Comportamiento raro pc


#1

Pasa que mi pc empezó a ponerse lenta de la nada y la aplicación de steam al abrirla daba error(a pesar de reinstalarla) por lo que buscando guías traigo los informes de los programas. Gracias de antemano :smiley:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 14/1/19
Hora del análisis: 21:35
Archivo de registro: 48acfa4e-186e-11e9-a5b7-101f740e45bb.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.519
Versión del paquete de actualización: 1.0.8786
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.523)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-L9M6CMB\TEISU

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 283196
Amenazas detectadas: 20
Amenazas en cuarentena: 19
Tiempo transcurrido: 5 min, 46 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 2
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE, En cuarentena, [6988], [239347],1.0.8786
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE, En cuarentena, [6988], [239347],1.0.8786

Valor del registro: 2
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE|DEBUGGER, En cuarentena, [6988], [239347],1.0.8786
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE|DEBUGGER, En cuarentena, [6988], [239347],1.0.8786

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 16
PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.8.1\STANDALONEPHASE1.DAT, Sin acciones por parte del usuario, [7992], [393793],1.0.8786
PUP.Optional.InstallCore.Generic, C:\USERS\TEISU\DOWNLOADS\FFSETUPLATEST.EXE, En cuarentena, [529], [512393],1.0.8786
PUP.Optional.InstallCore, C:\USERS\TEISU\DOWNLOADS\CHEATENGINE681.EXE, En cuarentena, [419], [500846],1.0.8786
PUP.Optional.Searchoholic, C:\USERS\TEISU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [357], [522756],1.0.8786
PUP.Optional.Searchoholic, C:\USERS\TEISU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [357], [522756],1.0.8786
PUP.Optional.Iminent, C:\USERS\TEISU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [98], [455248],1.0.8786
PUP.Optional.Iminent, C:\USERS\TEISU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [98], [455248],1.0.8786
PUP.Optional.Spigot, C:\USERS\TEISU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [168], [454814],1.0.8786
PUP.Optional.Spigot, C:\USERS\TEISU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [168], [454814],1.0.8786
PUP.Optional.Iminent, C:\USERS\TEISU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [98], [455248],1.0.8786
PUP.Optional.Iminent, C:\USERS\TEISU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [98], [455248],1.0.8786
PUP.Optional.ASK, C:\USERS\TEISU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [2], [454822],1.0.8786
PUP.Optional.ASK, C:\USERS\TEISU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [2], [454822],1.0.8786
PUP.Optional.Iminent, C:\USERS\TEISU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [98], [455248],1.0.8786
PUP.Optional.Iminent, C:\USERS\TEISU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [98], [455248],1.0.8786
PUP.Optional.Iminent, C:\USERS\TEISU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [98], [455248],1.0.8786

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

#3
# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-01-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-14-2019
# Duration: 00:00:12
# OS:       Windows 10 Pro
# Cleaned:  25
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\IObit\Advanced SystemCare
Deleted       C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted       C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Users\TEISU\AppData\LocalLow\IObit\Advanced SystemCare
Deleted       C:\Users\TEISU\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted       HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted       HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted       HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted       HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted       HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted       HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       WebSearch
Deleted       Softonic ES
Deleted       Softonic EN
Deleted       Softonic ES
Deleted       Softonic ES

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3394 octets] - [14/01/2019 21:44:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64 
Ran by TEISU (Administrator) on lun. 14/01/2019 at 21:55:49.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1 

Successfully deleted: C:\ProgramData\productdata (Folder) 



Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BFAE61D-4A6D-4467-9E5E-FE5293D10F9F} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BFAE61D-4A6D-4467-9E5E-FE5293D10F9F} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on lun. 14/01/2019 at 22:05:36.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#5
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.01.2019 01
Ran by TEISU (administrator) on DESKTOP-L9M6CMB (14-01-2019 22:07:44)
Running from C:\Users\TEISU\Downloads
Loaded Profiles: TEISU (Available Profiles: TEISU)
Platform: Windows 10 Pro Version 1803 17134.523 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\Run: [uTorrent] => C:\Users\TEISU\AppData\Roaming\uTorrent\uTorrent.exe [2003384 2019-01-09] (BitTorrent Inc.)
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3200800 2018-05-21] (Valve Corporation)
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\MountPoints2: {7f1eac41-a7eb-11e8-92c9-cc52afa91f31} - "I:\setup.exe" 
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( )
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] ()
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [181760 2018-04-11] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32-x32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project)
HKLM\...\Drivers32-x32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( )
HKLM\...\Drivers32-x32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] ()
HKLM\...\Drivers32-x32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] ()
HKLM\...\Drivers32-x32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler)
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [190464 2018-04-11] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-11] (Google Inc.)
IFEO\GameOverlayUI.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Prompt.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Reporter.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Service.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Updater.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\steamerrorreporter.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\steamerrorreporter64.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\streaming_client.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\WriteMiniDump.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
Startup: C:\Users\TEISU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-01-14]
ShortcutTarget: MEGAsync.lnk -> C:\Users\TEISU\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
BootExecute: autocheck autochk /p \??\H:autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54
Tcpip\..\Interfaces\{4167736a-7f36-4818-8bbf-86e66ad16b9f}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4167736a-7f36-4818-8bbf-86e66ad16b9f}: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54
Tcpip\..\Interfaces\{6af20bf1-5e63-40eb-9733-efcc04e1f537}: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-06-12] (Microsoft Corporation)
BHO: NitroPDF.IE.Sharepoint -> {3BFAE61D-4A6D-4467-9E5E-FE5293D10F9F} -> C:\Program Files\Nitro\Pro\12\npnitroie.dll [2018-09-04] (Nitro Software, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-06-12] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-06-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro\12\npnitromozilla.dll [2018-09-04] (Nitro Software, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-09] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com.pe/
CHR StartupUrls: Default -> "hxxp://www.google.com.pe/","hxxp://www.facebook.com/","hxxp://www.youtube.com/","hxxp://www.google.com","hxxp://www.google.com/","hxxp://hxxps://www.google.com//?appId=77CFBE5B-B1D8-4724-A1D3-F94FB40EC6E0","hxxps://www.google.com/","hxxp://servidor/"
CHR Profile: C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default [2019-01-14]
CHR Extension: (Presentaciones) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-20]
CHR Extension: (Universal Bypass) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\aihomhdbhpnpmcnnbckjjcebjoikpihj [2019-01-14]
CHR Extension: (Documentos) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-20]
CHR Extension: (Google Drive) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-20]
CHR Extension: (WOT: Web of Trust, valoraciones de reputación de sitios web) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-08-20]
CHR Extension: (YouTube) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-20]
CHR Extension: (Hojas de cálculo) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-20]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (AdBlock) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-10]
CHR Extension: (Poper Blocker) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2018-09-17]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-20]
CHR Extension: (Gmail) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-14]
CHR Extension: (Audio Only Youtube) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkocpiliahoaohbolmkelakpiphnllog [2018-08-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3570792 2018-08-10] (Disc Soft Ltd)
S3 hpqwmiex; C:\Users\TEISU\AppData\Roaming\Hewlett-Packard\hpqwmiex.exe [794112 2018-08-21] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Corporation)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [279248 2018-10-18] (Synaptics Incorporated)
S4 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)
S4 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [356856 2018-08-20] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-10] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [13848 2018-10-18] (Advanced Micro Devices Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2018-10-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2018-08-21] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2018-08-21] (Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-10-18] (REALiX(tm))
R3 necbatt; C:\Windows\System32\drivers\necbatt.sys [54648 2018-10-18] (NEC Personal Computers, Ltd.)
R3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2018-04-11] (MediaTek Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1118648 2018-10-18] (Realtek )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46680 2018-12-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [330936 2018-12-10] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-10] (Microsoft Corporation)
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (Created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-14 22:07 - 2019-01-14 22:09 - 000017448 _____ C:\Users\TEISU\Downloads\FRST.txt
2019-01-14 22:05 - 2019-01-14 22:05 - 000000947 _____ C:\Users\TEISU\Desktop\JRT.txt
2019-01-14 21:30 - 2019-01-14 21:34 - 000002668 _____ C:\Users\TEISU\Desktop\Rkill.txt
2019-01-14 21:30 - 2019-01-14 21:30 - 000000000 ____D C:\Users\TEISU\Desktop\rkill
2019-01-14 21:29 - 2019-01-14 22:07 - 000000000 ____D C:\FRST
2019-01-14 21:29 - 2019-01-14 21:29 - 000000000 ____D C:\Users\TEISU\AppData\Local\mbam
2019-01-14 21:28 - 2019-01-14 21:46 - 000000000 ____D C:\AdwCleaner
2019-01-14 21:28 - 2019-01-14 21:28 - 000000000 ____D C:\Users\TEISU\AppData\Local\mbamtray
2019-01-14 21:26 - 2019-01-14 21:26 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-14 21:26 - 2019-01-14 21:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-14 21:26 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-01-14 21:25 - 2019-01-14 21:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-14 21:25 - 2019-01-14 21:25 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-14 21:24 - 2019-01-14 21:25 - 002427904 _____ (Farbar) C:\Users\TEISU\Downloads\FRST64.exe
2019-01-14 21:21 - 2019-01-14 21:23 - 007320272 _____ (Malwarebytes) C:\Users\TEISU\Downloads\adwcleaner_7.2.6.0.exe
2019-01-14 21:20 - 2019-01-14 21:21 - 001790024 _____ (Malwarebytes) C:\Users\TEISU\Downloads\JRT.exe
2019-01-14 21:12 - 2019-01-14 21:22 - 082234824 _____ (Malwarebytes ) C:\Users\TEISU\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.519-1.0.8770.exe
2019-01-14 21:12 - 2019-01-14 21:12 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\TEISU\Downloads\iExplore.exe
2019-01-14 21:04 - 2019-01-14 21:04 - 001573568 _____ C:\Users\TEISU\Downloads\SteamSetup (1).exe
2019-01-14 20:59 - 2019-01-14 21:01 - 019229160 _____ (Microsoft Corporation) C:\Users\TEISU\Downloads\MediaCreationTool1809.exe
2019-01-14 20:11 - 2019-01-14 21:50 - 000000000 ____D C:\Users\TEISU\AppData\LocalLow\uTorrent
2019-01-14 18:58 - 2019-01-14 18:58 - 000000000 ___HD C:\$WINDOWS.~BT
2019-01-14 18:29 - 2018-09-19 23:12 - 001483576 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2019-01-14 18:27 - 2019-01-14 18:27 - 000000000 ____D C:\Users\TEISU\AppData\Local\Tempzxpsign89d4b8673e45887f
2019-01-14 18:25 - 2019-01-14 18:25 - 000000034 _____ C:\Users\TEISU\AppData\Roaming\AdobeWLCMCache.dat
2019-01-11 14:45 - 2019-01-11 14:45 - 000000000 ____D C:\Users\TEISU\AppData\Local\Tempzxpsign55e545a6570a2040
2019-01-11 08:51 - 2019-01-11 10:06 - 166656204 _____ C:\Users\TEISU\Downloads\01 World-Line.flac
2019-01-11 02:10 - 2019-01-11 02:38 - 050496229 _____ C:\Users\TEISU\Downloads\01 World-Line.flac.crdownload
2019-01-11 02:04 - 2019-01-11 02:04 - 000083322 _____ C:\Users\TEISU\Downloads\El_Psy_Kongroo_archive.torrent
2019-01-11 01:58 - 2019-01-11 02:02 - 156208765 _____ C:\Users\TEISU\Downloads\lasto_gemu.zip
2019-01-11 01:35 - 2019-01-11 01:35 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1681801212-2571905260-2396515832-1001
2019-01-11 01:34 - 2019-01-11 01:35 - 000002401 _____ C:\Users\TEISU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-11 01:33 - 2019-01-11 01:55 - 436346530 ____R C:\Users\TEISU\Downloads\[ASL]_Abo_Takeshi_-_STEINS_GATE_0_Original_Soundtrack_-_Gate_Of_Steiner_[FLAC]_[w_Scans].rar
2019-01-11 01:05 - 2019-01-11 01:05 - 000003680 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-L9M6CMB-TEISU
2019-01-11 00:49 - 2019-01-02 14:41 - 000835480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-01-11 00:49 - 2019-01-02 14:41 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-09 22:04 - 2019-01-09 22:04 - 111551292 _____ C:\Users\TEISU\Downloads\[Maid-chan] Sayuri - Sore wa Chiisana Hikari no you na (ERASED ED Single).zip
2019-01-09 21:48 - 2019-01-09 21:55 - 067340241 _____ C:\Users\TEISU\Downloads\(SNKK) 40.rar
2019-01-09 21:33 - 2019-01-09 21:46 - 926572733 _____ C:\Users\TEISU\Downloads\Little Witch Academia Opening 96-24-bit.rar
2019-01-09 21:05 - 2019-01-09 21:16 - 030776385 _____ C:\Users\TEISU\Downloads\ZAQ_-_Caste_Room.rar
2019-01-09 20:57 - 2019-01-09 21:02 - 114468538 _____ C:\Users\TEISU\Downloads\Bakemonogatari OP 5 Single - sugar sweet nightmare.rar
2019-01-09 20:43 - 2019-01-09 20:44 - 251972004 _____ C:\Users\TEISU\Downloads\H58MR.zip
2019-01-09 20:35 - 2019-01-09 20:36 - 140280972 _____ C:\Users\TEISU\Downloads\_SoundFLAC__Kyoumen_no_Nami_OP.zip
2019-01-09 20:33 - 2019-01-14 21:57 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\uTorrent
2019-01-09 20:33 - 2019-01-09 20:33 - 000000896 _____ C:\Users\TEISU\Desktop\µTorrent.lnk
2019-01-09 20:33 - 2019-01-09 20:33 - 000000876 _____ C:\Users\TEISU\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2019-01-09 20:30 - 2019-01-09 20:31 - 002982880 _____ (BitTorrent Inc.) C:\Users\TEISU\Downloads\uTorrent.exe
2019-01-09 20:26 - 2019-01-09 20:29 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\qBittorrent
2019-01-09 20:26 - 2019-01-09 20:27 - 000000000 ____D C:\Users\TEISU\AppData\Local\qBittorrent
2019-01-09 20:26 - 2019-01-09 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2019-01-09 20:26 - 2019-01-09 20:26 - 000000000 ____D C:\Program Files\qBittorrent
2019-01-09 20:24 - 2019-01-09 20:25 - 023438713 _____ (The qBittorrent project) C:\Users\TEISU\Downloads\qbittorrent_4.1.5_x64_setup.exe
2019-01-09 20:06 - 2019-01-09 20:32 - 039316888 _____ C:\Users\TEISU\Downloads\Sin confirmar 236494.crdownload
2019-01-09 19:57 - 2019-01-09 19:57 - 108459306 _____ C:\Users\TEISU\Downloads\Fairy Tail OP03 Single - ft peaceball [funkist].zip
2019-01-09 19:37 - 2019-01-09 19:50 - 030873692 _____ C:\Users\TEISU\Downloads\LF_KgFM.rar
2019-01-09 19:23 - 2019-01-09 19:25 - 147787068 _____ C:\Users\TEISU\Downloads\Last Proof- ZAQ.rar
2019-01-09 19:10 - 2019-01-09 19:11 - 022368960 _____ C:\Users\TEISU\Downloads\HL_HRK_MR.zip
2019-01-09 19:06 - 2019-01-09 19:06 - 007549828 _____ C:\Users\TEISU\Downloads\Haruka Mirai.rar
2019-01-09 18:53 - 2019-01-09 18:55 - 038864824 _____ C:\Users\TEISU\Downloads\_2012.04.18__G_-_CD__S__-_eimusics.com.zip
2019-01-09 18:53 - 2019-01-01 08:46 - 012710912 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-09 18:53 - 2019-01-01 08:20 - 011902976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-01-09 18:53 - 2019-01-01 02:14 - 001029944 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-01-09 18:53 - 2019-01-01 02:13 - 000709728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-01-09 18:53 - 2019-01-01 02:13 - 000170808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-01-09 18:53 - 2019-01-01 02:12 - 009084216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-01-09 18:53 - 2019-01-01 02:12 - 007520104 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-01-09 18:53 - 2019-01-01 02:12 - 002765344 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-09 18:53 - 2019-01-01 01:47 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-01-09 18:53 - 2019-01-01 01:46 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-01-09 18:53 - 2019-01-01 01:45 - 007573504 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-01-09 18:53 - 2019-01-01 01:45 - 002368512 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-01-09 18:53 - 2019-01-01 01:43 - 001805312 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-09 18:53 - 2019-01-01 01:41 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-01-09 18:53 - 2019-01-01 01:37 - 006571584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-09 18:53 - 2019-01-01 01:37 - 002478664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2019-01-09 18:53 - 2019-01-01 01:37 - 002253696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-01-09 18:53 - 2019-01-01 01:37 - 001989040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-01-09 18:53 - 2019-01-01 01:16 - 005775872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-01-09 18:53 - 2019-01-01 01:16 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2019-01-09 18:53 - 2019-01-01 01:15 - 005307392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2019-01-09 18:53 - 2019-01-01 01:14 - 004514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-01-09 18:53 - 2019-01-01 01:13 - 001628160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-01-09 18:53 - 2018-12-14 02:10 - 001295360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2019-01-09 18:53 - 2018-12-14 02:07 - 000669696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-01-09 18:53 - 2018-12-14 01:55 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2019-01-09 18:53 - 2018-12-14 01:54 - 001307648 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2019-01-09 18:53 - 2018-12-14 01:52 - 002173440 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-01-09 18:53 - 2018-12-14 01:51 - 001551360 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-01-09 18:53 - 2018-12-14 01:50 - 000776192 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-01-09 18:53 - 2018-12-08 07:42 - 001634944 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-01-09 18:53 - 2018-12-08 07:40 - 001454648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-01-09 18:53 - 2018-12-08 07:23 - 003649024 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-01-09 18:53 - 2018-12-08 07:23 - 002892288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-01-09 18:53 - 2018-12-08 07:23 - 001856512 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2019-01-09 18:53 - 2018-12-08 07:22 - 001586176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2019-01-09 18:53 - 2018-12-08 03:06 - 001017168 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2019-01-09 18:53 - 2018-12-08 03:05 - 001935008 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-01-09 18:53 - 2018-12-08 03:05 - 000793592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2019-01-09 18:53 - 2018-12-08 03:05 - 000594224 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-01-09 18:53 - 2018-12-08 03:05 - 000413920 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-01-09 18:53 - 2018-12-08 03:04 - 002590296 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2019-01-09 18:53 - 2018-12-08 03:04 - 002371296 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2019-01-09 18:53 - 2018-12-08 03:04 - 001150312 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2019-01-09 18:53 - 2018-12-08 03:04 - 000604984 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-01-09 18:53 - 2018-12-08 03:04 - 000416024 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2019-01-09 18:53 - 2018-12-08 03:04 - 000413176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-01-09 18:53 - 2018-12-08 03:04 - 000375608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2019-01-09 18:53 - 2018-12-08 02:47 - 000861744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2019-01-09 18:53 - 2018-12-08 02:47 - 000785760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-01-09 18:53 - 2018-12-08 02:46 - 002331480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2019-01-09 18:53 - 2018-12-08 02:46 - 001397104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2019-01-09 18:53 - 2018-12-08 02:46 - 000457056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2019-01-09 18:53 - 2018-12-08 02:45 - 002307240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2019-01-09 18:53 - 2018-12-08 02:45 - 001805656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-01-09 18:53 - 2018-12-08 02:45 - 001011872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-01-09 18:53 - 2018-12-08 02:45 - 000567256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2019-01-09 18:53 - 2018-12-08 02:36 - 002364928 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2019-01-09 18:53 - 2018-12-08 02:36 - 001768448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-01-09 18:53 - 2018-12-08 02:34 - 000684544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-01-09 18:53 - 2018-12-08 02:32 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-01-09 18:53 - 2018-12-08 02:26 - 001348096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2019-01-09 18:53 - 2018-12-08 02:24 - 000533504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-01-09 18:53 - 2018-11-09 00:59 - 008623616 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-01-09 18:53 - 2018-11-09 00:56 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-01-09 18:53 - 2018-11-09 00:20 - 007987712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-01-09 18:53 - 2018-11-09 00:18 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-01-09 18:53 - 2018-11-09 00:17 - 000704000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2019-01-09 18:53 - 2018-11-08 21:49 - 000565048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2019-01-09 18:53 - 2018-11-08 21:48 - 001613288 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2019-01-09 18:53 - 2018-11-08 21:47 - 002571128 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-01-09 18:53 - 2018-11-08 21:21 - 004866560 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-01-09 18:53 - 2018-11-08 21:19 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-01-09 18:53 - 2018-11-08 21:16 - 002224640 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-01-09 18:53 - 2018-11-08 21:07 - 002417976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2019-01-09 18:53 - 2018-11-08 21:07 - 001299704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2019-01-09 18:53 - 2018-11-08 20:48 - 000550728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-01-09 18:53 - 2018-11-08 20:46 - 001980776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-01-09 18:53 - 2018-11-08 20:31 - 000094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2019-01-09 18:53 - 2018-11-08 20:29 - 003711488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-01-09 18:53 - 2018-11-08 20:29 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-01-09 18:53 - 2018-11-08 20:28 - 002900992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2019-01-09 18:52 - 2019-01-01 02:14 - 001221432 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-01-09 18:52 - 2019-01-01 02:13 - 003292152 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2019-01-09 18:52 - 2019-01-01 02:12 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-01-09 18:52 - 2019-01-01 02:12 - 002421288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-01-09 18:52 - 2019-01-01 02:12 - 000713272 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2019-01-09 18:52 - 2019-01-01 01:55 - 025856512 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-01-09 18:52 - 2019-01-01 01:50 - 022715392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-09 18:52 - 2019-01-01 01:50 - 004383744 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-01-09 18:52 - 2019-01-01 01:44 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2019-01-09 18:52 - 2019-01-01 01:44 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-01-09 18:52 - 2019-01-01 01:44 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-01-09 18:52 - 2019-01-01 01:42 - 004939776 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-09 18:52 - 2019-01-01 01:42 - 000717312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2019-01-09 18:52 - 2019-01-01 01:41 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2019-01-09 18:52 - 2019-01-01 01:29 - 022016512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-01-09 18:52 - 2019-01-01 01:22 - 019405312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-01-09 18:52 - 2019-01-01 01:15 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-01-09 18:52 - 2019-01-01 01:15 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2019-01-09 18:52 - 2019-01-01 01:14 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-01-09 18:52 - 2019-01-01 01:13 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2019-01-09 18:52 - 2018-12-14 02:29 - 001130760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2019-01-09 18:52 - 2018-12-14 02:21 - 001098064 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2019-01-09 18:52 - 2018-12-14 01:55 - 003396608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-01-09 18:52 - 2018-12-14 01:54 - 006032384 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2019-01-09 18:52 - 2018-12-08 07:42 - 004527800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-01-09 18:52 - 2018-12-08 07:41 - 002394960 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2019-01-09 18:52 - 2018-12-08 07:29 - 013572608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-01-09 18:52 - 2018-12-08 07:25 - 012500992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-01-09 18:52 - 2018-12-08 07:23 - 000503296 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2019-01-09 18:52 - 2018-12-08 07:22 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2019-01-09 18:52 - 2018-12-08 03:06 - 000491416 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-01-09 18:52 - 2018-12-08 03:05 - 002822656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-01-09 18:52 - 2018-12-08 03:05 - 001209888 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-01-09 18:52 - 2018-12-08 03:05 - 000706040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2019-01-09 18:52 - 2018-12-08 03:05 - 000130312 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
2019-01-09 18:52 - 2018-12-08 03:04 - 004404720 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-01-09 18:52 - 2018-12-08 03:04 - 001188512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-01-09 18:52 - 2018-12-08 03:04 - 000885760 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2019-01-09 18:52 - 2018-12-08 02:45 - 004789952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-01-09 18:52 - 2018-12-08 02:35 - 000623104 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2019-01-09 18:52 - 2018-12-08 02:33 - 002904064 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-01-09 18:52 - 2018-12-08 02:32 - 001032704 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2019-01-09 18:52 - 2018-11-09 00:55 - 000878592 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2019-01-09 18:52 - 2018-11-08 21:48 - 003179760 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2019-01-09 18:52 - 2018-11-08 21:21 - 000119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2019-01-09 18:52 - 2018-11-08 21:18 - 003320320 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2019-01-09 18:52 - 2018-11-08 21:17 - 001069568 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2019-01-09 18:51 - 2019-01-01 08:45 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\wlidcredprov.dll
2019-01-09 18:51 - 2019-01-01 08:43 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-01-09 18:51 - 2019-01-01 08:17 - 000231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcredprov.dll
2019-01-09 18:51 - 2019-01-01 02:14 - 001063224 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2019-01-09 18:51 - 2019-01-01 02:14 - 000566568 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-01-09 18:51 - 2019-01-01 02:14 - 000134968 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-01-09 18:51 - 2019-01-01 02:13 - 001363536 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2019-01-09 18:51 - 2019-01-01 02:12 - 000268304 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2019-01-09 18:51 - 2019-01-01 01:48 - 000342528 _____ (Microsoft Corporation) C:\Windows\system32\browserexport.exe
2019-01-09 18:51 - 2019-01-01 01:46 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2019-01-09 18:51 - 2019-01-01 01:42 - 002247680 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2019-01-09 18:51 - 2019-01-01 01:42 - 001371136 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2019-01-09 18:51 - 2019-01-01 01:37 - 000880048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2019-01-09 18:51 - 2019-01-01 01:16 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2019-01-09 18:51 - 2019-01-01 01:13 - 000594432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2019-01-09 18:51 - 2019-01-01 01:12 - 001036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2019-01-09 18:51 - 2018-12-14 02:25 - 001035256 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-01-09 18:51 - 2018-12-14 02:21 - 001457240 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-01-09 18:51 - 2018-12-14 02:21 - 001257672 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-01-09 18:51 - 2018-12-14 02:21 - 001140480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-01-09 18:51 - 2018-12-14 02:21 - 000982912 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-01-09 18:51 - 2018-12-14 01:52 - 001826816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2019-01-09 18:51 - 2018-12-08 07:48 - 000034104 _____ C:\Windows\system32\SyncAppvPublishingServer.exe
2019-01-09 18:51 - 2018-12-08 07:47 - 001786896 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2019-01-09 18:51 - 2018-12-08 07:47 - 001048712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2019-01-09 18:51 - 2018-12-08 07:47 - 000750096 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2019-01-09 18:51 - 2018-12-08 07:47 - 000652296 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2019-01-09 18:51 - 2018-12-08 07:47 - 000399880 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2019-01-09 18:51 - 2018-12-08 07:42 - 001616824 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-01-09 18:51 - 2018-12-08 07:28 - 006586880 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2019-01-09 18:51 - 2018-12-08 07:28 - 004708864 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2019-01-09 18:51 - 2018-12-08 07:27 - 005657600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2019-01-09 18:51 - 2018-12-08 03:12 - 000272408 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2019-01-09 18:51 - 2018-12-08 03:12 - 000269336 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2019-01-09 18:51 - 2018-12-08 03:07 - 005625352 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2019-01-09 18:51 - 2018-12-08 03:07 - 001328632 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2019-01-09 18:51 - 2018-12-08 03:06 - 000777512 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-01-09 18:51 - 2018-12-08 03:05 - 007436216 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-01-09 18:51 - 2018-12-08 03:04 - 001943328 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-01-09 18:51 - 2018-12-08 03:04 - 000260800 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-01-09 18:51 - 2018-12-08 03:04 - 000158624 _____ (Microsoft Corporation) C:\Windows\system32\vertdll.dll
2019-01-09 18:51 - 2018-12-08 02:46 - 000665224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-01-09 18:51 - 2018-12-08 02:46 - 000101192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
2019-01-09 18:51 - 2018-12-08 02:45 - 006043496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-01-09 18:51 - 2018-12-08 02:45 - 001620472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-01-09 18:51 - 2018-12-08 02:45 - 001379816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2019-01-09 18:51 - 2018-12-08 02:45 - 000356864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2019-01-09 18:51 - 2018-12-08 02:42 - 009084928 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2019-01-09 18:51 - 2018-12-08 02:41 - 007057408 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2019-01-09 18:51 - 2018-12-08 02:40 - 004710912 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2019-01-09 18:51 - 2018-12-08 02:38 - 003392000 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2019-01-09 18:51 - 2018-12-08 02:38 - 002739200 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2019-01-09 18:51 - 2018-12-08 02:37 - 002825728 _____ (Microsoft Corporation) C:\Windows\system32\MapGeocoder.dll
2019-01-09 18:51 - 2018-12-08 02:36 - 003381248 _____ (Microsoft Corporation) C:\Windows\system32\MapRouter.dll
2019-01-09 18:51 - 2018-12-08 02:36 - 003090432 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2019-01-09 18:51 - 2018-12-08 02:36 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2019-01-09 18:51 - 2018-12-08 02:35 - 002126336 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2019-01-09 18:51 - 2018-12-08 02:34 - 001023488 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
2019-01-09 18:51 - 2018-12-08 02:33 - 001457152 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2019-01-09 18:51 - 2018-12-08 02:33 - 001264640 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2019-01-09 18:51 - 2018-12-08 02:33 - 001058304 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2019-01-09 18:51 - 2018-12-08 02:33 - 000949248 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2019-01-09 18:51 - 2018-12-08 02:33 - 000823296 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2019-01-09 18:51 - 2018-12-08 02:32 - 001097728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2019-01-09 18:51 - 2018-12-08 02:30 - 006647296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2019-01-09 18:51 - 2018-12-08 02:30 - 002966528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2019-01-09 18:51 - 2018-12-08 02:29 - 005883904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2019-01-09 18:51 - 2018-12-08 02:29 - 002700288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2019-01-09 18:51 - 2018-12-08 02:28 - 002258944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2019-01-09 18:51 - 2018-12-08 02:28 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2019-01-09 18:51 - 2018-12-08 02:27 - 002449408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapRouter.dll
2019-01-09 18:51 - 2018-12-08 02:27 - 001986560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapGeocoder.dll
2019-01-09 18:51 - 2018-12-08 02:26 - 000848384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
2019-01-09 18:51 - 2018-12-08 02:25 - 000978944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2019-01-09 18:51 - 2018-12-08 02:25 - 000856576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2019-01-09 18:51 - 2018-12-08 02:25 - 000702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2019-01-09 18:51 - 2018-11-09 01:15 - 021388752 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-01-09 18:51 - 2018-11-09 00:55 - 001254400 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2019-01-09 18:51 - 2018-11-09 00:32 - 020383832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-01-09 18:51 - 2018-11-08 21:56 - 001213472 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2019-01-09 18:51 - 2018-11-08 21:49 - 000723416 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-01-09 18:51 - 2018-11-08 21:48 - 002719736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-01-09 18:51 - 2018-11-08 21:48 - 000899920 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2019-01-09 18:51 - 2018-11-08 21:48 - 000766704 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2019-01-09 18:51 - 2018-11-08 21:47 - 002062392 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2019-01-09 18:51 - 2018-11-08 21:47 - 001285432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2019-01-09 18:51 - 2018-11-08 21:47 - 000930616 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2019-01-09 18:51 - 2018-11-08 21:22 - 000185344 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2019-01-09 18:51 - 2018-11-08 21:21 - 001627136 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2019-01-09 18:51 - 2018-11-08 21:20 - 000399872 _____ (Microsoft Corporation) C:\Windows\system32\BthAvctpSvc.dll
2019-01-09 18:51 - 2018-11-08 21:18 - 001487360 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2019-01-09 18:51 - 2018-11-08 21:17 - 002584576 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2019-01-09 18:51 - 2018-11-08 21:16 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\lpasvc.dll
2019-01-09 18:51 - 2018-11-08 21:15 - 000943616 _____ (Microsoft Corporation) C:\Windows\system32\BingOnlineServices.dll
2019-01-09 18:51 - 2018-11-08 21:15 - 000933888 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2019-01-09 18:51 - 2018-11-08 21:15 - 000884224 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2019-01-09 18:51 - 2018-11-08 20:46 - 002161008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2019-01-09 18:51 - 2018-11-08 20:46 - 000829960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2019-01-09 18:51 - 2018-11-08 20:46 - 000721024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2019-01-09 18:51 - 2018-11-08 20:46 - 000573504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2019-01-09 18:51 - 2018-11-08 20:30 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2019-01-09 18:51 - 2018-11-08 20:26 - 001110528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2019-01-09 18:51 - 2018-11-08 20:26 - 000873472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2019-01-09 18:51 - 2018-11-08 20:25 - 000713216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingOnlineServices.dll
2019-01-09 18:50 - 2019-01-01 08:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2019-01-09 18:50 - 2019-01-01 08:47 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\windowslivelogin.dll
2019-01-09 18:50 - 2019-01-01 08:45 - 000714752 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2019-01-09 18:50 - 2019-01-01 08:20 - 000165888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windowslivelogin.dll
2019-01-09 18:50 - 2019-01-01 08:18 - 000500736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2019-01-09 18:50 - 2019-01-01 02:14 - 000076088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-01-09 18:50 - 2019-01-01 02:13 - 000436024 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-01-09 18:50 - 2019-01-01 02:12 - 000128824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2019-01-09 18:50 - 2019-01-01 02:12 - 000043536 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2019-01-09 18:50 - 2019-01-01 01:48 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-01-09 18:50 - 2019-01-01 01:48 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\Print.Workflow.Source.dll
2019-01-09 18:50 - 2019-01-01 01:47 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-01-09 18:50 - 2019-01-01 01:46 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 18:50 - 2019-01-01 01:45 - 000352768 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-01-09 18:50 - 2019-01-01 01:44 - 000662528 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2019-01-09 18:50 - 2019-01-01 01:44 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 18:50 - 2019-01-01 01:41 - 000899072 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-01-09 18:50 - 2019-01-01 01:41 - 000895488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 18:50 - 2019-01-01 01:37 - 000581808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2019-01-09 18:50 - 2019-01-01 01:37 - 000381240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-01-09 18:50 - 2019-01-01 01:17 - 000153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 18:50 - 2019-01-01 01:15 - 000317440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2019-01-09 18:50 - 2019-01-01 01:14 - 000330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 18:50 - 2019-01-01 01:12 - 000795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 18:50 - 2019-01-01 01:12 - 000778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-01-09 18:50 - 2019-01-01 01:12 - 000516608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
2019-01-09 18:50 - 2019-01-01 00:23 - 000001310 _____ C:\Windows\system32\tcbres.wim
2019-01-09 18:50 - 2018-12-18 23:49 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-01-09 18:50 - 2018-12-08 07:47 - 001627656 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2019-01-09 18:50 - 2018-12-08 07:47 - 001422864 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2019-01-09 18:50 - 2018-12-08 07:47 - 001038352 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2019-01-09 18:50 - 2018-12-08 07:47 - 000954384 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2019-01-09 18:50 - 2018-12-08 07:47 - 000830480 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2019-01-09 18:50 - 2018-12-08 07:47 - 000825352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2019-01-09 18:50 - 2018-12-08 07:47 - 000670224 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2019-01-09 18:50 - 2018-12-08 07:47 - 000645320 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-01-09 18:50 - 2018-12-08 07:47 - 000495632 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2019-01-09 18:50 - 2018-12-08 07:47 - 000258064 _____ (Microsoft Corporation) C:\Windows\system32\AppVFileSystemMetadata.dll
2019-01-09 18:50 - 2018-12-08 07:47 - 000231440 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe
2019-01-09 18:50 - 2018-12-08 07:47 - 000228368 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamMap.dll
2019-01-09 18:50 - 2018-12-08 07:47 - 000201744 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamingUX.dll
2019-01-09 18:50 - 2018-12-08 07:47 - 000180752 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe
2019-01-09 18:50 - 2018-12-08 07:47 - 000173072 _____ (Microsoft Corporation) C:\Windows\system32\AppVNice.exe
2019-01-09 18:50 - 2018-12-08 07:46 - 000549760 _____ (Microsoft Corporation) C:\Windows\system32\AppResolver.dll
2019-01-09 18:50 - 2018-12-08 07:43 - 000304144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssecflt.sys
2019-01-09 18:50 - 2018-12-08 07:41 - 000481880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-01-09 18:50 - 2018-12-08 07:39 - 000444416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppResolver.dll
2019-01-09 18:50 - 2018-12-08 07:27 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.SecureAssessment.dll
2019-01-09 18:50 - 2018-12-08 07:27 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storqosflt.sys
2019-01-09 18:50 - 2018-12-08 07:27 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\fdBth.dll
2019-01-09 18:50 - 2018-12-08 07:27 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdBth.dll
2019-01-09 18:50 - 2018-12-08 07:23 - 001661440 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-01-09 18:50 - 2018-12-08 07:23 - 000471040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2019-01-09 18:50 - 2018-12-08 07:22 - 001469952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-01-09 18:50 - 2018-12-08 03:12 - 000092688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2019-01-09 18:50 - 2018-12-08 03:06 - 000433168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-01-09 18:50 - 2018-12-08 03:06 - 000249088 _____ (Microsoft Corporation) C:\Windows\system32\weretw.dll
2019-01-09 18:50 - 2018-12-08 03:05 - 001018880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ClipSp.sys
2019-01-09 18:50 - 2018-12-08 03:05 - 000421176 _____ (Microsoft Corporation) C:\Windows\system32\xbgmengine.dll
2019-01-09 18:50 - 2018-12-08 03:05 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys
2019-01-09 18:50 - 2018-12-08 03:04 - 000527160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-01-09 18:50 - 2018-12-08 03:04 - 000335672 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2019-01-09 18:50 - 2018-12-08 03:04 - 000058168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\iorate.sys
2019-01-09 18:50 - 2018-12-08 02:45 - 000129296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-01-09 18:50 - 2018-12-08 02:39 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\wpnsruprov.dll
2019-01-09 18:50 - 2018-12-08 02:38 - 000419328 _____ (Microsoft Corporation) C:\Windows\system32\eeprov.dll
2019-01-09 18:50 - 2018-12-08 02:38 - 000310272 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
2019-01-09 18:50 - 2018-12-08 02:38 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageLiveTileTask.exe
2019-01-09 18:50 - 2018-12-08 02:38 - 000085504 _____ (Microsoft Corporation) C:\Windows\system32\LocationFrameworkInternalPS.dll
2019-01-09 18:50 - 2018-12-08 02:38 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcnfs.sys
2019-01-09 18:50 - 2018-12-08 02:38 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2019-01-09 18:50 - 2018-12-08 02:37 - 000395776 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2019-01-09 18:50 - 2018-12-08 02:37 - 000386048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Diagnostics.dll
2019-01-09 18:50 - 2018-12-08 02:37 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageHandlers.dll
2019-01-09 18:50 - 2018-12-08 02:37 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll
2019-01-09 18:50 - 2018-12-08 02:37 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\appsruprov.dll
2019-01-09 18:50 - 2018-12-08 02:37 - 000157696 _____ (Microsoft Corporation) C:\Windows\system32\energyprov.dll
2019-01-09 18:50 - 2018-12-08 02:37 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2019-01-09 18:50 - 2018-12-08 02:37 - 000099328 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
2019-01-09 18:50 - 2018-12-08 02:37 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2019-01-09 18:50 - 2018-12-08 02:36 - 000462336 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2019-01-09 18:50 - 2018-12-08 02:36 - 000356352 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
2019-01-09 18:50 - 2018-12-08 02:36 - 000227328 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2019-01-09 18:50 - 2018-12-08 02:36 - 000153600 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
2019-01-09 18:50 - 2018-12-08 02:36 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mmcss.sys
2019-01-09 18:50 - 2018-12-08 02:34 - 000884224 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2019-01-09 18:50 - 2018-12-08 02:34 - 000693248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2019-01-09 18:50 - 2018-12-08 02:34 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2019-01-09 18:50 - 2018-12-08 02:33 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2019-01-09 18:50 - 2018-12-08 02:32 - 000796672 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2019-01-09 18:50 - 2018-12-08 02:32 - 000406528 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2019-01-09 18:50 - 2018-12-08 02:30 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2019-01-09 18:50 - 2018-12-08 02:29 - 000311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Diagnostics.dll
2019-01-09 18:50 - 2018-12-08 02:29 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-01-09 18:50 - 2018-12-08 02:28 - 000288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-01-09 18:50 - 2018-12-08 02:27 - 000555008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2019-01-09 18:50 - 2018-12-08 02:27 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2019-01-09 18:50 - 2018-12-08 02:25 - 000729088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2019-01-09 18:50 - 2018-12-08 02:25 - 000145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2019-01-09 18:50 - 2018-12-08 02:24 - 000735744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2019-01-09 18:50 - 2018-12-08 02:24 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2019-01-09 18:50 - 2018-11-09 01:00 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll

#6
2019-01-09 18:50 - 2018-11-09 00:58 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2019-01-09 18:50 - 2018-11-09 00:57 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\sensrsvc.dll
2019-01-09 18:50 - 2018-11-09 00:56 - 000381952 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
2019-01-09 18:50 - 2018-11-09 00:56 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSoftwareInstallationClient.dll
2019-01-09 18:50 - 2018-11-09 00:54 - 001535488 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2019-01-09 18:50 - 2018-11-09 00:22 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-01-09 18:50 - 2018-11-09 00:19 - 000181248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2019-01-09 18:50 - 2018-11-09 00:18 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2019-01-09 18:50 - 2018-11-08 21:49 - 000368656 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2019-01-09 18:50 - 2018-11-08 21:48 - 000745472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2019-01-09 18:50 - 2018-11-08 21:48 - 000375296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2019-01-09 18:50 - 2018-11-08 21:47 - 000537912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2019-01-09 18:50 - 2018-11-08 21:22 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\winhttpcom.dll
2019-01-09 18:50 - 2018-11-08 21:21 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2019-01-09 18:50 - 2018-11-08 21:21 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-01-09 18:50 - 2018-11-08 21:20 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2019-01-09 18:50 - 2018-11-08 21:20 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2019-01-09 18:50 - 2018-11-08 21:20 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\tzautoupdate.dll
2019-01-09 18:50 - 2018-11-08 21:19 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2019-01-09 18:50 - 2018-11-08 21:18 - 000573952 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2019-01-09 18:50 - 2018-11-08 21:18 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\BTAGService.dll
2019-01-09 18:50 - 2018-11-08 21:18 - 000300032 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2019-01-09 18:50 - 2018-11-08 21:16 - 001225216 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2019-01-09 18:50 - 2018-11-08 21:16 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseAppMgmtSvc.dll
2019-01-09 18:50 - 2018-11-08 20:47 - 000295224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2019-01-09 18:50 - 2018-11-08 20:31 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-01-09 18:50 - 2018-11-08 20:30 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttpcom.dll
2019-01-09 18:50 - 2018-11-08 20:29 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2019-01-09 18:50 - 2018-11-08 20:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2019-01-09 18:50 - 2018-11-08 20:25 - 000705024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2019-01-09 18:45 - 2019-01-09 18:45 - 029881953 _____ C:\Users\TEISU\Downloads\Reason Living - Single.rar
2019-01-09 18:02 - 2019-01-09 18:02 - 243585109 _____ C:\Users\TEISU\Downloads\[2015.06.03] Aimer - Brave Shine [FLAC].rar
2019-01-09 17:52 - 2019-01-09 21:55 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\Mp3tag
2019-01-09 17:51 - 2019-01-09 17:51 - 000001052 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2019-01-09 17:51 - 2019-01-09 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2019-01-09 17:51 - 2019-01-09 17:51 - 000000000 ____D C:\Program Files (x86)\Mp3tag
2019-01-09 17:50 - 2019-01-09 17:50 - 003615720 _____ C:\Users\TEISU\Downloads\mp3tagv291setup (1).exe
2019-01-09 17:49 - 2019-01-09 17:50 - 003615720 _____ C:\Users\TEISU\Downloads\mp3tagv291setup.exe
2019-01-09 17:40 - 2019-01-09 17:42 - 121844680 _____ C:\Users\TEISU\Downloads\Los! Los! Los! (Youjo Senki ED Single).rar
2019-01-09 16:47 - 2019-01-09 16:47 - 000003462 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d4a85a5f3b7bdc

==================== One month (Modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-14 22:00 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-14 21:49 - 2018-08-20 06:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-14 21:47 - 2018-04-11 16:04 - 000524288 _____ C:\Windows\system32\config\BBI
2019-01-14 21:46 - 2018-11-29 21:57 - 000000000 ____D C:\Program Files (x86)\IObit
2019-01-14 21:46 - 2018-10-18 22:13 - 000000000 ____D C:\Users\TEISU\AppData\LocalLow\IObit
2019-01-14 21:46 - 2018-10-18 22:12 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\IObit
2019-01-14 21:46 - 2018-10-18 22:12 - 000000000 ____D C:\ProgramData\IObit
2019-01-14 21:07 - 2018-08-20 16:43 - 000001036 _____ C:\Users\Public\Desktop\Steam.lnk
2019-01-14 21:07 - 2018-08-20 16:43 - 000000000 ____D C:\Program Files (x86)\Steam
2019-01-14 20:59 - 2018-08-20 07:01 - 001768608 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-14 20:59 - 2018-04-12 11:19 - 000787846 _____ C:\Windows\system32\perfh00A.dat
2019-01-14 20:59 - 2018-04-12 11:19 - 000155442 _____ C:\Windows\system32\perfc00A.dat
2019-01-14 20:59 - 2018-04-11 18:36 - 000000000 ____D C:\Windows\INF
2019-01-14 20:47 - 2018-08-20 06:45 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-01-14 20:16 - 2018-04-11 18:30 - 000000000 ____D C:\Windows\CbsTemp
2019-01-14 20:05 - 2018-11-07 21:16 - 000004220 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FA5927E-6FBE-4138-AD1A-270CAD2EE621}
2019-01-14 19:36 - 2018-04-11 18:38 - 000000000 ____D C:\Windows\AppReadiness
2019-01-14 19:35 - 2018-08-20 14:40 - 000000000 ____D C:\Users\TEISU
2019-01-14 19:00 - 2018-08-20 07:42 - 000000000 ____D C:\Windows\Panther
2019-01-14 17:26 - 2018-08-21 00:50 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\vlc
2019-01-14 13:44 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-14 13:41 - 2018-09-20 21:51 - 000000000 ____D C:\Users\TEISU\AppData\Local\Adobe
2019-01-14 13:39 - 2018-09-11 08:34 - 000000000 ____D C:\Users\TEISU\Documents\MEGAsync Downloads
2019-01-11 01:35 - 2018-08-20 14:45 - 000000000 ___RD C:\Users\TEISU\OneDrive
2019-01-11 01:22 - 2018-08-20 16:31 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-11 01:22 - 2018-08-20 16:31 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-11 00:50 - 2018-08-20 14:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-01-11 00:50 - 2018-08-20 14:41 - 000000000 ___RD C:\Users\TEISU\3D Objects
2019-01-11 00:46 - 2018-08-20 06:45 - 000576888 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-09 22:15 - 2018-04-11 18:38 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2019-01-09 22:15 - 2018-04-11 18:38 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-01-09 22:15 - 2018-04-11 18:38 - 000000000 ____D C:\Windows\TextInput
2019-01-09 22:15 - 2018-04-11 18:38 - 000000000 ____D C:\Windows\ShellComponents
2019-01-09 22:15 - 2018-04-11 18:38 - 000000000 ____D C:\Windows\bcastdvr
2019-01-09 20:15 - 2018-09-11 09:33 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\uTorrent Web
2019-01-09 18:49 - 2018-08-20 16:01 - 000000000 ____D C:\Windows\system32\MRT
2019-01-09 18:41 - 2018-08-20 16:01 - 132790320 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-09 16:47 - 2018-08-20 16:28 - 000003556 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

==================== Files in the root of some directories =======

2019-01-14 18:25 - 2019-01-14 18:25 - 000000034 _____ () C:\Users\TEISU\AppData\Roaming\AdobeWLCMCache.dat
2018-11-29 23:39 - 2018-11-29 23:39 - 000000000 _____ () C:\Users\TEISU\AppData\Local\oobelibMkey.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-20 06:44

==================== End of FRST.txt ============================

#7
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.01.2019 01
Ran by TEISU (14-01-2019 22:11:44)
Running from C:\Users\TEISU\Downloads
Windows 10 Pro Version 1803 17134.523 (X64) (2018-08-20 11:59:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1681801212-2571905260-2396515832-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1681801212-2571905260-2396515832-503 - Limited - Disabled)
Invitado (S-1-5-21-1681801212-2571905260-2396515832-501 - Limited - Disabled)
TEISU (S-1-5-21-1681801212-2571905260-2396515832-1001 - Administrator - Enabled) => C:\Users\TEISU
WDAGUtilityAccount (S-1-5-21-1681801212-2571905260-2396515832-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\uTorrent) (Version: 3.5.5.44954 - BitTorrent Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Cheat Engine 6.8.1 (HKLM-x32\...\Cheat Engine 6.8.1_is1) (Version:  - Cheat Engine)
CPUID CPU-Z 1.86 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)
Crash Bandicoot N Sane Trilogy MULTi6 - ElAmigos versión 1.0 (HKLM-x32\...\{327BFB1B-E44E-4824-9EB7-EA92A8D3CAEC}_is1) (Version: 1.0 - Activision)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0544 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DriversCloud.com (64 bits) (HKLM\...\{A05439B0-F943-46C3-85B6-1C9D02A090E8}) (Version: 10.0.7.0 - Cybelsoft)
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
FormatFactory 4.4.1.0 (HKLM-x32\...\FormatFactory) (Version: 4.4.1.0 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HandBrake 1.1.2 (HKLM-x32\...\HandBrake) (Version: 1.1.2 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP 3D DriveGuard (HKLM\...\{E5D02167-DD50-4E8C-B9F9-992182E08D6B}) (Version: 4.2.9.1 - Hewlett-Packard Company)
K-Lite Mega Codec Pack 14.3.6 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.6 - KLCP)
League Displays (HKLM-x32\...\LolScreenSaver) (Version: W1.0.992-beta - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{449EFED6-5F86-4428-8EB2-3DA1F6E67CE4}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mp3tag v2.91 (HKLM-x32\...\Mp3tag) (Version: 2.91 - Florian Heidenreich)
Nitro Pro (HKLM\...\{43DA5F04-2863-475D-85F7-C333516500EE}) (Version: 12.4.0.259 - Nitro) Hidden
Nitro Pro (HKLM-x32\...\{efb7ce0c-d57d-4c71-9e88-052311f57dc1}) (Version: 12.4.0.259 - Nitro)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Ultimate Control versión 1.2 (HKLM-x32\...\{4D649577-47C2-4068-B7B8-09D1FEE7EF03}_is1) (Version: 1.2 - NEGU Soft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
uTorrent Web (HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\utweb) (Version: 0.18.2 - BitTorrent, Inc.)
VEGAS Pro 15.0 (HKLM\...\{E1FCD40F-7FC4-11E7-88AD-95BE57594EAC}) (Version: 15.0.177 - VEGAS)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
Wondershare Filmora(Build 8.7.5) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1681801212-2571905260-2396515832-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-11-30] (Florian Heidenreich)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro\12\NPShellExtension.dll [2018-09-04] (Nitro Software, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-08-10] (Disc Soft Ltd)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-11-30] (Florian Heidenreich)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-08-10] (Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-11-30] (Florian Heidenreich)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11105609-7836-4CA8-BDCC-882A9A64309E} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1681801212-2571905260-2396515832-1001 => C:\Users\TEISU\AppData\Local\MEGAsync\MEGAupdater.exe [2018-01-15] (Mega Limited)
Task: {383F9171-C340-4484-8AD1-E71B4F6C30E2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {41EAA745-8C90-4E18-B07B-E453A0294C21} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6EA7F5B8-3F2E-4311-9E8A-60EE2DF7E605} - System32\Tasks\GoogleUpdateTaskMachineCore1d4a85a5f3b7bdc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-20] (Google Inc.)
Task: {6F8581AF-1E45-41CA-97F4-355258ED3018} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-20] (Google Inc.)
Task: {77E4F339-D107-4C87-84FD-536649500C6C} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-L9M6CMB-TEISU => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {93765349-EAC0-4768-892D-50D2FA4B4C95} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {99C6FC24-00C8-4B5A-9BB6-1B6C2400EEAF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {A80D7BE0-5C66-425F-A3C4-C5F353A6EC11} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {B2ACD314-D33E-4455-A1D8-C0E68DE82E17} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-L9M6CMB-TEISU => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-12-13] (Adobe Systems, Incorporated)
Task: {C0305422-285A-4C5E-A5E1-9A8C74EA5975} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-20] (Google Inc.)
Task: {E51ED798-B24E-41F7-ADEA-D381C2060A44} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {F9594CB8-56AF-4379-868E-7B469C4A5C14} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-11 18:34 - 2018-04-11 18:34 - 000444416 _____ () c:\windows\system32\SSDM.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 000214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 000127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2019-01-09 18:51 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-09 18:52 - 2019-01-01 01:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-03 19:49 - 2018-10-03 20:03 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-13 22:39 - 2018-12-13 22:57 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-13 22:39 - 2018-12-13 22:57 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-01-11 01:21 - 2018-12-12 00:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2019-01-11 01:21 - 2018-12-12 00:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 18:38 - 2018-11-20 16:45 - 000001168 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 190.113.220.18 - 190.113.220.51
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "LeagueDisplays"
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\StartupApproved\Run: => "HiAlgoBOOST"
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\StartupApproved\Run: => "utweb"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4134CA93-A12E-42E5-B7BA-8F819F56EA56}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{438D607E-5113-459C-8DFD-2432DB71A873}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{FBAB75D0-908A-4C19-A5D2-0FA5FF2D57A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe (Supergiant Games)
FirewallRules: [{64ABCA0B-6A43-42FF-9A80-6D09F6059C99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe (Supergiant Games)
FirewallRules: [{235943F5-B2C9-4C00-99C1-39D4ABA5AE07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bayonetta\Bayonetta.exe ()
FirewallRules: [{97F7A5D4-F454-4C6A-9BFF-DCA0459D65FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bayonetta\Bayonetta.exe ()
FirewallRules: [{2DAAF901-D226-41D4-8331-79C9E02BEC31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Mesa\bms.exe ()
FirewallRules: [{2548BBF5-2700-471F-A8E9-C7AD568A5512}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Mesa\bms.exe ()
FirewallRules: [{C3BF75C8-41AD-4EE5-A812-40CB45B407A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe (Arkedo)
FirewallRules: [{6497C18F-FD9E-4660-B0C9-E21CE289B8F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe (Arkedo)
FirewallRules: [{DE9E23F7-3CFA-475F-A2B9-4AFEB6EDA4CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Last Remnant\Binaries\TLR.exe ()
FirewallRules: [{4D4F574D-B1E0-4B0D-B8CC-7B40FB748EA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Last Remnant\Binaries\TLR.exe ()
FirewallRules: [{BAC29A1F-19FE-481C-8C5A-F07A3860DBF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (NAMCO BANDAI Games)
FirewallRules: [{B6691828-7666-4B58-A4D2-EBA8E3327C0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (NAMCO BANDAI Games)
FirewallRules: [{C3086C64-AB7C-4784-BC95-EFFF6431DE7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe (Red Barrels Inc.)
FirewallRules: [{9EA0F721-D2D6-4ABF-BFE2-BF2FDFBD09B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe (Red Barrels Inc.)
FirewallRules: [{697BDA11-38EE-4ADF-8A11-AFDB52F8B8A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Silent Hill Homecoming\Bin\SilentHill.exe ()
FirewallRules: [{F736DF6B-4A0E-47EA-862E-49AF0D49F0FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Silent Hill Homecoming\Bin\SilentHill.exe ()
FirewallRules: [{503958E1-6234-4A70-96D8-4AA77005A739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tales of Berseria\Tales of Berseria.exe ()
FirewallRules: [{00A234B0-643F-4733-B7BB-13B4F0315986}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tales of Berseria\Tales of Berseria.exe ()
FirewallRules: [{99D8361A-F5CC-4CD6-8C4A-675E7BAAEE72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe (Telltale Games)
FirewallRules: [{F4AEFE48-C860-4C4C-8305-A1102E813383}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe (Telltale Games)
FirewallRules: [{BBE82460-8B37-4F67-B2A3-C2D71D4E90C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yume Nikki\yumenikki\RPG_RT.exe (KADOKAWA GAMES)
FirewallRules: [{31998F39-3BEF-4140-8211-F652E359A082}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yume Nikki\yumenikki\RPG_RT.exe (KADOKAWA GAMES)
FirewallRules: [{2B032AF6-C770-46E7-8AB9-24737147C8DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe ()
FirewallRules: [{178CCAC1-40B3-49A3-9888-0643774C5A09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe ()
FirewallRules: [{9922196F-90C5-4AB6-B33A-62B781A05D53}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Disc Soft Ltd)
FirewallRules: [{B8E0DCAA-9292-4745-B799-6895CBB0517B}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe (CybelSoft)
FirewallRules: [{C4572886-4F66-4D83-A964-D3706BE92320}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe (CybelSoft)
FirewallRules: [{6CED4BF7-1279-4195-B7C0-A811EA9CFCA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkness II\DarknessII.exe (Digital Extremes)
FirewallRules: [{A4CF964C-9B21-4AC7-BC64-B06A02E5BCA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkness II\DarknessII.exe (Digital Extremes)
FirewallRules: [TCP Query User{D83A06F6-A24E-4A16-B5D9-B7D92D1F54E5}C:\program files (x86)\ultimate control\ucontrol.exe] => (Allow) C:\program files (x86)\ultimate control\ucontrol.exe (NEGU Soft)
FirewallRules: [UDP Query User{5BD1B419-8A7D-4467-A54D-093E37CE533E}C:\program files (x86)\ultimate control\ucontrol.exe] => (Allow) C:\program files (x86)\ultimate control\ucontrol.exe (NEGU Soft)
FirewallRules: [TCP Query User{A5CDB5D5-F1A7-4AE4-806D-CB4FD099AAB0}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe (Red Barrels Inc.)
FirewallRules: [UDP Query User{9B79F11B-0E4A-4E1E-B078-6F6EE537F31A}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe (Red Barrels Inc.)
FirewallRules: [{81279733-A732-4634-8F26-659C2AD13610}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{6EF49A67-23B0-42DC-ADD9-195C3B2935F6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{FCD0D178-E1E0-480C-8BC8-D8560F7A6567}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve)
FirewallRules: [{71904C62-E4F0-4FEF-BAD2-9D324C7EF51F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve)
FirewallRules: [{91210136-61EE-4373-A639-00726F696914}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jotun\Jotun.exe ()
FirewallRules: [{4B273B8E-EB7B-4754-BF8C-7956A4718211}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jotun\Jotun.exe ()
FirewallRules: [{43A42C5F-6AAD-4531-868D-A82AEAE7398F}] => (Allow) C:\Users\TEISU\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc.)
FirewallRules: [{E8785B55-81E0-44EB-A040-E29378E79788}] => (Allow) C:\Users\TEISU\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc.)
FirewallRules: [{80E5D769-922A-4EC2-8B5F-F460269D569A}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation)
FirewallRules: [{D8256750-261A-4D5D-BEBC-CEC5B4E3679F}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation)
FirewallRules: [{544EF10B-CB30-4623-BE1D-5DFD97E5E164}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{CA147BBA-DC5C-4BF2-AF5E-4F2138E62553}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{100B4DEA-4668-48FF-9F28-A667DB282847}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd)
FirewallRules: [{1836930C-E6E1-4B34-97DC-953D8E33A18A}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd)
FirewallRules: [TCP Query User{9CFA109F-1A43-43B4-9C8F-1A672C2CDD57}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe ()
FirewallRules: [UDP Query User{100C4EE1-25C2-4807-958A-27173AE9673B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe ()
FirewallRules: [{CCB4481D-9742-48B7-8994-0617F3D24D46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.)
FirewallRules: [{1215E565-3C44-4445-99FC-6B2F0F92FE7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.)
FirewallRules: [{D1238CAC-54BF-4D82-8737-B88B1FEBBA4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe ()
FirewallRules: [{7AEF399A-DF81-433F-A08B-01DCCF943760}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe ()
FirewallRules: [{629DEFA8-20E7-41D3-936F-418392AD1204}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd.)
FirewallRules: [{DE2FB04C-DC4B-46FF-9A61-EE13CB23B80D}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd.)
FirewallRules: [{79D8300D-2D9E-4B78-867E-2564A3039B1F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe ()
FirewallRules: [{F055E335-6DD0-4A88-B586-693E750218F8}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe ()
FirewallRules: [{F8D894DD-86BC-4889-A586-77AA2C0A2FC2}] => (Allow) C:\Users\TEISU\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{97C672D2-9FA1-410D-B511-9B5B744A8CCB}] => (Allow) C:\Users\TEISU\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{BF1B7E91-ADFF-4D7B-9B8F-D344410087B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

==================== Restore Points =========================

13-12-2018 23:54:50 Windows Update
09-01-2019 18:37:34 Windows Update
14-01-2019 20:14:19 Windows Update
14-01-2019 21:55:56 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Adaptador de red 802.11n Broadcom
Description: Adaptador de red 802.11n Broadcom
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/14/2019 09:56:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (01/14/2019 09:07:15 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

Error: (01/14/2019 08:14:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (01/09/2019 06:39:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (12/13/2018 11:55:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (12/10/2018 05:39:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (12/08/2018 05:42:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (12/06/2018 02:09:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.


System errors:
=============
Error: (01/14/2019 10:06:20 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L9M6CMB)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-L9M6CMB\TEISU con SID (S-1-5-21-1681801212-2571905260-2396515832-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/14/2019 09:55:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/14/2019 09:54:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Administrador de mapas descargados no respondió después de iniciar.

Error: (01/14/2019 09:52:42 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L9M6CMB)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-L9M6CMB\TEISU con SID (S-1-5-21-1681801212-2571905260-2396515832-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/14/2019 09:50:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/14/2019 09:50:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/14/2019 09:50:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio iphlpsvc depende del servicio WinHttpAutoProxySvc, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (01/14/2019 09:48:04 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: Se activó el temporizador de vigilancia del sistema.


Windows Defender:
===================================
Date: 2018-12-10 17:51:01.892
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {7F98FC67-B195-4B94-B989-B852CF546660}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-11-21 22:10:13.678
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {087512DA-F697-4887-AE76-6A9E6F7D9F6B}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-11-20 11:30:13.242
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {E164E564-757F-453F-B333-6E1AC3292458}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-11-12 17:18:19.542
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {1F6345BB-4A9C-4B31-9449-686496FC77BC}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-11-09 08:38:51.440
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {D4FC3732-A34B-4B3C-BFFD-BC6805EAEFD5}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-01-09 15:21:06.197
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x80004005
Descripción del error: Error no especificado 
Motivo: El controlador de filtro no examinó los elementos y está en el modo indirecto. Esto puede deberse a recursos insuficientes.

Date: 2018-12-14 00:00:54.359
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.532.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-12-11 02:08:07.031
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.303.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-12-10 17:46:49.533
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.129.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2018-12-10 17:46:49.532
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.129.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

CodeIntegrity:
===================================

Date: 2018-10-19 08:17:51.738
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-19 08:17:51.729
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-19 08:17:51.719
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-19 08:17:51.674
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-19 08:17:51.664
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-19 08:17:51.622
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-09-20 09:58:24.460
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-09-20 09:58:24.437
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 52%
Total physical RAM: 3562.9 MB
Available physical RAM: 1707.05 MB
Total Virtual: 5994.9 MB
Available Virtual: 3908.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:300.1 GB) (Free:66.85 GB) NTFS
Drive d: () (Fixed) (Total:221.75 GB) (Free:213.89 GB) NTFS
Drive e: () (Fixed) (Total:0.1 GB) (Free:0.09 GB) NTFS

\\?\Volume{06ac259b-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 06AC259B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=300.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#8

Añado scan rkill por si las moscas

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2019 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/14/2019 09:30:41 PM in x64 mode.
Windows Version: Windows 10 Pro 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Advanced Explorer Setting Removed:  HideIcons [HKCU]

Backup Registry file created at:
 C:\Users\TEISU\Desktop\rkill\rkill-01-14-2019-09-30-45.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  127.0.0.1                   practivate.adobe.com
  127.0.0.1                   lmlicenses.wip4.adobe.com
  127.0.0.1                   lm.licenses.adobe.com
  127.0.0.1                   na1r.services.adobe.com
  127.0.0.1                   hlrcv.stage.adobe.com

Program finished at: 01/14/2019 09:34:03 PM
Execution time: 0 hours(s), 3 minute(s), and 22 seconds(s)

#9

Hola @Roberto94:

Bienvenido a esta nueva etapa de InfoSpyware…!!!

Hiciste todos los deberes!!!

Mientras analizo los reportes de FRST comenta como sientes el equipo luego de que todas las herramientas detectaran y eliminaran algo de tu Sistema.

Salu2.


#10

Por el momento steam se a abierto Cómo normalmente aria y se está actualizando. Con respecto al inicio de la pc, al ser vieja siempre a demorado más de 2 o 3 minutos en prenderse. Con respecto a la ejecucion de los programas a mejorado en algo (pero no significativamente ya que tengo sólo 4 gb de ram) Ya no se congela como hacía antes de pasar los programás.

Espero su respuesta :smile:


#11

Hola @Roberto94

1.- Una consulta tu desactivaste las notificaciones pera que ya Windows no te avise que te estas quedando sin espacio?

2.- Desinstala con Revo Uninstaller en su Modo Avanzado:

  • IObit\Advanced SystemCare

Manual de Revo Uninstaller.

3.- Realiza lo siguiente:

Descargaste FRST y lo ejecutaste desde una ubicación incorrecta:

C:\Users\TEISU\Downloads

FRST debe ser descargado y ejecutado desde el escritorio, corta el ejecutable de tu carpeta Descargas y luego pegarlo en el escritorio.

Luego abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\MountPoints2: {7f1eac41-a7eb-11e8-92c9-cc52afa91f31} - "I:\setup.exe" 
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
2019-01-09 20:06 - 2019-01-09 20:32 - 039316888 _____ C:\Users\TEISU\Downloads\Sin confirmar 236494.crdownload
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas como sigue el problema.

Salu2.


#12
  1. No, no suelo meterme con esa herramienta.
  2. Ya esta desinstalada hace mucho, igual use herramienta de limpieza por si las moscas.
  3. La pc inicia un poco mas rápido y no tengo tanto lag, se nota la mejora, todo funciona como debe.
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.01.2019 01
Ran by TEISU (15-01-2019 01:13:39) Run:1
Running from C:\Users\TEISU\Desktop
Loaded Profiles: TEISU (Available Profiles: TEISU)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\MountPoints2: {7f1eac41-a7eb-11e8-92c9-cc52afa91f31} - "I:\setup.exe" 
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
2019-01-09 20:06 - 2019-01-09 20:32 - 039316888 _____ C:\Users\TEISU\Downloads\Sin confirmar 236494.crdownload
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f1eac41-a7eb-11e8-92c9-cc52afa91f31} => removed successfully
HKLM\Software\Classes\CLSID\{7f1eac41-a7eb-11e8-92c9-cc52afa91f31} => not found
HKLM\System\CurrentControlSet\Services\cpuz143 => removed successfully
cpuz143 => service removed successfully
C:\Users\TEISU\Downloads\Sin confirmar 236494.crdownload => moved successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 12 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 13 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 14 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de red Bluetooth mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 12:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 13:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 14:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi 2:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   Direcci¢n IPv6 . . . . . . . . . . : 2800:200:f000:13f9:818b:b1c0:efc7:52b6
   Direcci¢n IPv6 temporal. . . . . . : 2800:200:f000:13f9:3996:4d84:a88e:13c
   V¡nculo: direcci¢n IPv6 local. . . : fe80::818b:b1c0:efc7:52b6%13
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.13
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : fe80::200:caff:fe11:2233%13
                                       192.168.0.1

Adaptador de Ethernet Conexi¢n de red Bluetooth:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to cancel {655EC806-B06C-4DC6-8B2E-E7CE1E5983D0}.
0 out of 1 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9723904 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21215637 B
Java, Flash, Steam htmlcache => 18547709 B
Windows/system/drivers => 15248635 B
Edge => 0 B
Chrome => 19226094 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 298892 B
NetworkService => 0 B
TEISU => 191416096 B

RecycleBin => 0 B
EmptyTemp: => 262.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:16:20 ====

#13

Hola:

Sobre el punto 2 aún hay muchos restos activos que no se eliminan con herramientas de limpieza, además comenta cual usaste.

Ejecuta nuevamente FRST como la primera vez y déjanos un reporte fresco.

Saludos


#16

Hola @Roberto94

Subiste los reportes y los eliminaste, algún problema? necesitas ayuda?

Salu2.


#17

Solo use ccleaner en ese momento y anoche la herramienta de limpieza del mismo revouninstaler. Al encender la laptop el sistema se actualizo, aquí los reportes. Borre los otros reportes ya que al actualizarse el sistema el reporte no seria actual y tal vez hasta de problemas al no ser actual.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.01.2019 01
Ran by TEISU (administrator) on DESKTOP-L9M6CMB (15-01-2019 23:17:23)
Running from C:\Users\TEISU\Desktop
Loaded Profiles: TEISU (Available Profiles: TEISU)
Platform: Windows 10 Pro Version 1809 17763.253 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\Run: [uTorrent] => C:\Users\TEISU\AppData\Roaming\uTorrent\uTorrent.exe [2003384 2019-01-09] (BitTorrent Inc.)
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3133216 2019-01-04] (Valve Corporation)
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( )
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [311296 2018-01-28] ()
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler)
HKLM\...\Drivers32-x32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project)
HKLM\...\Drivers32-x32: [VIDC.LAGS] => C:\WINDOWS\SysWOW64\lagarith.dll [216064 2011-12-07] ( )
HKLM\...\Drivers32-x32: [VIDC.XVID] => C:\WINDOWS\SysWOW64\xvidvfw.dll [284672 2018-01-28] ()
HKLM\...\Drivers32-x32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] ()
HKLM\...\Drivers32-x32: [msacm.ac3acm] => C:\WINDOWS\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-11] (Google Inc.)
IFEO\GameOverlayUI.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Prompt.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Reporter.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Service.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Updater.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\steamerrorreporter.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\steamerrorreporter64.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\streaming_client.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\WriteMiniDump.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
Startup: C:\Users\TEISU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-01-14]
ShortcutTarget: MEGAsync.lnk -> C:\Users\TEISU\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54
Tcpip\..\Interfaces\{4167736a-7f36-4818-8bbf-86e66ad16b9f}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4167736a-7f36-4818-8bbf-86e66ad16b9f}: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54
Tcpip\..\Interfaces\{6af20bf1-5e63-40eb-9733-efcc04e1f537}: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-06-12] (Microsoft Corporation)
BHO: NitroPDF.IE.Sharepoint -> {3BFAE61D-4A6D-4467-9E5E-FE5293D10F9F} -> C:\Program Files\Nitro\Pro\12\npnitroie.dll [2018-09-04] (Nitro Software, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-06-12] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-06-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro\12\npnitromozilla.dll [2018-09-04] (Nitro Software, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-09] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com.pe/
CHR StartupUrls: Default -> "hxxp://www.google.com.pe/","hxxp://www.facebook.com/","hxxp://www.youtube.com/","hxxp://www.google.com","hxxp://www.google.com/","hxxp://hxxps://www.google.com//?appId=77CFBE5B-B1D8-4724-A1D3-F94FB40EC6E0","hxxps://www.google.com/","hxxp://servidor/"
CHR Profile: C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default [2019-01-15]
CHR Extension: (Presentaciones) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-20]
CHR Extension: (Universal Bypass) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\aihomhdbhpnpmcnnbckjjcebjoikpihj [2019-01-14]
CHR Extension: (Documentos) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-20]
CHR Extension: (Google Drive) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-20]
CHR Extension: (YouTube) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-20]
CHR Extension: (Hojas de cálculo) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-20]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (Malwarebytes Browser Extension) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2019-01-15]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-20]
CHR Extension: (Gmail) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-14]
CHR Extension: (Audio Only Youtube) - C:\Users\TEISU\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkocpiliahoaohbolmkelakpiphnllog [2018-08-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3570792 2018-08-10] (Disc Soft Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381128 2019-01-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [279248 2018-10-18] (Synaptics Incorporated)
S4 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)
S4 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [356856 2018-08-20] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-10] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [13848 2018-10-18] (Advanced Micro Devices Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-08-21] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-08-21] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-10-18] (REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-01-14] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2019-01-15] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2019-01-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-15] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2019-01-15] (Malwarebytes)
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [54648 2018-10-18] (NEC Personal Computers, Ltd.)
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2018-09-15] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1118648 2018-10-18] (Realtek )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-10] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-10] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (Created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-15 23:17 - 2019-01-15 23:19 - 000016615 _____ C:\Users\TEISU\Desktop\FRST.txt
2019-01-15 21:21 - 2019-01-15 21:21 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-01-15 15:11 - 2019-01-02 14:48 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-15 15:11 - 2019-01-02 14:48 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-15 12:45 - 2019-01-15 12:45 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-15 12:45 - 2019-01-15 12:45 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-01-15 12:45 - 2019-01-15 12:45 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-01-15 12:40 - 2019-01-15 12:41 - 000000000 ____D C:\Program Files\AMD Quick Stream
2019-01-15 12:40 - 2019-01-15 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2019-01-15 12:32 - 2019-01-15 12:34 - 008847304 _____ (AppEx Networks ) C:\Users\TEISU\Downloads\abc.exe
2019-01-15 12:22 - 2019-01-15 12:22 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-01-15 12:18 - 2019-01-15 12:18 - 000000020 ___SH C:\Users\TEISU\ntuser.ini
2019-01-15 12:05 - 2019-01-15 19:11 - 000004220 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1FA5927E-6FBE-4138-AD1A-270CAD2EE621}
2019-01-15 12:05 - 2019-01-15 12:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-15 12:05 - 2019-01-15 12:06 - 000003484 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-15 12:05 - 2019-01-15 12:06 - 000002820 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-L9M6CMB-TEISU
2019-01-15 12:05 - 2019-01-15 12:06 - 000002774 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-L9M6CMB-TEISU
2019-01-15 12:05 - 2019-01-15 12:05 - 000003384 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-15 12:05 - 2019-01-15 12:05 - 000003290 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d4a85a5f3b7bdc
2019-01-15 12:05 - 2019-01-15 12:05 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1681801212-2571905260-2396515832-1001
2019-01-15 12:05 - 2019-01-15 12:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\MEGA
2019-01-15 12:04 - 2019-01-15 12:05 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2019-01-15 12:04 - 2019-01-15 12:05 - 000007623 _____ C:\WINDOWS\diagerr.xml
2019-01-15 11:51 - 2019-01-15 13:43 - 001773362 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-15 11:40 - 2019-01-15 11:40 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-01-15 11:35 - 2019-01-15 12:18 - 000000000 ____D C:\Users\TEISU
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\Reciente
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\Plantillas
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\Mis documentos
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\Menú Inicio
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\Impresoras
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\Entorno de red
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\Documents\Mis vídeos
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\Documents\Mis imágenes
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\Documents\Mi música
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\Datos de programa
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\Configuración local
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\AppData\Local\Historial
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\AppData\Local\Datos de programa
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 _SHDL C:\Users\TEISU\AppData\Local\Archivos temporales de Internet
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2019-01-15 11:35 - 2019-01-15 11:35 - 000000000 ____D C:\Program Files\ATI Technologies
2019-01-15 11:35 - 2019-01-15 11:31 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\ATI
2019-01-15 11:35 - 2019-01-15 11:31 - 000000000 ____D C:\Users\TEISU\AppData\Local\ATI
2019-01-15 11:35 - 2018-09-15 02:29 - 000001105 _____ C:\Users\TEISU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-15 11:31 - 2019-01-15 11:31 - 000000000 ____D C:\Users\Default\AppData\Roaming\ATI
2019-01-15 11:31 - 2019-01-15 11:31 - 000000000 ____D C:\Users\Default\AppData\Local\ATI
2019-01-15 11:31 - 2019-01-15 11:31 - 000000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2019-01-15 11:31 - 2019-01-15 11:31 - 000000000 ____D C:\Users\Default User\AppData\Local\ATI
2019-01-15 11:27 - 2019-01-15 11:27 - 000000000 ____D C:\ProgramData\USOShared
2019-01-15 11:27 - 2018-09-15 02:28 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-01-15 11:21 - 2019-01-15 22:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-15 11:21 - 2019-01-15 11:45 - 000609480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-15 09:27 - 2019-01-15 05:19 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2019-01-15 09:10 - 2019-01-15 09:27 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-01-15 08:48 - 2019-01-15 08:48 - 011724288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2019-01-15 08:48 - 2019-01-15 08:48 - 009941504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2019-01-15 08:48 - 2019-01-15 08:48 - 000301096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2019-01-15 08:48 - 2019-01-15 08:48 - 000241680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2019-01-15 08:48 - 2019-01-15 08:48 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2019-01-15 08:48 - 2019-01-15 08:48 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2019-01-15 08:48 - 2019-01-15 08:48 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2019-01-15 08:48 - 2019-01-15 08:48 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 007724776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 005440016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 005113008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 004918784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 003566080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 003550592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 002469648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 001294864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 001289400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 001282432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 001201136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 001073448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 001057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 000854784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 000763032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2019-01-15 08:47 - 2019-01-15 08:47 - 000454144 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2019-01-15 08:47 - 2019-01-15 08:47 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2019-01-15 08:47 - 2019-01-15 08:47 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-01-15 08:43 - 2019-01-15 08:43 - 002429752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-01-15 08:43 - 2019-01-15 08:43 - 002160160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-01-15 08:43 - 2019-01-15 08:43 - 001259000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-15 08:42 - 2019-01-15 08:42 - 024617472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 020811776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 019284992 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 019024384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 012151808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 006057984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 003744256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 002986352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 002883584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 001166336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2019-01-15 08:42 - 2019-01-15 08:42 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 001022464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000870400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000662528 ____R (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityCapture.Pipeline.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regedit.exe
2019-01-15 08:42 - 2019-01-15 08:42 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CastingShellExt.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000098816 ____R (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityCapture.Broker.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfts.dll
2019-01-15 08:42 - 2019-01-15 08:42 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 026806784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 023440384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 012858368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 007857152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 004886016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 003952952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 001749504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 001221528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-01-15 08:41 - 2019-01-15 08:41 - 001182720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2019-01-15 08:41 - 2019-01-15 08:41 - 001019392 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\regedit.exe
2019-01-15 08:41 - 2019-01-15 08:41 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastingShellExt.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfts.dll
2019-01-15 08:41 - 2019-01-15 08:41 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2019-01-15 08:40 - 2019-01-15 08:41 - 000492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 005585056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 004306432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 003577856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 002275896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 001506304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 001483264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 001467344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 000915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2019-01-15 08:40 - 2019-01-15 08:40 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintWorkflowService.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 015224832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 006925824 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 006544800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 006306152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 004765184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 003730352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-01-15 08:39 - 2019-01-15 08:39 - 003504640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 003427328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 003108864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 002927104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-01-15 08:39 - 2019-01-15 08:39 - 002893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 002832896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 002777432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 002702536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 002689536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 002626360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-15 08:39 - 2019-01-15 08:39 - 002346496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 002072384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001994768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001863168 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001720936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001711104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001699840 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001688576 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001675712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001674688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001672056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001590288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001476096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001456736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001360696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-01-15 08:39 - 2019-01-15 08:39 - 001294848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001279024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2019-01-15 08:39 - 2019-01-15 08:39 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001180760 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001162280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001097312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 001026992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000964976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-01-15 08:39 - 2019-01-15 08:39 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000782968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-01-15 08:39 - 2019-01-15 08:39 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000604248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.applicationmodel.datatransfer.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000535048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-01-15 08:39 - 2019-01-15 08:39 - 000514112 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-01-15 08:39 - 2019-01-15 08:39 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000430904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2019-01-15 08:39 - 2019-01-15 08:39 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000429056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-01-15 08:39 - 2019-01-15 08:39 - 000373768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-01-15 08:39 - 2019-01-15 08:39 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-01-15 08:39 - 2019-01-15 08:39 - 000252536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000176440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2019-01-15 08:39 - 2019-01-15 08:39 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000114344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000091640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2019-01-15 08:39 - 2019-01-15 08:39 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 022112072 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 005565440 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-01-15 08:38 - 2019-01-15 08:38 - 001969464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-01-15 08:38 - 2019-01-15 08:38 - 001819136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 001696216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-01-15 08:38 - 2019-01-15 08:38 - 001641616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 001466872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-01-15 08:38 - 2019-01-15 08:38 - 001395248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 001391096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2019-01-15 08:38 - 2019-01-15 08:38 - 001341376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-01-15 08:38 - 2019-01-15 08:38 - 001177632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-01-15 08:38 - 2019-01-15 08:38 - 001056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-01-15 08:38 - 2019-01-15 08:38 - 000515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_PCDisplay.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 000094224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys
2019-01-15 08:38 - 2019-01-15 08:38 - 000071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 009677352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-15 08:37 - 2019-01-15 08:37 - 004300800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 003662336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-01-15 08:37 - 2019-01-15 08:37 - 002879488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 001884672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 001830912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 001715712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 001671680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 001267712 _____ (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 001249792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000836096 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000566584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000151872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2019-01-15 08:37 - 2019-01-15 08:37 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-15 08:36 - 2019-01-15 08:36 - 017520640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 007645600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 005312512 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 004245280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-01-15 08:36 - 2019-01-15 08:36 - 003983360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 003380224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 003379000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-01-15 08:36 - 2019-01-15 08:36 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 003092480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 002843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 002630656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 002618880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 002488320 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-01-15 08:36 - 2019-01-15 08:36 - 002437552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll

#18
2019-01-15 08:36 - 2019-01-15 08:36 - 002186752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 002185728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001842600 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001824768 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001797128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001751560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001612808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001401864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001315840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001287776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001199104 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001058848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-01-15 08:36 - 2019-01-15 08:36 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-01-15 08:36 - 2019-01-15 08:36 - 001048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000863752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-01-15 08:36 - 2019-01-15 08:36 - 000828936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000818832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.applicationmodel.datatransfer.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000801792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000667152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000649736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000604336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-01-15 08:36 - 2019-01-15 08:36 - 000518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000495624 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-01-15 08:36 - 2019-01-15 08:36 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\eeprov.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-01-15 08:36 - 2019-01-15 08:36 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000294072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-01-15 08:36 - 2019-01-15 08:36 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000175096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2019-01-15 08:36 - 2019-01-15 08:36 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSrv.exe
2019-01-15 08:36 - 2019-01-15 08:36 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2019-01-15 08:36 - 2019-01-15 08:36 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000114648 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2019-01-15 08:36 - 2019-01-15 08:36 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000047112 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-15 08:36 - 2019-01-15 08:36 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnsruprov.dll
2019-01-15 08:36 - 2019-01-15 08:36 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2019-01-15 08:35 - 2019-01-15 08:35 - 007685016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 006132736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 005130752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 003556352 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 003338328 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 003270144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 002988544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 002929152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 002721792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-01-15 08:35 - 2019-01-15 08:35 - 002654208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 002594872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 002466304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 002149352 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 002021584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 001616384 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 001520208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 001496064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 001387496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 001255736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-15 08:35 - 2019-01-15 08:35 - 001212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 001051960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-01-15 08:35 - 2019-01-15 08:35 - 001050936 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-15 08:35 - 2019-01-15 08:35 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000897848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000854016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000850960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000756640 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-15 08:35 - 2019-01-15 08:35 - 000743432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000650040 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-01-15 08:35 - 2019-01-15 08:35 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000506408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000473616 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-01-15 08:35 - 2019-01-15 08:35 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000402576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000398416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000387384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000178696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-15 08:35 - 2019-01-15 08:35 - 000164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000140808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-15 08:35 - 2019-01-15 08:35 - 000102392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-01-15 08:35 - 2019-01-15 08:35 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-01-15 08:35 - 2019-01-15 08:35 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2019-01-15 08:35 - 2019-01-15 08:35 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mmcss.sys
2019-01-15 08:35 - 2019-01-15 08:35 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2019-01-15 08:35 - 2019-01-15 08:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-01-15 08:35 - 2019-01-15 08:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-01-15 08:35 - 2019-01-15 08:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-01-15 08:35 - 2019-01-15 08:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-01-15 08:35 - 2019-01-15 08:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-01-15 08:35 - 2019-01-15 08:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-01-15 08:35 - 2019-01-15 08:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-01-15 08:35 - 2019-01-15 08:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-01-15 08:35 - 2019-01-15 08:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-01-15 08:34 - 2019-01-15 08:34 - 001219584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-01-15 08:34 - 2019-01-15 08:34 - 000918304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2019-01-15 08:34 - 2019-01-15 08:34 - 000752128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-01-15 08:34 - 2019-01-15 08:34 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2019-01-15 08:34 - 2019-01-15 08:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-01-15 08:34 - 2019-01-15 08:34 - 000582240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2019-01-15 08:34 - 2019-01-15 08:34 - 000519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2019-01-15 08:34 - 2019-01-15 08:34 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-01-15 08:34 - 2019-01-15 08:34 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2019-01-15 08:34 - 2019-01-15 08:34 - 000306704 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-01-15 08:34 - 2019-01-15 08:34 - 000300024 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2019-01-15 08:34 - 2019-01-15 08:34 - 000298536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2019-01-15 08:34 - 2019-01-15 08:34 - 000193016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2019-01-15 08:34 - 2019-01-15 08:34 - 000164344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2019-01-15 08:34 - 2019-01-15 08:34 - 000130088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-01-15 08:34 - 2019-01-15 08:34 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2019-01-15 08:34 - 2019-01-15 08:34 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2019-01-15 08:34 - 2019-01-15 08:34 - 000083472 _____ (Microsoft Corporation) C:\WINDOWS\system32\vid.dll
2019-01-15 08:34 - 2019-01-15 08:34 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2019-01-15 08:34 - 2019-01-15 08:34 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2019-01-15 08:34 - 2019-01-15 08:34 - 000055608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2019-01-15 08:21 - 2019-01-15 08:23 - 000052524 _____ C:\Users\TEISU\Documents\Addition.txt
2019-01-15 08:17 - 2019-01-15 08:23 - 000074366 _____ C:\Users\TEISU\Documents\FRST.txt
2019-01-15 07:56 - 2019-01-15 07:56 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2019-01-15 07:56 - 2019-01-15 07:56 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-01-15 07:56 - 2019-01-15 07:56 - 000000000 ____D C:\Program Files\MSBuild
2019-01-15 07:56 - 2019-01-15 07:56 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-01-15 07:56 - 2019-01-15 07:56 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-01-15 07:52 - 2019-01-15 07:52 - 001167960 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2019-01-15 07:52 - 2019-01-15 07:52 - 000780376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2019-01-15 07:52 - 2019-01-15 07:52 - 000126064 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2019-01-15 07:52 - 2019-01-15 07:52 - 000104560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2019-01-15 07:52 - 2019-01-15 07:52 - 000036896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2019-01-15 07:52 - 2019-01-15 07:52 - 000035440 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2019-01-15 07:31 - 2019-01-15 07:31 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2019-01-15 07:01 - 2019-01-15 07:01 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-01-15 05:19 - 2019-01-15 12:17 - 000000000 ____D C:\Windows.old
2019-01-15 01:13 - 2019-01-15 01:16 - 000008956 _____ C:\Users\TEISU\Desktop\Fixlog.txt
2019-01-15 00:50 - 2019-01-15 05:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-01-15 00:50 - 2019-01-15 00:50 - 000001091 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-01-15 00:50 - 2019-01-15 00:50 - 000000000 ____D C:\Program Files\VS Revo Group
2019-01-15 00:48 - 2019-01-15 00:49 - 007127416 _____ (VS Revo Group ) C:\Users\TEISU\Downloads\revosetup.exe
2019-01-14 23:50 - 2019-01-15 00:03 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\Game
2019-01-14 23:50 - 2019-01-14 23:50 - 000000000 ____D C:\Users\Public\Documents\Steam
2019-01-14 22:46 - 2019-01-14 22:46 - 000127614 _____ C:\Users\TEISU\Desktop\ewe.txt
2019-01-14 22:19 - 2019-01-14 22:19 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-01-14 22:11 - 2019-01-14 22:16 - 000047108 _____ C:\Users\TEISU\Downloads\Addition.txt
2019-01-14 22:07 - 2019-01-14 22:16 - 000071950 _____ C:\Users\TEISU\Downloads\FRST.txt
2019-01-14 22:05 - 2019-01-14 22:05 - 000000947 _____ C:\Users\TEISU\Desktop\JRT.txt
2019-01-14 21:30 - 2019-01-14 21:34 - 000002668 _____ C:\Users\TEISU\Desktop\Rkill.txt
2019-01-14 21:30 - 2019-01-14 21:30 - 000000000 ____D C:\Users\TEISU\Desktop\rkill
2019-01-14 21:29 - 2019-01-15 23:17 - 000000000 ____D C:\FRST
2019-01-14 21:29 - 2019-01-14 21:29 - 000000000 ____D C:\Users\TEISU\AppData\Local\mbam
2019-01-14 21:28 - 2019-01-14 21:46 - 000000000 ____D C:\AdwCleaner
2019-01-14 21:28 - 2019-01-14 21:28 - 000000000 ____D C:\Users\TEISU\AppData\Local\mbamtray
2019-01-14 21:26 - 2019-01-15 05:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-14 21:26 - 2019-01-14 21:26 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-14 21:26 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-01-14 21:25 - 2019-01-14 21:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-14 21:25 - 2019-01-14 21:25 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-14 21:24 - 2019-01-14 21:25 - 002427904 _____ (Farbar) C:\Users\TEISU\Desktop\FRST64.exe
2019-01-14 21:21 - 2019-01-14 21:23 - 007320272 _____ (Malwarebytes) C:\Users\TEISU\Downloads\adwcleaner_7.2.6.0.exe
2019-01-14 21:20 - 2019-01-14 21:21 - 001790024 _____ (Malwarebytes) C:\Users\TEISU\Downloads\JRT.exe
2019-01-14 21:12 - 2019-01-14 21:22 - 082234824 _____ (Malwarebytes ) C:\Users\TEISU\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.519-1.0.8770.exe
2019-01-14 21:12 - 2019-01-14 21:12 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\TEISU\Downloads\iExplore.exe
2019-01-14 21:04 - 2019-01-14 21:04 - 001573568 _____ C:\Users\TEISU\Downloads\SteamSetup (1).exe
2019-01-14 20:59 - 2019-01-14 21:01 - 019229160 _____ (Microsoft Corporation) C:\Users\TEISU\Downloads\MediaCreationTool1809.exe
2019-01-14 20:11 - 2019-01-14 23:38 - 000000000 ____D C:\Users\TEISU\AppData\LocalLow\uTorrent
2019-01-14 18:58 - 2019-01-15 12:18 - 000000000 ___DC C:\WINDOWS\Panther
2019-01-14 18:27 - 2019-01-14 18:27 - 000000000 ____D C:\Users\TEISU\AppData\Local\Tempzxpsign89d4b8673e45887f
2019-01-14 18:25 - 2019-01-14 18:25 - 000000034 _____ C:\Users\TEISU\AppData\Roaming\AdobeWLCMCache.dat
2019-01-11 14:45 - 2019-01-11 14:45 - 000000000 ____D C:\Users\TEISU\AppData\Local\Tempzxpsign55e545a6570a2040
2019-01-11 08:51 - 2019-01-11 10:06 - 166656204 _____ C:\Users\TEISU\Downloads\01 World-Line.flac
2019-01-11 02:10 - 2019-01-11 02:38 - 050496229 _____ C:\Users\TEISU\Downloads\01 World-Line.flac.crdownload
2019-01-11 02:04 - 2019-01-11 02:04 - 000083322 _____ C:\Users\TEISU\Downloads\El_Psy_Kongroo_archive.torrent
2019-01-11 01:58 - 2019-01-11 02:02 - 156208765 _____ C:\Users\TEISU\Downloads\lasto_gemu.zip
2019-01-11 01:33 - 2019-01-11 01:55 - 436346530 ____R C:\Users\TEISU\Downloads\[ASL]_Abo_Takeshi_-_STEINS_GATE_0_Original_Soundtrack_-_Gate_Of_Steiner_[FLAC]_[w_Scans].rar
2019-01-09 22:04 - 2019-01-09 22:04 - 111551292 _____ C:\Users\TEISU\Downloads\[Maid-chan] Sayuri - Sore wa Chiisana Hikari no you na (ERASED ED Single).zip
2019-01-09 21:48 - 2019-01-09 21:55 - 067340241 _____ C:\Users\TEISU\Downloads\(SNKK) 40.rar
2019-01-09 21:33 - 2019-01-09 21:46 - 926572733 _____ C:\Users\TEISU\Downloads\Little Witch Academia Opening 96-24-bit.rar
2019-01-09 21:05 - 2019-01-09 21:16 - 030776385 _____ C:\Users\TEISU\Downloads\ZAQ_-_Caste_Room.rar
2019-01-09 20:57 - 2019-01-09 21:02 - 114468538 _____ C:\Users\TEISU\Downloads\Bakemonogatari OP 5 Single - sugar sweet nightmare.rar
2019-01-09 20:43 - 2019-01-09 20:44 - 251972004 _____ C:\Users\TEISU\Downloads\H58MR.zip
2019-01-09 20:35 - 2019-01-09 20:36 - 140280972 _____ C:\Users\TEISU\Downloads\_SoundFLAC__Kyoumen_no_Nami_OP.zip
2019-01-09 20:33 - 2019-01-15 00:07 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\uTorrent
2019-01-09 20:33 - 2019-01-09 20:33 - 000000896 _____ C:\Users\TEISU\Desktop\µTorrent.lnk
2019-01-09 20:33 - 2019-01-09 20:33 - 000000876 _____ C:\Users\TEISU\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2019-01-09 20:30 - 2019-01-09 20:31 - 002982880 _____ (BitTorrent Inc.) C:\Users\TEISU\Downloads\uTorrent.exe
2019-01-09 20:26 - 2019-01-15 05:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2019-01-09 20:26 - 2019-01-09 20:29 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\qBittorrent
2019-01-09 20:26 - 2019-01-09 20:27 - 000000000 ____D C:\Users\TEISU\AppData\Local\qBittorrent
2019-01-09 20:26 - 2019-01-09 20:26 - 000000000 ____D C:\Program Files\qBittorrent
2019-01-09 20:24 - 2019-01-09 20:25 - 023438713 _____ (The qBittorrent project) C:\Users\TEISU\Downloads\qbittorrent_4.1.5_x64_setup.exe
2019-01-09 19:57 - 2019-01-09 19:57 - 108459306 _____ C:\Users\TEISU\Downloads\Fairy Tail OP03 Single - ft peaceball [funkist].zip
2019-01-09 19:37 - 2019-01-09 19:50 - 030873692 _____ C:\Users\TEISU\Downloads\LF_KgFM.rar
2019-01-09 19:23 - 2019-01-09 19:25 - 147787068 _____ C:\Users\TEISU\Downloads\Last Proof- ZAQ.rar
2019-01-09 19:10 - 2019-01-09 19:11 - 022368960 _____ C:\Users\TEISU\Downloads\HL_HRK_MR.zip
2019-01-09 19:06 - 2019-01-09 19:06 - 007549828 _____ C:\Users\TEISU\Downloads\Haruka Mirai.rar
2019-01-09 18:53 - 2019-01-09 18:55 - 038864824 _____ C:\Users\TEISU\Downloads\_2012.04.18__G_-_CD__S__-_eimusics.com.zip
2019-01-09 18:45 - 2019-01-09 18:45 - 029881953 _____ C:\Users\TEISU\Downloads\Reason Living - Single.rar
2019-01-09 18:02 - 2019-01-09 18:02 - 243585109 _____ C:\Users\TEISU\Downloads\[2015.06.03] Aimer - Brave Shine [FLAC].rar
2019-01-09 17:52 - 2019-01-09 21:55 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\Mp3tag
2019-01-09 17:51 - 2019-01-15 05:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2019-01-09 17:51 - 2019-01-09 17:51 - 000001052 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2019-01-09 17:51 - 2019-01-09 17:51 - 000000000 ____D C:\Program Files (x86)\Mp3tag
2019-01-09 17:50 - 2019-01-09 17:50 - 003615720 _____ C:\Users\TEISU\Downloads\mp3tagv291setup (1).exe
2019-01-09 17:49 - 2019-01-09 17:50 - 003615720 _____ C:\Users\TEISU\Downloads\mp3tagv291setup.exe
2019-01-09 17:40 - 2019-01-09 17:42 - 121844680 _____ C:\Users\TEISU\Downloads\Los! Los! Los! (Youjo Senki ED Single).rar

==================== One month (Modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-15 23:10 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-15 22:05 - 2018-09-11 08:34 - 000000000 ____D C:\Users\TEISU\Documents\MEGAsync Downloads
2019-01-15 22:01 - 2018-08-21 00:50 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\vlc
2019-01-15 15:11 - 2018-09-15 02:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-15 15:05 - 2018-09-15 02:31 - 000000000 ____D C:\WINDOWS\INF
2019-01-15 13:44 - 2018-09-15 11:37 - 000789640 _____ C:\WINDOWS\system32\perfh00A.dat
2019-01-15 13:44 - 2018-09-15 11:37 - 000155894 _____ C:\WINDOWS\system32\perfc00A.dat
2019-01-15 13:16 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-15 13:07 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-15 12:49 - 2018-08-20 14:58 - 000000000 ____D C:\ProgramData\Packages
2019-01-15 12:49 - 2018-08-20 14:41 - 000000000 ____D C:\Users\TEISU\AppData\Local\Packages
2019-01-15 12:42 - 2018-09-15 01:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-15 12:19 - 2018-08-20 14:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-01-15 12:19 - 2018-08-20 14:41 - 000000000 ____D C:\Users\TEISU\AppData\Local\ConnectedDevicesPlatform
2019-01-15 12:18 - 2018-08-20 14:41 - 000000000 ___RD C:\Users\TEISU\3D Objects
2019-01-15 12:05 - 2018-09-15 02:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-01-15 12:05 - 2018-09-15 02:33 - 000000000 ____D C:\Program Files\windows nt
2019-01-15 12:05 - 2018-09-15 01:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-01-15 11:57 - 2018-09-15 02:33 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-01-15 11:54 - 2018-09-15 02:33 - 000000000 __RHD C:\Users\Public\Libraries
2019-01-15 11:49 - 2018-08-20 16:31 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-15 11:49 - 2018-08-20 16:31 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-15 11:45 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-01-15 11:42 - 2018-11-23 02:58 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2019-01-15 11:42 - 2018-11-20 19:19 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2019-01-15 11:42 - 2018-09-11 08:23 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2019-01-15 11:42 - 2018-08-21 11:12 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-01-15 11:42 - 2018-08-20 21:55 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-01-15 11:38 - 2018-09-12 22:38 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-01-15 11:34 - 2018-08-20 15:37 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2019-01-15 11:34 - 2018-08-20 15:25 - 000000000 ____D C:\ProgramData\Package Cache
2019-01-15 11:33 - 2018-08-20 15:26 - 000000000 ____D C:\ProgramData\AMD
2019-01-15 11:28 - 2018-08-20 15:24 - 000000000 ____D C:\AMD
2019-01-15 11:27 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\USOPrivate
2019-01-15 11:24 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ServiceState
2019-01-15 10:50 - 2018-09-15 02:36 - 000000000 ____D C:\WINDOWS\Setup
2019-01-15 09:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-01-15 09:31 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-01-15 09:28 - 2018-11-23 00:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS
2019-01-15 09:28 - 2018-10-25 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2019-01-15 09:28 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\Resources
2019-01-15 09:28 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\Help
2019-01-15 09:28 - 2018-08-20 20:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2019-01-15 09:28 - 2018-08-20 15:27 - 000000000 ____D C:\Program Files\Synaptics
2019-01-15 09:28 - 2018-08-20 15:24 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2019-01-15 09:00 - 2018-09-15 11:40 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-01-15 09:00 - 2018-09-15 11:40 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-01-15 09:00 - 2018-09-15 11:40 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-01-15 09:00 - 2018-09-15 02:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-01-15 09:00 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-15 09:00 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-01-15 09:00 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-01-15 09:00 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-01-15 09:00 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-01-15 09:00 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-01-15 09:00 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-15 07:58 - 2018-09-15 11:39 - 000000000 ____D C:\WINDOWS\OCR
2019-01-15 07:56 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-01-15 07:56 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-01-15 07:46 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\es-MX
2019-01-15 05:20 - 2018-09-15 02:31 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-01-15 05:19 - 2018-10-02 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.8.1
2019-01-15 05:19 - 2018-09-30 21:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit
2019-01-15 05:19 - 2018-09-25 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2019-01-15 05:19 - 2018-09-25 18:40 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office 2016
2019-01-15 05:19 - 2018-09-25 18:33 - 000000000 ____D C:\WINDOWS\SHELLNEW
2019-01-15 05:19 - 2018-09-20 22:08 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2019-01-15 05:19 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-01-15 05:19 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\spool
2019-01-15 05:19 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-01-15 05:19 - 2018-09-15 02:33 - 000000000 ____D C:\Program Files\Common Files\system
2019-01-15 05:19 - 2018-09-15 02:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-01-15 05:19 - 2018-08-29 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2019-01-15 05:19 - 2018-08-24 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crash Bandicoot N Sane Trilogy
2019-01-15 05:19 - 2018-08-24 03:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Control
2019-01-15 05:19 - 2018-08-21 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-01-15 05:19 - 2018-08-21 01:57 - 000000000 ____D C:\Program Files\Hewlett-Packard
2019-01-15 05:19 - 2018-08-21 01:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriversCloud.com
2019-01-15 05:19 - 2018-08-21 01:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2019-01-15 05:19 - 2018-08-20 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2019-01-15 05:19 - 2018-08-20 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2019-01-15 05:19 - 2018-08-20 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-01-15 05:19 - 2018-08-20 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2019-01-15 05:19 - 2018-08-20 15:35 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2019-01-15 05:19 - 2018-08-20 15:23 - 000000000 ____D C:\Program Files\AMD
2019-01-15 05:19 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-01-15 02:00 - 2018-09-20 21:51 - 000000000 ____D C:\Users\TEISU\AppData\Local\Adobe
2019-01-15 01:15 - 2018-11-07 21:27 - 000000000 ____D C:\Users\TEISU\AppData\LocalLow\Temp
2019-01-15 01:05 - 2018-08-20 16:43 - 000000000 ____D C:\Program Files (x86)\Steam
2019-01-14 21:46 - 2018-11-29 21:57 - 000000000 ____D C:\Program Files (x86)\IObit
2019-01-14 21:46 - 2018-10-18 22:13 - 000000000 ____D C:\Users\TEISU\AppData\LocalLow\IObit
2019-01-14 21:46 - 2018-10-18 22:12 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\IObit
2019-01-14 21:46 - 2018-10-18 22:12 - 000000000 ____D C:\ProgramData\IObit
2019-01-14 21:07 - 2018-08-20 16:43 - 000001036 _____ C:\Users\Public\Desktop\Steam.lnk
2019-01-11 01:35 - 2018-08-20 14:45 - 000000000 ___RD C:\Users\TEISU\OneDrive
2019-01-09 20:15 - 2018-09-11 09:33 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\uTorrent Web
2019-01-09 18:49 - 2018-08-20 16:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-09 18:41 - 2018-08-20 16:01 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2019-01-14 18:25 - 2019-01-14 18:25 - 000000034 _____ () C:\Users\TEISU\AppData\Roaming\AdobeWLCMCache.dat
2018-11-29 23:39 - 2018-11-29 23:39 - 000000000 _____ () C:\Users\TEISU\AppData\Local\oobelibMkey.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

#19
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.01.2019 01
Ran by TEISU (15-01-2019 23:21:17)
Running from C:\Users\TEISU\Desktop
Windows 10 Pro Version 1809 17763.253 (X64) (2019-01-15 17:17:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1681801212-2571905260-2396515832-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1681801212-2571905260-2396515832-503 - Limited - Disabled)
Invitado (S-1-5-21-1681801212-2571905260-2396515832-501 - Limited - Disabled)
TEISU (S-1-5-21-1681801212-2571905260-2396515832-1001 - Administrator - Enabled) => C:\Users\TEISU
WDAGUtilityAccount (S-1-5-21-1681801212-2571905260-2396515832-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\uTorrent) (Version: 3.5.5.44954 - BitTorrent Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Cheat Engine 6.8.1 (HKLM-x32\...\Cheat Engine 6.8.1_is1) (Version:  - Cheat Engine)
CPUID CPU-Z 1.86 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)
Crash Bandicoot N Sane Trilogy MULTi6 - ElAmigos versión 1.0 (HKLM-x32\...\{327BFB1B-E44E-4824-9EB7-EA92A8D3CAEC}_is1) (Version: 1.0 - Activision)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0544 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DriversCloud.com (64 bits) (HKLM\...\{A05439B0-F943-46C3-85B6-1C9D02A090E8}) (Version: 10.0.7.0 - Cybelsoft)
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
FormatFactory 4.4.1.0 (HKLM-x32\...\FormatFactory) (Version: 4.4.1.0 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HandBrake 1.1.2 (HKLM-x32\...\HandBrake) (Version: 1.1.2 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP 3D DriveGuard (HKLM\...\{E5D02167-DD50-4E8C-B9F9-992182E08D6B}) (Version: 4.2.9.1 - Hewlett-Packard Company)
K-Lite Mega Codec Pack 14.3.6 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.6 - KLCP)
League Displays (HKLM-x32\...\LolScreenSaver) (Version: W1.0.992-beta - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{449EFED6-5F86-4428-8EB2-3DA1F6E67CE4}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mp3tag v2.91 (HKLM-x32\...\Mp3tag) (Version: 2.91 - Florian Heidenreich)
Nitro Pro (HKLM\...\{43DA5F04-2863-475D-85F7-C333516500EE}) (Version: 12.4.0.259 - Nitro) Hidden
Nitro Pro (HKLM-x32\...\{efb7ce0c-d57d-4c71-9e88-052311f57dc1}) (Version: 12.4.0.259 - Nitro)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Ultimate Control versión 1.2 (HKLM-x32\...\{4D649577-47C2-4068-B7B8-09D1FEE7EF03}_is1) (Version: 1.2 - NEGU Soft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
uTorrent Web (HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\utweb) (Version: 0.18.2 - BitTorrent, Inc.)
VEGAS Pro 15.0 (HKLM\...\{E1FCD40F-7FC4-11E7-88AD-95BE57594EAC}) (Version: 15.0.177 - VEGAS)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
Wondershare Filmora(Build 8.7.5) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1681801212-2571905260-2396515832-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-11-30] (Florian Heidenreich)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro\12\NPShellExtension.dll [2018-09-04] (Nitro Software, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-08-10] (Disc Soft Ltd)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-11-30] (Florian Heidenreich)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-08-10] (Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-11-30] (Florian Heidenreich)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11105609-7836-4CA8-BDCC-882A9A64309E} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1681801212-2571905260-2396515832-1001 => C:\Users\TEISU\AppData\Local\MEGAsync\MEGAupdater.exe [2018-01-15] (Mega Limited)
Task: {383F9171-C340-4484-8AD1-E71B4F6C30E2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {42A11D3B-81FE-4DB3-97CF-F34D690F0CA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {6EA7F5B8-3F2E-4311-9E8A-60EE2DF7E605} - System32\Tasks\GoogleUpdateTaskMachineCore1d4a85a5f3b7bdc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-20] (Google Inc.)
Task: {6F8581AF-1E45-41CA-97F4-355258ED3018} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-20] (Google Inc.)
Task: {77E4F339-D107-4C87-84FD-536649500C6C} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-L9M6CMB-TEISU => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {93765349-EAC0-4768-892D-50D2FA4B4C95} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {99C6FC24-00C8-4B5A-9BB6-1B6C2400EEAF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {9AEF2824-0EA0-40C1-92A9-553B37E2D209} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {AD43192F-0965-4B9E-89FB-5AC192C61391} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {B2ACD314-D33E-4455-A1D8-C0E68DE82E17} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-L9M6CMB-TEISU => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-12-13] (Adobe Systems, Incorporated)
Task: {C0305422-285A-4C5E-A5E1-9A8C74EA5975} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-20] (Google Inc.)
Task: {CC14A71B-25E0-48C9-ADDD-C0873BA0A5E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {E39F8E32-F4B6-44B2-B8AF-D84A6CFEB7B8} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-09-15] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-09-15 02:28 - 2018-09-15 02:28 - 000449536 _____ () c:\windows\system32\SSDM.dll
2015-08-21 22:09 - 2015-08-21 22:09 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-08-21 22:09 - 2015-08-21 22:09 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2019-01-14 21:26 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2019-01-14 21:26 - 2018-11-21 11:07 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-09-15 02:28 - 2018-09-15 02:28 - 000834088 _____ () C:\Windows\System32\InputHost.dll
2017-10-18 16:51 - 2017-10-18 16:51 - 000598528 _____ () C:\Users\TEISU\AppData\Local\MEGAsync\ShellExtX64.dll
2018-09-15 02:28 - 2018-09-15 02:28 - 000474624 _____ () C:\Windows\ShellExperiences\TileControl.dll
2019-01-15 08:38 - 2019-01-15 08:38 - 002801152 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-09-15 02:28 - 2018-09-15 02:28 - 001740288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-03 19:49 - 2018-10-03 20:03 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-13 22:39 - 2018-12-13 22:57 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-13 22:39 - 2018-12-13 22:57 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-01-15 13:05 - 2019-01-15 13:05 - 005172224 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\YourPhone.exe
2019-01-15 13:05 - 2019-01-15 13:05 - 002172928 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\YourPhone.AppCore.dll
2019-01-15 13:05 - 2019-01-15 13:05 - 001795584 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\PhoneContentDataStore.dll
2018-10-29 20:00 - 2018-10-29 20:07 - 001004032 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2019-01-15 13:05 - 2019-01-15 13:05 - 002907136 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\PhoneCommunicationAppService.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-01-15 01:15 - 2019-01-15 01:15 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 190.113.220.18 - 190.113.220.51
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "LeagueDisplays"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\StartupApproved\Run: => "HiAlgoBOOST"
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{371A2C79-90EC-4B9D-BCDF-554C8A602D34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe ()
FirewallRules: [{5D5C3B28-CCA7-477F-A0F0-D1C5DAF51A9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe ()
FirewallRules: [UDP Query User{7647AF6C-8F86-4C91-9A65-9A02EB916853}C:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe] => (Allow) C:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe ()
FirewallRules: [TCP Query User{5D8CD318-F37E-4D16-BB12-5BF9BF8C91F2}C:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe] => (Allow) C:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe ()
FirewallRules: [{BF1B7E91-ADFF-4D7B-9B8F-D344410087B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{97C672D2-9FA1-410D-B511-9B5B744A8CCB}] => (Allow) C:\Users\TEISU\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{F8D894DD-86BC-4889-A586-77AA2C0A2FC2}] => (Allow) C:\Users\TEISU\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{F055E335-6DD0-4A88-B586-693E750218F8}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe ()
FirewallRules: [{79D8300D-2D9E-4B78-867E-2564A3039B1F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe ()
FirewallRules: [{DE2FB04C-DC4B-46FF-9A61-EE13CB23B80D}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd.)
FirewallRules: [{629DEFA8-20E7-41D3-936F-418392AD1204}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd.)
FirewallRules: [{1215E565-3C44-4445-99FC-6B2F0F92FE7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.)
FirewallRules: [{CCB4481D-9742-48B7-8994-0617F3D24D46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.)
FirewallRules: [UDP Query User{100C4EE1-25C2-4807-958A-27173AE9673B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe ()
FirewallRules: [TCP Query User{9CFA109F-1A43-43B4-9C8F-1A672C2CDD57}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe ()
FirewallRules: [{1836930C-E6E1-4B34-97DC-953D8E33A18A}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd)
FirewallRules: [{100B4DEA-4668-48FF-9F28-A667DB282847}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd)
FirewallRules: [{CA147BBA-DC5C-4BF2-AF5E-4F2138E62553}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{544EF10B-CB30-4623-BE1D-5DFD97E5E164}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{D8256750-261A-4D5D-BEBC-CEC5B4E3679F}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation)
FirewallRules: [{80E5D769-922A-4EC2-8B5F-F460269D569A}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation)
FirewallRules: [{E8785B55-81E0-44EB-A040-E29378E79788}] => (Allow) C:\Users\TEISU\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc.)
FirewallRules: [{43A42C5F-6AAD-4531-868D-A82AEAE7398F}] => (Allow) C:\Users\TEISU\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc.)
FirewallRules: [{4B273B8E-EB7B-4754-BF8C-7956A4718211}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jotun\Jotun.exe ()
FirewallRules: [{91210136-61EE-4373-A639-00726F696914}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jotun\Jotun.exe ()
FirewallRules: [{71904C62-E4F0-4FEF-BAD2-9D324C7EF51F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve)
FirewallRules: [{FCD0D178-E1E0-480C-8BC8-D8560F7A6567}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve)
FirewallRules: [{6EF49A67-23B0-42DC-ADD9-195C3B2935F6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{81279733-A732-4634-8F26-659C2AD13610}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [UDP Query User{9B79F11B-0E4A-4E1E-B078-6F6EE537F31A}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe (Red Barrels Inc.)
FirewallRules: [TCP Query User{A5CDB5D5-F1A7-4AE4-806D-CB4FD099AAB0}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe (Red Barrels Inc.)
FirewallRules: [UDP Query User{5BD1B419-8A7D-4467-A54D-093E37CE533E}C:\program files (x86)\ultimate control\ucontrol.exe] => (Allow) C:\program files (x86)\ultimate control\ucontrol.exe (NEGU Soft)
FirewallRules: [TCP Query User{D83A06F6-A24E-4A16-B5D9-B7D92D1F54E5}C:\program files (x86)\ultimate control\ucontrol.exe] => (Allow) C:\program files (x86)\ultimate control\ucontrol.exe (NEGU Soft)
FirewallRules: [{A4CF964C-9B21-4AC7-BC64-B06A02E5BCA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkness II\DarknessII.exe (Digital Extremes)
FirewallRules: [{6CED4BF7-1279-4195-B7C0-A811EA9CFCA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkness II\DarknessII.exe (Digital Extremes)
FirewallRules: [{C4572886-4F66-4D83-A964-D3706BE92320}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe (CybelSoft)
FirewallRules: [{B8E0DCAA-9292-4745-B799-6895CBB0517B}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe (CybelSoft)
FirewallRules: [{9922196F-90C5-4AB6-B33A-62B781A05D53}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Disc Soft Ltd)
FirewallRules: [{178CCAC1-40B3-49A3-9888-0643774C5A09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe ()
FirewallRules: [{2B032AF6-C770-46E7-8AB9-24737147C8DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe ()
FirewallRules: [{31998F39-3BEF-4140-8211-F652E359A082}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yume Nikki\yumenikki\RPG_RT.exe (KADOKAWA GAMES)
FirewallRules: [{BBE82460-8B37-4F67-B2A3-C2D71D4E90C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yume Nikki\yumenikki\RPG_RT.exe (KADOKAWA GAMES)
FirewallRules: [{F4AEFE48-C860-4C4C-8305-A1102E813383}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe (Telltale Games)
FirewallRules: [{99D8361A-F5CC-4CD6-8C4A-675E7BAAEE72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe (Telltale Games)
FirewallRules: [{00A234B0-643F-4733-B7BB-13B4F0315986}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tales of Berseria\Tales of Berseria.exe ()
FirewallRules: [{503958E1-6234-4A70-96D8-4AA77005A739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tales of Berseria\Tales of Berseria.exe ()
FirewallRules: [{F736DF6B-4A0E-47EA-862E-49AF0D49F0FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Silent Hill Homecoming\Bin\SilentHill.exe ()
FirewallRules: [{697BDA11-38EE-4ADF-8A11-AFDB52F8B8A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Silent Hill Homecoming\Bin\SilentHill.exe ()
FirewallRules: [{9EA0F721-D2D6-4ABF-BFE2-BF2FDFBD09B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe (Red Barrels Inc.)
FirewallRules: [{C3086C64-AB7C-4784-BC95-EFFF6431DE7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe (Red Barrels Inc.)
FirewallRules: [{B6691828-7666-4B58-A4D2-EBA8E3327C0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (NAMCO BANDAI Games)
FirewallRules: [{BAC29A1F-19FE-481C-8C5A-F07A3860DBF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (NAMCO BANDAI Games)
FirewallRules: [{4D4F574D-B1E0-4B0D-B8CC-7B40FB748EA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Last Remnant\Binaries\TLR.exe ()
FirewallRules: [{DE9E23F7-3CFA-475F-A2B9-4AFEB6EDA4CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Last Remnant\Binaries\TLR.exe ()
FirewallRules: [{6497C18F-FD9E-4660-B0C9-E21CE289B8F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe (Arkedo)
FirewallRules: [{C3BF75C8-41AD-4EE5-A812-40CB45B407A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe (Arkedo)
FirewallRules: [{2548BBF5-2700-471F-A8E9-C7AD568A5512}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Mesa\bms.exe ()
FirewallRules: [{2DAAF901-D226-41D4-8331-79C9E02BEC31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Mesa\bms.exe ()
FirewallRules: [{64ABCA0B-6A43-42FF-9A80-6D09F6059C99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe (Supergiant Games)
FirewallRules: [{FBAB75D0-908A-4C19-A5D2-0FA5FF2D57A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe (Supergiant Games)
FirewallRules: [{438D607E-5113-459C-8DFD-2432DB71A873}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{4134CA93-A12E-42E5-B7BA-8F819F56EA56}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

==================== Restore Points =========================

15-01-2019 15:02:58 Windows Update

==================== Faulty Device Manager Devices =============

Name: Adaptador de red 802.11n Broadcom
Description: Adaptador de red 802.11n Broadcom
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2019 03:03:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (01/15/2019 12:45:37 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows no puede cargar el archivo de Registro de clases.
 DETALLE: El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.

Error: (01/15/2019 12:45:37 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows no pudo cargar el Registro. A menudo este problema se debe a una memoria o derechos de seguridad insuficientes. 

 DETALLE - El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
 para C:\Users\TEISU\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (01/15/2019 12:21:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa MicrosoftEdge.exe (versión 11.0.17763.253) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

Id. de proceso: 1584

Hora de Inicio: 01d4acf6934430dc

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

Id. de informe: 740eb447-14df-4d9b-8242-8940b3fd535c

Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe

Id. de la aplicación relativa al paquete con errores: MicrosoftEdge

Tipo de bloqueo: Cross-thread

Error: (01/15/2019 12:05:23 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.

Error: (01/15/2019 11:34:07 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: No se pudo crear el punto de restauración (proceso = C:\AMD\WU-CCC2\ccc2_install\VC12RTx64\vcredist_x64.exe /q /norestart; descripción = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727; error = 0x80042302).

Error: (01/15/2019 11:34:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x80070422, No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
.


Operación:
   Creando instancia del servidor de VSS

Error: (01/15/2019 11:34:07 AM) (Source: VSS) (EventID: 13) (User: )
Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} y el nombre IVssCoordinatorEx2 no puede iniciarse. [0x80070422, No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
]


Operación:
   Creando instancia del servidor de VSS


System errors:
=============
Error: (01/15/2019 09:48:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L9M6CMB)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-L9M6CMB\TEISU con SID (S-1-5-21-1681801212-2571905260-2396515832-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/15/2019 09:26:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L9M6CMB)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-L9M6CMB\TEISU con SID (S-1-5-21-1681801212-2571905260-2396515832-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/15/2019 01:16:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/15/2019 01:16:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/15/2019 01:01:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L9M6CMB)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-L9M6CMB\TEISU con SID (S-1-5-21-1681801212-2571905260-2396515832-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/15/2019 12:52:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L9M6CMB)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-L9M6CMB\TEISU con SID (S-1-5-21-1681801212-2571905260-2396515832-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/15/2019 12:48:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (01/15/2019 12:48:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.SecurityAppBroker
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


==================== Memory info =========================== 

Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 3562.9 MB
Available physical RAM: 2077.46 MB
Total Virtual: 5994.9 MB
Available Virtual: 4268.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:300.1 GB) (Free:46.06 GB) NTFS
Drive d: () (Fixed) (Total:221.75 GB) (Free:213.9 GB) NTFS
Drive e: () (Fixed) (Total:0.1 GB) (Free:0.09 GB) NTFS

\\?\Volume{06ac259b-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 06AC259B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=300.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#20

Aquí todo lo que pediste, perdón por no publicar antes, tenia restricción de 10 horas por limite de post


#21

Hola @Roberto94

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
IFEO\GameOverlayUI.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Prompt.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Reporter.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Service.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Updater.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\steamerrorreporter.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\steamerrorreporter64.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\streaming_client.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\WriteMiniDump.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
C:\Program Files (x86)\IObit
2019-01-14 21:46 - 2018-11-29 21:57 - 000000000 ____D C:\Program Files (x86)\IObit
2019-01-14 21:46 - 2018-10-18 22:13 - 000000000 ____D C:\Users\TEISU\AppData\LocalLow\IObit
2019-01-14 21:46 - 2018-10-18 22:12 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\IObit
2019-01-14 21:46 - 2018-10-18 22:12 - 000000000 ____D C:\ProgramData\IObit
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.


#22
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.01.2019 01
Ran by TEISU (16-01-2019 00:19:04) Run:2
Running from C:\Users\TEISU\Desktop
Loaded Profiles: TEISU (Available Profiles: TEISU)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
IFEO\GameOverlayUI.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Prompt.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Reporter.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Service.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SHAREit.Updater.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\steamerrorreporter.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\steamerrorreporter64.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\streaming_client.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\WriteMiniDump.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
C:\Program Files (x86)\IObit
2019-01-14 21:46 - 2018-11-29 21:57 - 000000000 ____D C:\Program Files (x86)\IObit
2019-01-14 21:46 - 2018-10-18 22:13 - 000000000 ____D C:\Users\TEISU\AppData\LocalLow\IObit
2019-01-14 21:46 - 2018-10-18 22:12 - 000000000 ____D C:\Users\TEISU\AppData\Roaming\IObit
2019-01-14 21:46 - 2018-10-18 22:12 - 000000000 ____D C:\ProgramData\IObit
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks" => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GameOverlayUI.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SHAREit.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SHAREit.Prompt.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SHAREit.Reporter.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SHAREit.Service.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SHAREit.Updater.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\steamerrorreporter.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\steamerrorreporter64.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\streaming_client.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WriteMiniDump.exe => removed successfully
C:\Program Files (x86)\IObit => moved successfully
"C:\Program Files (x86)\IObit" => not found
C:\Users\TEISU\AppData\LocalLow\IObit => moved successfully
C:\Users\TEISU\AppData\Roaming\IObit => moved successfully
C:\ProgramData\IObit => moved successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Wi-Fi 2 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 12 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de red Bluetooth mientras los medios
est‚n desconectados.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{66E52119-9E52-4CFE-B429-2323D7C8D214} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1681801212-2571905260-2396515832-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9723904 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16932540 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 272902 B
Edge => 0 B
Chrome => 367395899 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2732 B
LocalService => 0 B
NetworkService => 3246 B
NetworkService => 0 B
TEISU => 5378229 B

RecycleBin => 142187 B
EmptyTemp: => 381.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:20:12 ====

#23

Hola:

Comenta cómo sigue el equipo, y si mejoro el inicio de Windows.

Salu2