019-05-01 00:29 - 2019-05-01 00:29 - 002326304 _____ (Malwarebytes Corporation) C:\Users\Eduard\Downloads\mb-check-3.1.10.1000.exe
2019-05-01 00:16 - 2019-05-01 00:16 - 000085380 _____ C:\Users\Eduard\Downloads\bluescreenview-x64.zip
2019-05-01 00:15 - 2019-05-01 00:15 - 000001922 _____ C:\Users\Eduard\Downloads\bluescreenview_spanish.zip
2019-05-01 00:13 - 2019-05-01 00:34 - 056543810 _____ C:\Users\Eduard\Downloads\aida64extreme599.zip
2019-04-30 23:25 - 2019-05-08 15:30 - 000000000 ____D C:\Users\Eduard\Downloads\DRAGON 3 1080p LAT Www Hackstore
2019-04-30 00:24 - 2019-04-30 00:25 - 008521762 _____ C:\Users\Eduard\Downloads\Megapack6.zip
2019-04-30 00:21 - 2019-04-30 00:21 - 000002234 _____ C:\Users\Eduard\Desktop\StickerMaker.lnk
2019-04-26 23:17 - 2019-04-26 23:17 - 000002152 _____ C:\Users\Eduard\Desktop\PicsArt.lnk
2019-04-22 22:53 - 2019-05-05 20:41 - 000000000 ____D C:\Users\Eduard\Desktop\Escritorio
2019-04-20 23:09 - 2019-05-08 01:13 - 000000000 ____D C:\found.005
2019-04-20 00:49 - 2019-04-26 02:25 - 000002190 _____ C:\Users\Eduard\Desktop\Clash Royale.lnk
2019-04-20 00:42 - 2019-04-20 00:42 - 000002130 _____ C:\Users\Eduard\Desktop\WhatsApp.lnk
2019-04-19 21:20 - 2019-05-09 00:21 - 000003870 _____ C:\Windows\System32\Tasks\BlueStacksHelper
2019-04-19 21:08 - 2019-04-19 21:10 - 000000000 ____D C:\ProgramData\BlueStacks
2019-04-19 21:08 - 2019-04-19 21:08 - 000000000 ____D C:\Program Files\BlueStacks
2019-04-19 20:58 - 2019-04-19 21:29 - 302778160 _____ (Microvirt Software Technology Co. Ltd.) C:\Users\Eduard\Downloads\Memu-Setup-6.1.1.1-hab52159c4.exe
2019-04-19 20:39 - 2019-04-19 21:11 - 000002116 _____ C:\Users\Public\Desktop\BlueStacks Multi-Instance Manager.lnk
2019-04-19 16:17 - 2019-04-19 16:55 - 491278176 _____ (BlueStack Systems Inc.) C:\Users\Eduard\Downloads\BlueStacks-Installer_4.60.20.1002_amd64_native.exe
2019-04-19 15:49 - 2019-04-19 15:57 - 069589856 _____ (Oracle Corporation) C:\Users\Eduard\Downloads\Java_Runtime_Environment_(32bit)_v8.0.2110.12.exe
2019-04-19 15:49 - 2019-04-19 15:50 - 010869264 _____ (Adobe) C:\Users\Eduard\Downloads\AdobeAIRInstaller.exe
2019-04-10 11:52 - 2019-04-01 21:57 - 003229696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-04-10 11:52 - 2019-03-28 21:36 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2019-04-10 11:52 - 2019-03-27 23:35 - 000348776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-04-10 11:52 - 2019-03-27 21:55 - 000397120 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-04-10 11:52 - 2019-03-26 20:40 - 003181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-04-10 11:52 - 2019-03-26 02:14 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-04-10 11:52 - 2019-03-26 01:52 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-04-10 11:52 - 2019-03-26 01:51 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-04-10 11:52 - 2019-03-26 01:51 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-04-10 11:52 - 2019-03-26 01:50 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-04-10 11:52 - 2019-03-26 01:50 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-04-10 11:52 - 2019-03-26 01:50 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-04-10 11:52 - 2019-03-26 01:44 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-04-10 11:52 - 2019-03-26 01:43 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-04-10 11:52 - 2019-03-26 01:41 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-04-10 11:52 - 2019-03-26 01:40 - 005777920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-04-10 11:52 - 2019-03-26 01:40 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-04-10 11:52 - 2019-03-26 01:40 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-04-10 11:52 - 2019-03-26 01:40 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-04-10 11:52 - 2019-03-26 01:40 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-04-10 11:52 - 2019-03-26 01:35 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-04-10 11:52 - 2019-03-26 01:31 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-04-10 11:52 - 2019-03-26 01:26 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-04-10 11:52 - 2019-03-26 01:26 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-04-10 11:52 - 2019-03-26 01:25 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-04-10 11:52 - 2019-03-26 01:22 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-04-10 11:52 - 2019-03-26 01:22 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-04-10 11:52 - 2019-03-26 01:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-04-10 11:52 - 2019-03-26 01:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-04-10 11:52 - 2019-03-26 01:12 - 020280832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-04-10 11:52 - 2019-03-26 01:10 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-04-10 11:52 - 2019-03-26 01:08 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-04-10 11:52 - 2019-03-26 01:08 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-04-10 11:52 - 2019-03-26 01:07 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-04-10 11:52 - 2019-03-26 01:06 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-04-10 11:52 - 2019-03-26 01:05 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-04-10 11:52 - 2019-03-26 01:00 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-04-10 11:52 - 2019-03-26 00:51 - 000498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-04-10 11:52 - 2019-03-26 00:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-04-10 11:52 - 2019-03-26 00:50 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-04-10 11:52 - 2019-03-26 00:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-04-10 11:52 - 2019-03-26 00:50 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-04-10 11:52 - 2019-03-26 00:48 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-04-10 11:52 - 2019-03-26 00:48 - 001556992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-04-10 11:52 - 2019-03-26 00:46 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-04-10 11:52 - 2019-03-26 00:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-04-10 11:52 - 2019-03-26 00:44 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-04-10 11:52 - 2019-03-26 00:43 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-04-10 11:52 - 2019-03-26 00:43 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-04-10 11:52 - 2019-03-26 00:43 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-04-10 11:52 - 2019-03-26 00:36 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-04-10 11:52 - 2019-03-26 00:36 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-04-10 11:52 - 2019-03-26 00:33 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-04-10 11:52 - 2019-03-26 00:33 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-04-10 11:52 - 2019-03-26 00:32 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-04-10 11:52 - 2019-03-26 00:31 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-04-10 11:52 - 2019-03-26 00:29 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-04-10 11:52 - 2019-03-26 00:29 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-04-10 11:52 - 2019-03-26 00:29 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-04-10 11:52 - 2019-03-26 00:28 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-04-10 11:52 - 2019-03-26 00:24 - 013682176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-04-10 11:52 - 2019-03-26 00:23 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-04-10 11:52 - 2019-03-26 00:22 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-04-10 11:52 - 2019-03-26 00:21 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-04-10 11:52 - 2019-03-26 00:21 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-04-10 11:52 - 2019-03-26 00:08 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-04-10 11:52 - 2019-03-26 00:04 - 001332224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-04-10 11:52 - 2019-03-26 00:02 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-04-10 11:52 - 2019-03-20 22:13 - 005552872 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-04-10 11:52 - 2019-03-20 22:13 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-04-10 11:52 - 2019-03-20 22:13 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-04-10 11:52 - 2019-03-20 22:13 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-04-10 11:52 - 2019-03-20 22:13 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-04-10 11:52 - 2019-03-20 22:12 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-04-10 11:52 - 2019-03-20 22:12 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-04-10 11:52 - 2019-03-20 22:10 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\sxssrv.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-04-10 11:52 - 2019-03-20 22:10 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:03 - 003961576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-04-10 11:52 - 2019-03-20 22:02 - 004056296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-04-10 11:52 - 2019-03-20 22:02 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000556032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 21:45 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-04-10 11:52 - 2019-03-20 21:45 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-04-10 11:52 - 2019-03-20 21:45 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-04-10 11:52 - 2019-03-20 21:44 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-04-10 11:52 - 2019-03-20 21:41 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-04-10 11:52 - 2019-03-20 21:41 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-04-10 11:52 - 2019-03-20 21:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-04-10 11:52 - 2019-03-20 21:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-04-10 11:52 - 2019-03-20 21:40 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-04-10 11:52 - 2019-03-20 21:38 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-04-10 11:52 - 2019-03-20 21:38 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-04-10 11:52 - 2019-03-20 21:38 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-04-10 11:52 - 2019-03-20 21:38 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-04-10 11:52 - 2019-03-20 21:38 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-04-10 11:52 - 2019-03-20 21:38 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-04-10 11:52 - 2019-03-20 21:37 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-04-10 11:52 - 2019-03-20 21:37 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-04-10 11:52 - 2019-03-20 21:37 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-04-10 11:52 - 2019-03-20 21:37 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-04-10 11:52 - 2019-03-20 21:37 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-04-10 11:52 - 2019-03-20 21:37 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-04-10 11:52 - 2019-03-20 21:37 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-04-10 11:52 - 2019-03-20 21:36 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-04-10 11:52 - 2019-03-20 21:36 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-04-10 11:52 - 2019-03-20 21:36 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-04-10 11:52 - 2019-03-20 21:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-04-10 11:52 - 2019-03-20 21:35 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-04-10 11:52 - 2019-03-20 21:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 21:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-04-10 11:52 - 2019-03-20 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-04-10 11:52 - 2019-03-16 00:11 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2019-04-10 11:52 - 2019-03-16 00:09 - 003247616 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-04-10 11:52 - 2019-03-16 00:09 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-04-10 11:52 - 2019-03-16 00:09 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-04-10 11:52 - 2019-03-16 00:09 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-04-10 11:52 - 2019-03-16 00:09 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2019-04-10 11:52 - 2019-03-16 00:09 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-04-10 11:52 - 2019-03-16 00:09 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2019-04-10 11:52 - 2019-03-16 00:09 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-04-10 11:52 - 2019-03-16 00:09 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2019-04-10 11:52 - 2019-03-16 00:08 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-04-10 11:52 - 2019-03-16 00:08 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2019-04-10 11:52 - 2019-03-15 23:58 - 002368000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-04-10 11:52 - 2019-03-15 23:58 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2019-04-10 11:52 - 2019-03-15 23:58 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-04-10 11:52 - 2019-03-15 23:58 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-04-10 11:52 - 2019-03-15 23:58 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2019-04-10 11:52 - 2019-03-15 23:58 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-04-10 11:52 - 2019-03-15 23:58 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2019-04-10 11:52 - 2019-03-15 23:58 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2019-04-10 11:52 - 2019-03-15 23:42 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2019-04-10 11:52 - 2019-03-15 23:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2019-04-10 11:52 - 2019-03-15 23:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2019-04-10 11:52 - 2019-03-13 11:09 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-04-10 11:52 - 2019-03-13 11:02 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-04-10 11:52 - 2019-03-13 10:35 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2019-04-10 11:52 - 2019-03-13 10:35 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-04-10 11:52 - 2019-03-12 10:34 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-04-10 11:52 - 2019-03-12 10:34 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-04-10 11:52 - 2019-03-12 10:34 - 000340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-04-10 11:52 - 2019-03-11 17:41 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-04-10 11:52 - 2019-03-11 17:41 - 001894912 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2019-04-10 11:52 - 2019-03-11 17:41 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-04-10 11:52 - 2019-03-11 17:41 - 000688128 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2019-04-10 11:52 - 2019-03-11 17:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll
2019-04-10 11:52 - 2019-03-11 17:33 - 001391616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-04-10 11:52 - 2019-03-11 17:33 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2019-04-10 11:52 - 2019-03-11 17:33 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-04-10 11:52 - 2019-03-11 17:33 - 000107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll
2019-04-10 11:52 - 2019-02-21 11:48 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2019-04-10 11:52 - 2019-02-21 11:43 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2019-04-10 11:52 - 2019-02-21 11:37 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2019-04-10 11:52 - 2019-02-12 12:08 - 014184448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-04-10 11:52 - 2019-02-12 12:08 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2019-04-10 11:52 - 2019-02-12 11:58 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-04-10 11:52 - 2019-02-12 11:58 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2019-04-10 11:52 - 2019-02-08 12:08 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-04-10 11:52 - 2019-02-08 12:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-04-10 11:51 - 2019-03-26 02:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-04-10 11:51 - 2019-03-26 02:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-04-10 11:51 - 2019-03-26 01:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-04-10 11:51 - 2019-03-20 22:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-04-10 11:51 - 2019-03-20 22:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-04-10 11:51 - 2019-03-20 22:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-04-10 11:51 - 2019-03-20 22:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-04-10 11:51 - 2019-03-20 22:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-04-10 11:51 - 2019-03-20 22:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-04-10 11:51 - 2019-03-16 00:09 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-04-10 11:51 - 2019-03-15 23:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2019-04-10 11:51 - 2019-03-11 17:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2019-04-10 11:51 - 2019-03-11 17:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2019-04-10 11:51 - 2019-03-11 17:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2019-04-10 11:51 - 2019-03-11 17:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-09 10:23 - 2009-07-14 00:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-09 10:23 - 2009-07-14 00:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-09 10:20 - 2011-04-12 05:10 - 000747396 _____ C:\Windows\system32\perfh00A.dat
2019-05-09 10:20 - 2011-04-12 05:10 - 000158868 _____ C:\Windows\system32\perfc00A.dat
2019-05-09 10:20 - 2009-07-14 01:13 - 001676890 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-09 10:20 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2019-05-09 10:14 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-09 00:19 - 2016-12-09 19:08 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2019-05-08 23:55 - 2016-12-09 14:24 - 000111056 _____ C:\Users\Eduard\AppData\Local\GDIPFONTCACHEV1.DAT
2019-05-08 23:54 - 2009-07-14 00:45 - 000435616 _____ C:\Windows\system32\FNTCACHE.DAT
2019-05-08 21:36 - 2016-12-09 19:08 - 000000000 ____D C:\Users\Eduard\AppData\Roaming\DiskDefrag
2019-05-08 18:49 - 2016-12-10 12:26 - 000000000 ____D C:\Users\Eduard\AppData\Local\JDownloader 2.0
2019-05-08 07:23 - 2017-04-26 16:13 - 000000000 ____D C:\Windows\Minidump
2019-05-08 01:13 - 2019-04-05 17:20 - 000000000 ____D C:\found.004
2019-05-08 01:13 - 2018-12-02 09:29 - 000000000 ____D C:\found.002
2019-05-08 01:13 - 2018-12-01 20:43 - 000000000 ____D C:\found.001
2019-05-07 21:05 - 2016-12-10 10:41 - 000000000 ____D C:\Program Files (x86)\Steam
2019-05-07 21:02 - 2017-02-24 10:49 - 000000000 ____D C:\Users\Eduard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2019-05-06 02:40 - 2017-04-29 17:53 - 000000000 ____D C:\Users\Eduard\AppData\Local\CrashDumps
2019-05-06 02:40 - 2016-12-08 19:16 - 000000000 ____D C:\Windows\Panther
2019-05-06 02:40 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\ModemLogs
2019-05-05 20:57 - 2019-02-14 18:48 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-05-04 20:34 - 2018-09-24 17:53 - 000000000 ____D C:\Users\Eduard\Downloads\Memes
2019-05-01 23:19 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2019-05-01 04:15 - 2016-12-09 00:35 - 000000000 ____D C:\Users\Eduard
2019-04-30 19:12 - 2018-04-24 14:45 - 000001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2019-04-30 19:12 - 2016-12-09 19:08 - 000002976 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2019-04-30 03:25 - 2018-07-09 22:29 - 000000000 ____D C:\Users\Eduard\Downloads\Trance
2019-04-22 23:11 - 2017-01-17 16:02 - 000006144 ___SH C:\Users\Eduard\Documents\Thumbs.db
2019-04-21 12:32 - 2018-04-24 14:45 - 000002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-21 02:06 - 2017-02-05 12:45 - 000000000 ____D C:\Users\Eduard\AppData\Local\ElevatedDiagnostics
2019-04-20 21:04 - 2018-12-17 18:36 - 000000000 ____D C:\Users\Eduard\Downloads\MEmu Download
2019-04-20 20:14 - 2017-01-01 16:19 - 000000000 ____D C:\Users\Eduard\.android
2019-04-19 21:39 - 2019-04-02 21:36 - 000002198 _____ C:\Users\Eduard\Desktop\Looney Tunes.lnk
2019-04-19 21:11 - 2019-04-02 20:43 - 000002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2019-04-19 21:11 - 2019-04-02 20:42 - 000001825 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2019-04-19 21:11 - 2019-04-02 20:42 - 000001807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk
2019-04-19 21:05 - 2017-01-01 15:58 - 000000000 ____D C:\Users\Eduard\AppData\Local\Bluestacks
2019-04-19 17:49 - 2019-03-02 12:03 - 000069632 _____ C:\Windows\system32\config\sam.gu
2019-04-19 17:49 - 2019-03-02 12:03 - 000028672 _____ C:\Windows\system32\config\security.gu
2019-04-19 17:49 - 2009-07-13 22:34 - 109314048 _____ C:\Windows\system32\config\software.gu.bak
2019-04-19 17:49 - 2009-07-13 22:34 - 018087936 _____ C:\Windows\system32\config\system.gu.bak
2019-04-19 17:48 - 2009-07-13 22:34 - 006553600 _____ C:\Windows\system32\config\default.gu.bak
2019-04-19 17:32 - 2016-12-10 11:31 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-04-19 16:03 - 2016-12-09 23:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-04-19 16:03 - 2016-12-09 23:41 - 000000000 ____D C:\Program Files (x86)\Java
2019-04-19 16:01 - 2016-12-09 23:42 - 000099192 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2019-04-11 11:55 - 2018-05-15 19:00 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2017-01-12 23:27 - 2017-01-16 22:10 - 000000154 _____ () C:\Users\Eduard\AppData\Roaming\Rim.Desktop.Exception.log
2017-01-12 23:25 - 2017-01-17 14:27 - 000002021 _____ () C:\Users\Eduard\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2017-01-12 23:27 - 2017-01-16 22:10 - 000000154 _____ () C:\Users\Eduard\AppData\Roaming\Rim.DesktopHelper.Exception.log
2017-01-12 23:37 - 2017-01-16 22:10 - 000000154 _____ () C:\Users\Eduard\AppData\Roaming\Rim.Transcoder.Exception.log
2017-01-12 21:29 - 2017-05-01 22:17 - 000003146 _____ () C:\Users\Eduard\AppData\Roaming\SpeedRunnersLog.txt
2018-09-21 00:29 - 2018-09-21 00:29 - 000000006 _____ () C:\Users\Eduard\AppData\Local\4040BDD0000f056.dat
2018-09-20 22:06 - 2018-09-20 22:06 - 000000036 _____ () C:\Users\Eduard\AppData\Local\4051BDD0000f042.dat
2017-01-12 23:37 - 2017-01-16 18:41 - 000004608 _____ () C:\Users\Eduard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-30 19:25 - 2019-04-02 21:22 - 000007606 _____ () C:\Users\Eduard\AppData\Local\Resmon.ResmonCfg
2017-01-01 16:07 - 2017-05-25 01:37 - 000000552 _____ () C:\Users\Eduard\AppData\Local\TroubleshooterConfig.json

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\Windows\SysWOW64\mfc120u.dll [2013-10-05] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-03 11:33
==================== End of FRST.txt ============================
#13

Y el contenido de Addition.log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05.2019
Ran by Eduard (09-05-2019 10:25:09)
Running from C:\Users\Eduard\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-12-09 04:35:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-711283570-2395005781-3656168384-500 - Administrator - Disabled)
Eduard (S-1-5-21-711283570-2395005781-3656168384-1000 - Administrator - Enabled) => C:\Users\Eduard
HomeGroupUser$ (S-1-5-21-711283570-2395005781-3656168384-1006 - Limited - Enabled)
Invitado (S-1-5-21-711283570-2395005781-3656168384-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7thShare Card Data Recovery version 1.3.1.8 (HKLM-x32\...\{7thShareCardRecovery}_is1) (Version: 1.3.1.8 - www.7thShare.com)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.116 - Adobe)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.50.5.1003 - BlueStack Systems, Inc.)
Cake Mania 5 - Lights, Camera, Action! versión 1.001 (HKLM-x32\...\{E5F6571B-BA76-4BCF-B959-799C2BF20DF8}_is1) (Version: 1.001 - Xatmaxx)
Core Temp 1.13 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.13 - ALCPU)
Discord (HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
ForceBindIP (HKLM-x32\...\ForceBindIP) (Version:  - )
Glary Utilities PRO 5.118 (HKLM-x32\...\Glary Utilities 5) (Version: 5.118.0.143 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
GPU Temp version 1.0 (HKLM-x32\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com)
Hotspot Shield 7.9.0 (HKLM-x32\...\{07802bd7-13e7-4e3e-b106-1cf1e94f7d86}) (Version: 7.9.0.10982 - AnchorFree Inc.)
Hotspot Shield 7.9.0 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C1B7AD09}) (Version: 7.9.0.10982 - AnchorFree Inc.) Hidden
Hotspot Shield 7.9.0 (HKLM-x32\...\HotspotShield) (Version: 7.9.0 - AnchorFree Inc.) Hidden
IP Camera Adapter (HKLM\...\{4BDCAE75-A7F5-467E-B387-879C4205DCE0}) (Version: 3.0.0.0 - Pavel Khlebovich)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MTP Porting Kit (HKLM-x32\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp)
NVIDIA Controlador de 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Panel de control de NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden
Revo Uninstaller Pro 3.2.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.0 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1260 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
VIA Administrador de dispositivos de plataforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Windoff 5.0 (HKLM-x32\...\Windoff_is1) (Version:  - uvesoft)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7944 more sites.

IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-711283570-2395005781-3656168384-1000\...\123simsen.com -> www.123simsen.com

There are 7944 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2019-04-06 12:47 - 000455006 ____R C:\Windows\system32\drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

There are 15616 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-711283570-2395005781-3656168384-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Eduard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: !SASCORE => 3
MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 3
MSCONFIG\Services: BstHdPlusAndroidSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: NvContainerLocalSystem => 3
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: nvsvc => 3
MSCONFIG\Services: NvTelemetryContainer => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SDScannerService => 3
MSCONFIG\Services: SDUpdateService => 3
MSCONFIG\Services: SDWSCService => 3
MSCONFIG\Services: SkypeUpdate => 3
MSCONFIG\Services: Stereo Service => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{46C0C7B6-F214-479E-9337-F6C4FE8FC9F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{92CD85D8-40CA-4E80-B244-EC7B061521ED}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6D92FFE9-90D4-41C9-A2EE-3CE0BC31551D}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{25A024F4-E78B-4C52-91E1-2818A3C8D76F}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{F13F0F81-6FB9-4462-B95E-087F53D17E64}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{51CEAE97-ABA9-43EB-8ED0-C4CE43BDC6A0}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [TCP Query User{83D42A59-4270-4318-9633-DBF56AA2BEA2}E:\move or die v5 0 9 veroxpivigames\move or die v5.0.9\love\win\love.exe] => (Allow) E:\move or die v5 0 9 veroxpivigames\move or die v5.0.9\love\win\love.exe No File
FirewallRules: [UDP Query User{918CEE16-BCBE-4B9F-BBF1-92C0FBED516E}E:\move or die v5 0 9 veroxpivigames\move or die v5.0.9\love\win\love.exe] => (Allow) E:\move or die v5 0 9 veroxpivigames\move or die v5.0.9\love\win\love.exe No File
FirewallRules: [{1776D8C9-58BB-433D-AB9D-8438CF3B4154}] => (Allow) E:\Move or Die v5 0 9 VeroxPiviGames\Move or Die v5.0.9\MoveOrDie.exe No File
FirewallRules: [{D87ABD7D-F1E8-45E7-BBE3-49E02567D925}] => (Allow) E:\Move or Die v5 0 9 VeroxPiviGames\Move or Die v5.0.9\MoveOrDie.exe No File
FirewallRules: [{E3D2297A-C958-4E69-930C-11A3A223D64A}] => (Allow) E:\Move or Die v5 0 9 VeroxPiviGames\Move or Die v5.0.9\MoveOrDie.exe No File
FirewallRules: [{FFFCB11F-9321-4AB5-9944-FF87A893F249}] => (Allow) E:\Move or Die v5 0 9 VeroxPiviGames\Move or Die v5.0.9\MoveOrDie.exe No File
FirewallRules: [{E212FC01-403F-4FBF-8AEB-E91EA6EA51B4}] => (Allow) E:\Move or Die v5 0 9 VeroxPiviGames\Move or Die v5.0.9\VT_Launcher.exe No File
FirewallRules: [{65F6D045-8ED7-4F55-A9E0-49FB53A7BF05}] => (Allow) E:\Move or Die v5 0 9 VeroxPiviGames\Move or Die v5.0.9\VT_Launcher.exe No File
FirewallRules: [{87753C18-23CA-40FE-8F3E-70ADDAE7B83E}] => (Allow) E:\Move or Die v5 0 9 VeroxPiviGames\Move or Die v5.0.9\VT_Launcher.exe No File
FirewallRules: [{BBFA1A8C-5CA1-4787-9B0B-09BDBBCDB230}] => (Allow) E:\Move or Die v5 0 9 VeroxPiviGames\Move or Die v5.0.9\VT_Launcher.exe No File
FirewallRules: [{544FC027-7E43-4B10-AE62-3BB952FF7542}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{987423CB-7BCF-4E41-BFA7-EF305ED05196}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{8B18EA31-5508-4D8C-8DD7-3C8E32D2A171}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe (DoubleDutch Games) [File not signed]
FirewallRules: [{CC0E3623-07CD-4810-BCFE-5DB1E325E9AB}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe (DoubleDutch Games) [File not signed]
FirewallRules: [{E9D72DC6-85EF-462F-984E-1403797E6C46}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe (Vertigo Gaming ) [File not signed]
FirewallRules: [{47F7B543-9296-436B-8E3B-0DC2D458CFA8}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe (Vertigo Gaming ) [File not signed]
FirewallRules: [TCP Query User{1ABE618E-55B1-4A21-B8EF-BC0FDFD9DBEE}E:\archivos de programa\steam\steamapps\common\half-life\hl.exe] => (Allow) E:\archivos de programa\steam\steamapps\common\half-life\hl.exe (Valve -> Valve)
FirewallRules: [UDP Query User{3E7AAFAD-4ED2-416D-A680-5AC8253CCA15}E:\archivos de programa\steam\steamapps\common\half-life\hl.exe] => (Allow) E:\archivos de programa\steam\steamapps\common\half-life\hl.exe (Valve -> Valve)
FirewallRules: [TCP Query User{ED2915E5-29D1-4E47-A3B4-BB03B9249C1A}E:\archivos de programa\steam\steamapps\common\magicka\magicka.exe] => (Allow) E:\archivos de programa\steam\steamapps\common\magicka\magicka.exe (Arrowhead Game Studios AB) [File not signed]
FirewallRules: [UDP Query User{04D2DA77-D086-471E-9FF9-7F50F6970A16}E:\archivos de programa\steam\steamapps\common\magicka\magicka.exe] => (Allow) E:\archivos de programa\steam\steamapps\common\magicka\magicka.exe (Arrowhead Game Studios AB) [File not signed]
FirewallRules: [TCP Query User{0155CC16-F759-44D4-806F-EA6112F08755}E:\archivos de programa\steam\steamapps\common\teeworlds\tw\teeworlds_srv.exe] => (Allow) E:\archivos de programa\steam\steamapps\common\teeworlds\tw\teeworlds_srv.exe No File
FirewallRules: [UDP Query User{E8E94C1F-6730-4544-92B1-2B402A4D6976}E:\archivos de programa\steam\steamapps\common\teeworlds\tw\teeworlds_srv.exe] => (Allow) E:\archivos de programa\steam\steamapps\common\teeworlds\tw\teeworlds_srv.exe No File
FirewallRules: [TCP Query User{EA2DC43A-0DA5-4C07-A610-EF6ABC9649EE}D:\32bits\ \servers\server kreedz\hlds.exe] => (Allow) D:\32bits\*\servers\server kreedz\hlds.exe No File
FirewallRules: [UDP Query User{8FA9396A-4100-493E-B1C7-3F6544B0590E}D:\32bits\ \servers\server kreedz\hlds.exe] => (Allow) D:\32bits\*\servers\server kreedz\hlds.exe No File
FirewallRules: [TCP Query User{EBA1F05C-0725-45C0-B148-900C49BCDD15}E:\archivos de programa\magicka 2\engine\magicka2.exe] => (Allow) E:\archivos de programa\magicka 2\engine\magicka2.exe No File
FirewallRules: [UDP Query User{D61E2533-47C7-4F47-8E70-2439BF3EFD38}E:\archivos de programa\magicka 2\engine\magicka2.exe] => (Allow) E:\archivos de programa\magicka 2\engine\magicka2.exe No File
FirewallRules: [TCP Query User{D8D9DF3C-23A0-4189-90DA-B2AD47FA59C0}E:\archivos de programa\move or die v6.0.3\love\win\love.exe] => (Allow) E:\archivos de programa\move or die v6.0.3\love\win\love.exe No File
FirewallRules: [UDP Query User{B1ADA89A-3340-4D2A-81CB-CBD555151628}E:\archivos de programa\move or die v6.0.3\love\win\love.exe] => (Allow) E:\archivos de programa\move or die v6.0.3\love\win\love.exe No File
FirewallRules: [{D776591C-3C8A-43C9-83BE-6F2CA8D42BEA}] => (Allow) E:\SSE\SmartSteamEmu141\SSELauncher.exe () [File not signed]
FirewallRules: [{F93D1A0A-C008-4590-AE34-0B6A808B9DEC}] => (Allow) E:\SSE\SmartSteamEmu141\SSELauncher.exe () [File not signed]
FirewallRules: [{603FF362-1165-4A5F-A500-9BB4916C274C}] => (Allow) E:\SSE\SmartSteamEmu141\SSELauncher.exe () [File not signed]
FirewallRules: [{C93D6847-4E19-4454-83C9-A7FEBD9F7E97}] => (Allow) E:\SSE\SmartSteamEmu141\SSELauncher.exe () [File not signed]
FirewallRules: [{86904AF4-B627-4590-947E-F47DC196319E}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\Geometry Dash\GeometryDash.exe () [File not signed]
FirewallRules: [{7ABFF523-3115-4FA9-9C2A-F5AFAB136BC4}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\Geometry Dash\GeometryDash.exe () [File not signed]
FirewallRules: [{8BD54909-7438-4801-8FE8-4BBBE5F5C300}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Portal 2\portal2.exe () [File not signed]
FirewallRules: [{E8FC8B2F-A295-46D2-825E-9FF4610E02E1}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Portal 2\portal2.exe () [File not signed]
FirewallRules: [{41651DDC-B13D-460F-ADBF-ACB510F280E9}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Move or Die\MoveOrDie.exe () [File not signed]
FirewallRules: [{6F00660E-FC1B-42EC-B574-7E6FABD876F2}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Move or Die\MoveOrDie.exe () [File not signed]
FirewallRules: [{51B0119C-36F3-4CE4-B8DD-7B039E812B1E}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Move or Die\Editor.exe () [File not signed]
FirewallRules: [{AB8C1E16-C744-49A2-80FD-305DD0257480}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Move or Die\Editor.exe () [File not signed]
FirewallRules: [TCP Query User{7F0F0D7D-61EA-459F-8D63-DBEC19B1823C}D:\32bits\ \servers\server normal\hlds.exe] => (Allow) D:\32bits\*\servers\server normal\hlds.exe No File
FirewallRules: [UDP Query User{F3E99291-027A-4B7D-A7C2-6E07440B8603}D:\32bits\ \servers\server normal\hlds.exe] => (Allow) D:\32bits\*\servers\server normal\hlds.exe No File
FirewallRules: [TCP Query User{38BF4F1A-7D7C-4CA0-AE26-923C8BD3395C}D:\32bits\ \servers\hlserver\hlds.exe] => (Allow) D:\32bits\*\servers\hlserver\hlds.exe No File
FirewallRules: [UDP Query User{5C44EA40-E691-41F5-87CE-7A5FD8610163}D:\32bits\ \servers\hlserver\hlds.exe] => (Allow) D:\32bits\*\servers\hlserver\hlds.exe No File
FirewallRules: [TCP Query User{C11A77DA-5659-4DB7-A65B-F7A8BF0937F7}E:\archivos de programa\steam\steamapps\common\move or die\love\win\love.exe] => (Allow) E:\archivos de programa\steam\steamapps\common\move or die\love\win\love.exe () [File not signed]
FirewallRules: [UDP Query User{D3914A8D-CDC3-4D32-BF4A-980FDBF8E1F9}E:\archivos de programa\steam\steamapps\common\move or die\love\win\love.exe] => (Allow) E:\archivos de programa\steam\steamapps\common\move or die\love\win\love.exe () [File not signed]
FirewallRules: [{16A8EE17-14A6-4678-9638-5761C9B14CC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe No File
FirewallRules: [{7DBCE18A-0424-4EF2-84D0-D08A6E28B771}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe No File
FirewallRules: [{FD1D03DD-73E8-42F2-BED9-031D6A7BC535}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
FirewallRules: [{2891F722-A486-49BB-88A5-93A122FCFE5C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe No File
FirewallRules: [{97DA2676-69E0-4325-868E-E543797FD7A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe No File
FirewallRules: [TCP Query User{723B15B6-4ACC-4594-BCEC-49134075AC4B}E:\archivos de programa\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe] => (Allow) E:\archivos de programa\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe (Activision Publishing Inc -> )
FirewallRules: [UDP Query User{F0DDDF9E-DF14-4C6B-A4A6-6118E0E26D82}E:\archivos de programa\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe] => (Allow) E:\archivos de programa\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe (Activision Publishing Inc -> )
FirewallRules: [TCP Query User{F19D344F-3C70-41CC-A591-4A0DB2AC5351}E:\archivos de programa\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe] => (Allow) E:\archivos de programa\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe (Valve Corp. -> ) [File not signed]
FirewallRules: [UDP Query User{3DD67FEF-0659-497D-8D49-99FFEAE51CFD}E:\archivos de programa\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe] => (Allow) E:\archivos de programa\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe (Valve Corp. -> ) [File not signed]
FirewallRules: [TCP Query User{52A4E49A-5B95-4BA1-A5B6-F7E6F9AD3B44}D:\archivos de programa\steam\steamapps\common\synergy\synergy.exe] => (Allow) D:\archivos de programa\steam\steamapps\common\synergy\synergy.exe () [File not signed]
FirewallRules: [UDP Query User{9C38BC03-1D09-4C01-85F2-684930AD26BE}D:\archivos de programa\steam\steamapps\common\synergy\synergy.exe] => (Allow) D:\archivos de programa\steam\steamapps\common\synergy\synergy.exe () [File not signed]
FirewallRules: [{9C1201C3-A5B9-4985-B6B3-A0D14885FA93}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{1E6F71D2-50A2-400A-87F5-05AE492C27BB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{5025389B-DD8B-4BA1-9628-A378D44DC34F}] => (Allow) LPort=1688
FirewallRules: [{2F81DC42-FCFC-4F90-9F4A-5F80B737B11B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe No File
FirewallRules: [{3E11E30E-1D03-4EA3-8228-98DE4A216EA1}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe No File
FirewallRules: [{F9F73486-A7C9-494B-A975-9A3D761D2AF2}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe No File
FirewallRules: [{31E92ECA-72CF-431E-95E6-69C51A24619C}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe No File
FirewallRules: [{940064DD-99A6-44F0-A5EF-AF165684AF9D}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe No File
FirewallRules: [{1B56AA18-FB64-4DF3-8989-3C891B10E7C8}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe No File
FirewallRules: [TCP Query User{D91066FC-6108-4807-BF87-30DC8A40D17B}C:\program files\parsec\parsec.exe] => (Allow) C:\program files\parsec\parsec.exe No File
FirewallRules: [UDP Query User{7D2F99BB-E42B-4E7C-B814-6D3AD96A887D}C:\program files\parsec\parsec.exe] => (Allow) C:\program files\parsec\parsec.exe No File
FirewallRules: [{1148BC37-E3A5-4FD3-A6E6-7FE3B4BD43A2}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\HeroSiege\bin\Hero_Siege.exe No File
FirewallRules: [{9B5ED472-A0BB-4DCB-BB70-64CB65D8651F}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\HeroSiege\bin\Hero_Siege.exe No File
FirewallRules: [{9417A93D-1569-40DC-BE6C-90C1B1F46F41}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\NEKOPARA Vol. 2\nekopara_vol2.exe () [File not signed]
FirewallRules: [{5F03897D-B858-4F72-B33F-30372A75DA66}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\NEKOPARA Vol. 2\nekopara_vol2.exe () [File not signed]
FirewallRules: [{E122D778-E772-4985-9BAD-4846C924534E}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Holy Potatoes! A Weapon Shop!\HPAWS.exe () [File not signed]
FirewallRules: [{C2BB13C1-9FBA-4FF9-B0FC-4631550F678A}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Holy Potatoes! A Weapon Shop!\HPAWS.exe () [File not signed]
FirewallRules: [{28C2FB82-B353-4AAB-851A-DFB062BD1A29}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Blockland\Blockland.exe () [File not signed]
FirewallRules: [{D4F827C3-D43B-414B-88E5-FE216CCE40CB}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Blockland\Blockland.exe () [File not signed]
FirewallRules: [TCP Query User{07B34966-E7CD-4DC7-8118-C68EB36B0D90}C:\program files (x86)\bluestacks\hd-player.exe] => (Allow) C:\program files (x86)\bluestacks\hd-player.exe No File
FirewallRules: [UDP Query User{06A1B369-71B2-48C3-A49D-D66FB44F0569}C:\program files (x86)\bluestacks\hd-player.exe] => (Allow) C:\program files (x86)\bluestacks\hd-player.exe No File
FirewallRules: [{DF4D8EEC-A3ED-4D1B-BD28-56339F66C6FA}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\LEGO Jurassic World\LEGOJurassicWorld.exe (Travellers Tales (UK) Ltd -> Warner Bros. Interactive Entertainment)
FirewallRules: [{316CB5E5-4431-41E8-A43A-3BDB25367E27}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\LEGO Jurassic World\LEGOJurassicWorld.exe (Travellers Tales (UK) Ltd -> Warner Bros. Interactive Entertainment)
FirewallRules: [{C5DFE0B5-DFB8-4DE2-AE68-A11C5AF9E832}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BD2B3D21-C11A-4B92-8045-BE7EA825141A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{67BDEEC9-E65C-4CB7-932A-C6172193CC54}E:\archivos de programa\hyxd\engine\binaries\win32\hyxd.exe] => (Allow) E:\archivos de programa\hyxd\engine\binaries\win32\hyxd.exe No File
FirewallRules: [UDP Query User{6B9C0CD9-B524-4D27-9839-A66EFBF52790}E:\archivos de programa\hyxd\engine\binaries\win32\hyxd.exe] => (Allow) E:\archivos de programa\hyxd\engine\binaries\win32\hyxd.exe No File
FirewallRules: [TCP Query User{CF07599E-DC34-46EE-9ADA-687A91C4E327}E:\archivos de programa\hyxd\engine\binaries\win32\cc\ccmini.exe] => (Allow) E:\archivos de programa\hyxd\engine\binaries\win32\cc\ccmini.exe No File
FirewallRules: [UDP Query User{03385CAF-E784-44A3-AF39-7F25DC77C69B}E:\archivos de programa\hyxd\engine\binaries\win32\cc\ccmini.exe] => (Allow) E:\archivos de programa\hyxd\engine\binaries\win32\cc\ccmini.exe No File
FirewallRules: [{5252D40D-4048-469D-9F6F-07A51AA1B060}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{C5D5CC95-2FE8-4D58-9A66-FEC42B2F356E}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [TCP Query User{E48E2361-9AC3-454F-AC67-4A21E4AEBD94}E:\archivos de programa\steam\steamapps\common\insurgency2\insurgency_x64.exe] => (Allow) E:\archivos de programa\steam\steamapps\common\insurgency2\insurgency_x64.exe No File
FirewallRules: [UDP Query User{B82741C8-EFA1-449D-BF97-402D6B0E4D75}E:\archivos de programa\steam\steamapps\common\insurgency2\insurgency_x64.exe] => (Allow) E:\archivos de programa\steam\steamapps\common\insurgency2\insurgency_x64.exe No File
FirewallRules: [{9FC33C0A-B8C1-4316-BDE4-7710328BE534}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Metro 2033\metro2033.exe (THQ, Inc. -> 4A Games)
FirewallRules: [{5F37FD3E-BF60-48CA-A89F-30D0D65EFE0E}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Metro 2033\metro2033.exe (THQ, Inc. -> 4A Games)
FirewallRules: [TCP Query User{3B5868EF-E6AE-4FBE-83D3-4915680325F6}C:\program files\smplayer\simple_web_server.exe] => (Allow) C:\program files\smplayer\simple_web_server.exe No File
FirewallRules: [UDP Query User{D4687952-A381-4A67-91E0-B413A36A2611}C:\program files\smplayer\simple_web_server.exe] => (Allow) C:\program files\smplayer\simple_web_server.exe No File
FirewallRules: [{A818FDD6-CEB2-420E-86DA-FDFBB69B23AD}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\The LEGO Movie - Videogame\LEGOEMMET.exe (Travellers Tales (UK) Ltd -> Warner Bros. Interactive Entertainment)
FirewallRules: [{69BAFCEB-D178-469D-9A88-202505E96DB7}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\The LEGO Movie - Videogame\LEGOEMMET.exe (Travellers Tales (UK) Ltd -> Warner Bros. Interactive Entertainment)
FirewallRules: [{A620F698-E817-4B67-B35F-48A570981E7A}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Half-Life 2\hl2.exe (Valve -> )
FirewallRules: [{5A790894-2450-4E61-98A8-BB8BFD70EAF8}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Half-Life 2\hl2.exe (Valve -> )
FirewallRules: [{27973019-0228-47D8-AB8C-7E3D1BD25B21}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe () [File not signed]
FirewallRules: [{B70304E4-50E4-42E2-B155-44AF558D4478}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe () [File not signed]
FirewallRules: [{6B2C7AD2-3B69-421E-97E1-242356E87702}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\RESIDENT EVIL REVELATIONS\rerev.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{01101B2A-4071-420D-BF17-022310425E7A}] => (Allow) D:\Archivos de programa\Steam\steamapps\common\RESIDENT EVIL REVELATIONS\rerev.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{CD4A9A8E-D769-4A9B-925C-B24D515FE514}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Serious Sam 3\Bin\Sam3.exe (GHI Media LLC -> Croteam) [File not signed]
FirewallRules: [{C6A835F7-87DA-4FEC-AD47-708D93857957}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Serious Sam 3\Bin\Sam3.exe (GHI Media LLC -> Croteam) [File not signed]
FirewallRules: [{4D29831F-9E08-4E40-BBF2-1F33E525635A}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe (GHI Media LLC -> Croteam) [File not signed]
FirewallRules: [{2271233F-3E92-4F59-9184-37645B738945}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe (GHI Media LLC -> Croteam) [File not signed]
FirewallRules: [{3B874F5E-B4E6-4D13-ABD0-46F7C9D78758}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe No File
FirewallRules: [{25C6EB6A-1396-4A65-AF7C-D7DF5AB5A77A}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe No File
FirewallRules: [{8F6F9124-02D8-48F0-9307-B5D5A64ED5B5}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{2CE10DE3-149C-4CED-AA50-4335825D820A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{E98D3B39-F06A-4A2B-A588-578DC5662453}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Magicka 2\engine\Magicka2.exe () [File not signed]
FirewallRules: [{32A13464-4976-4E8A-B666-1A4B8D673583}] => (Allow) E:\Archivos de programa\Steam\SteamApps\common\Magicka 2\engine\Magicka2.exe () [File not signed]
FirewallRules: [{A930A969-01E9-457C-B94E-FA85A6E281B0}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe No File
FirewallRules: [{D5787D1A-7EEA-4F2C-839E-73E2D62B36A4}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe No File
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

08-05-2019 11:19:35 Windows Update
08-05-2019 22:02:44 Installed DriversCloud.com (64 bits)
08-05-2019 22:12:37 Removed DriversCloud.com (64 bits)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

==================== Memory info =========================== 

BIOS: Phoenix Technologies, LTD P05 02/23/2009
Motherboard: FOXCONN M61PMV
Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 65%
Total physical RAM: 4094.49 MB
Available physical RAM: 1392.78 MB
Total Virtual: 8187.13 MB
Available Virtual: 5476.02 MB

==================== Drives ================================

Drive c: (Disco local) (Fixed) (Total:150.25 GB) (Free:57.29 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Almacenamiento Data) (Fixed) (Total:537.11 GB) (Free:23.44 GB) NTFS
Drive e: (Games) (Fixed) (Total:244.14 GB) (Free:52.03 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2BB32BB2)
Partition 1: (Active) - (Size=150.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=781.3 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================
#14

Hola.

Mientras termino de revisar y evaluar los informes…unas consultas :

1.- Tuviste instalado Kaspersky como antivirus(veo restos de él), como lo eliminaste en su momento.?

2.- Que otros antivirus has tenido instalados en ese equipo y como fueron desinstalados.?

3.- Usas Spyboot como complemento del antivirus de Windows desde hace mucho tiempo.?

4.- También tienes instalado Superantispyware desde hace mucho… :thinking:

Nos comentas y seguimos valorando.

Saludos.

#15

Hola. Nunca tuve instalado Kaspersky, quizás en algún momento hice un scan online. Aparte del Malwarebytes, usaba el Nod32 en conjunto, pero lo elimine con su desinstalador predeterminado debido a que solía usarme el 50 a 75% del CPU sin ningún motivo. Spybot y Superantispyware los uso de manera manual para scaneos apartes. Y básicamente han estado desde que instale el Windows. Espero resultados con tu opinión.

#16

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
BootExecute: autocheck autochk * BootDefrag.exe
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF Extension: (NeoBux AdAlert) - C:\Users\Eduard\AppData\Roaming\Mozilla\Firefox\Profiles\y10xvr4t.default\Extensions\{eb80b076-a444-444c-a590-5aee5d977d80}.xpi [2018-07-10]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2017-01-12 23:37 - 2017-01-16 18:41 - 000004608 _____ () C:\Users\Eduard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
FCheck: C:\Windows\SysWOW64\mfc120u.dll [2013-10-05] <==== ATTENTION (zero byte File/Folder)
2019-05-01 01:34 - 2019-05-01 01:34 - 000000000 ____D C:\ProgramData\Kaspersky Lab
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora inicia tu equipo desde el :arrow_forward: Modo Seguro – con funciones de Red, de Windows

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

#17

Hola, aquí está el reporte:

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05.2019
Ran by Eduard (09-05-2019 22:50:59) Run:1
Running from C:\Users\Eduard\Desktop
Loaded Profiles: Eduard (Available Profiles: Eduard)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
BootExecute: autocheck autochk * BootDefrag.exe
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF Extension: (NeoBux AdAlert) - C:\Users\Eduard\AppData\Roaming\Mozilla\Firefox\Profiles\y10xvr4t.default\Extensions\{eb80b076-a444-444c-a590-5aee5d977d80}.xpi [2018-07-10]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2017-01-12 23:37 - 2017-01-16 18:41 - 000004608 _____ () C:\Users\Eduard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
FCheck: C:\Windows\SysWOW64\mfc120u.dll [2013-10-05] <==== ATTENTION (zero byte File/Folder)
2019-05-01 01:34 - 2019-05-01 01:34 - 000000000 ____D C:\ProgramData\Kaspersky Lab
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
C:\Users\Eduard\AppData\Roaming\Mozilla\Firefox\Profiles\y10xvr4t.default\Extensions\{eb80b076-a444-444c-a590-5aee5d977d80}.xpi => moved successfully
C:\Users\Eduard\AppData\Roaming\Mozilla\Firefox\Profiles\y10xvr4t.default\Extensions\{eb80b076-a444-444c-a590-5aee5d977d80}.xpi => path removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible => removed successfully
nvvad_WaveExtensible => service removed successfully
HKLM\System\CurrentControlSet\Services\nvvhci => removed successfully
nvvhci => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
C:\Users\Eduard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Windows\SysWOW64\mfc120u.dll => moved successfully
C:\ProgramData\Kaspersky Lab => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-711283570-2395005781-3656168384-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-711283570-2395005781-3656168384-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::31de:4f66:ab85:230b%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.101
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

Adaptador de t£nel isatap.{9A83FBE6-A15E-4FA5-A542-43B96FB891DA}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20620058 B
Java, Flash, Steam htmlcache => 298401399 B
Windows/system/drivers => 13645607 B
Edge => 0 B
Chrome => 167514669 B
Firefox => 16897354 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 7540 B
Eduard => 21979954 B
UpdatusUser => 0 B

RecycleBin => 107585 B
EmptyTemp: => 514.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:52:59 ====

¿Puedes explicarme un poco lo que hiciste?

#18

Hola.

Explicar lo que hacemos al mandaros un script de corrección, es bastante fácil y a la vez complejo…:roll_eyes:

En resumen hacemos correcciones sobre las entradas que vemos que son o pueden ser conflictivas desde varios puntos de vista, por infecciones, por estar “rotas”, por asociar/contener drivers/ficheros inadecuados y otras muchas variables que vemos al analizar/estudiar vuestros informes y/o en base a nuestra larga experiencia y conocimientos…

Ademas…y de forma general o casi siempre, eliminamos archivos temporales del sistema, reseteamos las entradas permitidas en el Firewall y otros parámetros/modificaciones pertinentes en cada caso.

Ahora quedaría que TU nos dijeras como sigue el problema por el que iniciaste este tema para poderte dar mas indicad iones o los pasos finales.

Saludos.

#19

Hola. Entiendo! Bueno hasta ahora el sistema ha funcionado con más normalidad. Ya no se bloquea totalmente. Si no parcialmente por periodos cortos. Adicionalmente al iniciar windows queda una pantalla en negro por unos minutos y luego entra en la parte de elegir una cuenta para iniciar sesión cosa que no debería ya que solo hay una cuenta única que es la de administrador.

#20

Bien…pues vamos a seguir revisando tu equipo por si queda algún resto de infección. :thinking:

Ahora ejecuta un análisis con :arrow_forward: ESET Online y cuando te salga esta pantalla :


Debes seguir estos pasos :

  • 1.- Marcas :ballot_box_with_check: todas esas opciones.
  • 2.- Pulsar sobre " Cambiar……" y seleccionas todas las unidades de disco y/o usb que tengas.
  • 3.- Pulsar en “Iniciar” y comenzara el análisis.

Con esto realizaras un análisis completo de todo el equipo, cuando termines todo el proceso, guardas el informe, que veras la opción para exportar/guardar en TXT y lo dejas guardado en tu escritorio para ponerlo en tu próxima respuesta.

Finalizas el proceso desinfectando los elementos encontrados y Reinicia tu PC, y nos pones el informe en tu próxima respuesta.

Y coméntanos como funciona tu equipo.

Saludos.

P,D// Ademas dinos cuantos años tiene tu equipo de escritorio(calculo que ± debe ser del año 2008) y si has realizado limpieza interna del mismo en algún momento. :thinking:

#21

Hola! El analisis solo detecto puro falso positivo:

|C:\Users\Eduard\Downloads\ccsetup556.exe|Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa||
|---|---|---|
|C:\Users\Eduard\Desktop\Escritorio\Programas Esenciales.rar|Win32/HackTool.WinActivator.I aplicación potencialmente peligrosa|eliminado|
|D:\Series\Office 2016\Activadores\KMSAuto Lite Portable v1.2.1\KMSAuto.exe|una variante de Win32/HackKMS.Q aplicación potencialmente peligrosa|no se ha podido desinfectar - archivo eliminado|
|D:\Series\Office 2016\Activadores\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe|una variante de MSIL/HackKMS.I aplicación potencialmente peligrosa|no se ha podido desinfectar - archivo eliminado|
|D:\Series\Office 2016\Activadores\KMSpico.v10.1.6.FINAL-heldigard\KMSpico Install\KMSpico_setup.exe|una variante de MSIL/HackTool.IdleKMS.E aplicación potencialmente peligrosa|no se ha podido desinfectar - archivo eliminado|
|D:\Series\Office 2016\Activadores\Microsoft.Toolkit.v2.6.BETA.1-CODYQX4\MTKV26B1.zip|una variante de MSIL/HackKMS.G aplicación potencialmente peligrosa|eliminado|
|E:\Windows old\Escritorio\KMPlayer.v4.2.1.2.Multilingual-FREE\disable_ads.cmd|BAT/HostsChanger.A aplicación potencialmente peligrosa|no se ha podido desinfectar - archivo eliminado|
|E:\Windows old\Escritorio\KMPlayer.v4.2.1.2.Multilingual-FREE\KMPlayer_3.6.0.87.exe|una variante de Win32/Bundled.Toolbar.Ask.C aplicación potencialmente peligrosa|no se ha podido desinfectar - archivo eliminado|

Si, el equipo tiene más o menos ese tiempo. Y limpieza interna se la hago cada uno o dos meses de uso. Y bueno el funcionamiento no ha cambiado a como lo describí anteriormente, cuando se inicia entra en una pantalla en negro por un minuto (con mouse en pantalla), luego pasa a la pantalla normal de inicio, y luego entra en selección de cuenta de sesión. En lugar de ir ir directamente al escritorio.