Creo que hackearon mi email y mi pc


#1

Hola Recien ahora leo un mail que me había llegado el lunes en el correo no deseado, curiosamente era desde mi mismo email, como estoy acostumbrado a que me intenten estafar con pishing por email siempre me fijo en el email más que en el nombre pero solo me muestra el email… les dejo dos screenshots del email con su contenido

En el texto dice que la contraseña que ponen ahí (que la tape) es la de mi email pero no es asi, de hecho esa es una contraseña de las mas randoms que he usado y ya no me acuerdo en que sitios la use pero solo la use en los sitios menos seguros hace mucho tiempo. En el texto dice de que me grabo la cam mientras estaba en paginas para adultos pero yo no tengo cam xD. Y también dice que la proxima vez tenga cuidado en que sitios pongo mi contraseña, yo suelo ser muy cuidadoso con eso, siempre me fijo en la url antes de logear y que sea una conexión segura(el candadito). Por eso hasta el momento no me estaba preocupando mas allá de que parecía ser mi email pensé que era algún tipo de suplantación de identidad de mi email, por lo cual procedo a denunciarlo y a bloquearlo, pero al bloquearlo me tira error, si no me equivoco el error se refiere a que no me puedo bloquear a mi mismo, entonces de verdad me lo envio desde mi propia cuenta? entonces pudo acceder a mi cuenta? El error del bloqueo: Ahora lo que mas me preocupo es que luego de esto le vuelvo dar al boton de “no deseado” y me tira un pop up en una pestaña abriendome una pagina de juegos porno… eso nunca me habia pasado y lo mas raro es que paso desde la pagina de outlook, se me pudo haber infectado el pc luego de abrir el mail? no entre a ningún enlace dentro de este (como se ve en la imagen no hay ninguno). Y también de vez en cuando me ha pasado en otras paginas que me tire un pop up llevandome a la pagina de google.com… eso es muy raro. Hice un analisis con el malwarebytes premium, con avast, y adwcleaner. Malwarebytes no encontro nada, el awdcleaner si encontro algo.Por lo menos de momento no se ha vuelto a repetir lo del pop up de la página porno. Acabo de cambiar la contra del email y activar la verificacion de dos pasos, pero en el email dice que me lo infecto y que no importa que cambie la contraseña porque la volvera a conseguir, y que si no pago 900$ en las 48 horas va a activar el supuesto ransomware que hay en mi pc. Me pueden ayudar porfavor?

#2

Hola

Lo de recibir correos que aparentemente son de nuestro propio email, es muy común.

Lo del contenido, es genérico…lo de la cámara etc…si se pica pues bueno…lo mandan a listas enteras de emails

Realiza los siguientes pasos, , sin cambiar el orden

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware,

Manual Malwarebytes, para que sepas usarlo y configurarlo.

  • Realiza un Análisis Personalizado,marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
  • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
  • Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward:Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.

  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • Si no encuentra nada, pulsamos “Omitir Reparación

  • El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Descarga Ccleaner

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, AdwCleaner y comentas como va el problema.



#3

Hola. Realice el analisis de malwarebytes personalizado como dijiste y como te comente en el post anterior no encontro nada, aunque en esta vez seleccione todos las unidades y rootkit. Lo que encontro Fue 3 archivos .rar que no abro hace mucho tiempo y no creo que tenga virus Y otros 2 que eran de cheatengine, un programa para cambiar cifras de un juego offline

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 8/11/18
Hora del análisis: 18:06
Archivo de registro: 1958ada0-e39a-11e8-b0bb-74d435b0ec28.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.482
Versión del paquete de actualización: 1.0.7753
Licencia: Premium

-Información del sistema-
SO: Windows 10 (Build 17134.286)
CPU: x64
Sistema de archivos: NTFS
Usuario: FX\ezequ

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 773648
Amenazas detectadas: 5
Amenazas en cuarentena: 2
Tiempo transcurrido: 2 hr, 18 min, 30 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 5
RiskWare.DontStealOurSoftware, C:\USERS\EZEQU\APPDATA\ROAMING\Microsoft\Windows\Recent\CRACK (1) malwarebts.lnk, Sin acciones por parte del usuario, [5328], [278514],1.0.7753
RiskWare.DontStealOurSoftware, D:\DISCO D\DESKTOP\¡JUEGOS!MAS\.JUEGOS.       MAS\VARIOS\CRACK (1) MALWAREBTS.RAR, Sin acciones por parte del usuario, [5328], [278514],1.0.7753
PUP.Optional.GameHack, E:\USUARIO\ESCRITORIO\VARIOS\CHEAT ENGINE\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT, Se eliminará al reiniciar, [8045], [393793],1.0.7753
PUP.Optional.InstallCore, E:\USUARIO\ESCRITORIO\VARIOS\CHEAT ENGINE\CHEATENGINE67.EXE, Se eliminará al reiniciar, [406], [500846],1.0.7753
RiskWare.DontStealOurSoftware, E:\USUARIO\ESCRITORIO\VARIOS\CRACK (1) MALWAREBTS.RAR, Sin acciones por parte del usuario, [5328], [278514],1.0.7753

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

El adwcleanner como te dije en el post de arriba ya lo use, ahora lo pase y no encontro nada pero te dejo el log de ayer que si encontro algo:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-07-2018
# Duration: 00:00:02
# OS:       Windows 10 Pro
# Cleaned:  13
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\Public\Documents\Downloaded Installers
Deleted       C:\Users\ezequ\AppData\Local\slimware utilities inc

***** [ Files ] *****

Deleted       C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       AVG Secure Search
Deleted       Citizens Wiki (en-gb)
Deleted       Softonic ES
Deleted       Softonic ES
Deleted       Softonic ES
Deleted       Softonic ES
Deleted       Softonic ES
Deleted       Softonic ES
Deleted       Softonic ES

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1863 octets] - [07/11/2018 21:16:34]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


EL 2DO

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-07-2018
# Duration: 00:00:10
# OS:       Windows 10 Pro
# Scanned:  32052
# Detected: 13


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy             C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.SlimCleanerPlus    C:\Users\ezequ\AppData\Local\slimware utilities inc

***** [ Files ] *****

PUP.Optional.Legacy             C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.SlimCleanerPlus    HKLM\Software\Wow6432Node\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             AVG Secure Search
PUP.Optional.SafeFinder         Citizens Wiki (en-gb)
PUP.Optional.SofTonicAssistant  Softonic ES
PUP.Optional.SofTonicAssistant  Softonic ES
PUP.Optional.SofTonicAssistant  Softonic ES
PUP.Optional.SofTonicAssistant  Softonic ES
PUP.Optional.SofTonicAssistant  Softonic ES
PUP.Optional.SofTonicAssistant  Softonic ES
PUP.Optional.SofTonicAssistant  Softonic ES

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Y tambien utilice ccleanner antes de crear el post igual que como me lo comentaste ahi Algo bastante grave que me ocurre es que en algunas paginas me tira un pop up a una pagina que me termina redirigiendo a la misma, me ha pasado en outlook aprox 2 veces y en una pagina de apustas de csgo, un amigo usa la misma pagina nunca le tiro ningun pop up, ademas yo tengo adblock. El pop up me abre una pestaña de la de la misma pagina en la que estoy navegando y otra que me redirige a una pagina en blanco por unos segundos y luego de nuevo a la pagina en la que estaba, te dejo una screenshot de la pagina a la cual me redirige antes de volverme a mandar en la pagina en al que estaba antes:

https://imgur.com/a/ihCwYoD

Por cierto, podrian por favor borrar la primera imagen del primer post?. Ahora no me deja editarlo y me olvide de tapar el email en el texto. Gracias.


#4
  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.


#5

Buenas, vuelvo a mencionar si por favor pueden eliminar la primera foto de todo el post ya que en una parte me olvide de tapar el email. Y no puedo responder con el log de Frst porque la web me tira el sigiente error: “Lo sentimos, pero los usuarios nuevos solo pueden mencionar a 2 usuarios en un post.” Una duda: ¿no es peligroso que los logs lo puedan ver todos?, quiero decir yo confio en los miembros del foro, pero como puede ver el post cualquier persona de internet y los logs tienen muchos datos de mi pc, no es peligroso? Gracias.


#6

Hola

La foto ya esta eliminada.

Los logs que pedimos, que generan los programas y herramientas que usamos, no muestran ninguna información privada o que pueda ser usada por nadie para nada en absoluto.

Debes poner las etiquetas como se indica , antes del texto y al final…pones [code] y debajo ( no al lado) pegas el log.

Al final, pones la otra etiqueta [/code], debajo…eso en cada respuesta que uses

Si tienes problemas, adjuntar los usando el símbolo de flecha para arriba


#7

El Frst

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08.11.2018
Ran by ezequ (administrator) on FX (09-11-2018 11:24:04)
Running from E:\Usuario\Descargas
Loaded Profiles: ezequ (Available Profiles: ezequ)
Platform: Windows 10 Pro Version 1803 17134.286 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0330897.inf_amd64_e597c9af3e80d847\B330925\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
() C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0330897.inf_amd64_e597c9af3e80d847\B330925\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
() C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
() C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
() C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe
() C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe
() C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-07] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2040544471-3188524410-1632111590-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-08] (Valve Corporation)
HKU\S-1-5-21-2040544471-3188524410-1632111590-1001\...\Run: [Spotify] => C:\Users\ezequ\AppData\Roaming\Spotify\Spotify.exe [25162472 2018-10-23] (Spotify Ltd)
HKU\S-1-5-21-2040544471-3188524410-1632111590-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3431152 2018-09-28] ()
HKU\S-1-5-21-2040544471-3188524410-1632111590-1001\...\Run: [Gaijin.Net Agent] => C:\Users\ezequ\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2128968 2018-06-14] (Gaijin Entertainment)
IFEO\adobe extension manager cs6.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\extendscript toolkit.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\gyazogif.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\gyazowin.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\gystation.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\memuconsole.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\origin.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\switchboard.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-05-30]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 190.55.60.129 200.115.192.29 200.115.192.28
Tcpip\..\Interfaces\{73693adb-abf6-46c0-84c1-d9c33f3da22f}: [DhcpNameServer] 190.55.60.129 200.115.192.29 200.115.192.28
Tcpip\..\Interfaces\{c738dbd8-3abd-43bc-bac4-c685aa45dfc3}: [NameServer] 77.234.40.79

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-31] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-31] (Oracle Corporation)

FireFox:
========
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\ezequ\Desktop\Nueva carpeta (2)\Picasa3\npPicasa3.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-31] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com.ar/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default [2018-11-09]
CHR Extension: (Presentaciones) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-17]
CHR Extension: (Speak It) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhdegclfbodpmkgijicickeocncjkpp [2018-10-27]
CHR Extension: (Documentos) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-17]
CHR Extension: (Google Drive) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (Habbo) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhkjdklmbabjecciekldinjfieocohof [2018-01-17]
CHR Extension: (MEGA) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2018-11-08]
CHR Extension: (YouTube) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-17]
CHR Extension: (Chrome IG Story) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2018-09-09]
CHR Extension: (Adblock Plus) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-10-31]
CHR Extension: (Steam Inventory Helper) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2018-10-19]
CHR Extension: (Tags for YouTube™) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggphokdgjikekfiakjcpidcclbmkfga [2018-11-05]
CHR Extension: (Tampermonkey) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-24]
CHR Extension: (Far Cry 3 - Death Island) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\effhkpalnjmiinnbchpoencpnnodbhbd [2018-09-22]
CHR Extension: (Free Rider HD) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikpifndnjfkgofoglceekhkbaicbde [2018-05-02]
CHR Extension: (Hojas de cálculo) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-17]
CHR Extension: (Causality Games) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2018-01-17]
CHR Extension: (Stylish - temas a medida para cada sitio web.) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2018-11-04]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (AdBlock) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-10-12]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-11-08]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2018-01-17]
CHR Extension: (Steam Trader Helper) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhoahihokddepjlegpenefeaahdkojog [2018-10-31]
CHR Extension: (BeGone) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk [2018-01-17]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (Enhanced Steam) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2018-07-30]
CHR Extension: (TunnelBear VPN) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-10-23]
CHR Extension: (Gmail) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-17]
CHR Extension: (Chrome Media Router) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-30]
CHR Extension: (Canvas Rider) - C:\Users\ezequ\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2018-01-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0330897.inf_amd64_e597c9af3e80d847\B330925\atiesrxx.exe [482280 2018-07-12] (AMD)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-07] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-11-07] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [338632 2018-11-07] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-11-07] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7361312 2018-10-10] ()
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [9121248 2018-11-01] (AVAST Software)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-10-29] (EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S4 MEmusvc; E:\MEmu\Microvirt\MEmu\MemuService.exe [269480 2017-05-26] (Microvirt Software Technology Co. Ltd.)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2216256 2018-09-30] (Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3087176 2018-09-30] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75064 2018-09-12] ()
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-29] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-12] (Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2018-04-05] (Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [281840 2018-09-28] ()
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [534400 2018-07-27] (Razer Inc.)
S4 SanDisk SSD Dashboard Service; C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe [373760 2016-10-10] (SanDisk) [File not signed]
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [6983064 2018-10-18] (AVAST Software)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] ()
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [286208 2018-08-09] (Microsoft Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [27768 2014-11-20] (VIA Technologies, Inc.)
R2 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [356856 2018-08-20] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-22] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0330897.inf_amd64_e597c9af3e80d847\B330925\atikmdag.sys [44339688 2018-07-12] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0330897.inf_amd64_e597c9af3e80d847\B330925\atikmpag.sys [567784 2018-07-12] (Advanced Micro Devices, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201408 2018-11-07] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230512 2018-11-07] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201928 2018-11-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346760 2018-11-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59664 2018-11-07] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-11-07] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47064 2018-11-07] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42456 2018-11-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163376 2018-11-07] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [483384 2018-11-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111968 2018-11-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88112 2018-11-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028840 2018-11-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467904 2018-11-07] (AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208640 2018-11-07] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2018-01-17] (The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381144 2018-11-07] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [107496 2018-05-28] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-10-30] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-10-30] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-11-08] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-11-08] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-07] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-11-09] (Malwarebytes)
R2 memudrv; E:\MEmu\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
R3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [400392 2017-07-14] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [49544 2018-09-13] (Razer Inc)
R3 RzDev_005c; C:\WINDOWS\System32\drivers\RzDev_005c.sys [51696 2018-04-22] (Razer Inc)
R3 RzDev_0221; C:\WINDOWS\System32\drivers\RzDev_0221.sys [51696 2018-04-22] (Razer Inc)
R3 RzDev_0C00; C:\WINDOWS\System32\drivers\RzDev_0C00.sys [51696 2018-04-22] (Razer Inc)
U5 rzudd; C:\Windows\System32\Drivers\rzudd.sys [205328 2017-07-19] (Razer Inc)
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [213080 2018-05-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [222864 2018-05-09] (Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [155856 2018-05-09] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-22] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-22] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-22] (Microsoft Corporation)
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-09 11:23 - 2018-11-09 11:24 - 000000000 ____D C:\FRST
2018-11-08 23:25 - 2018-11-09 11:18 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-11-08 23:25 - 2018-11-08 23:25 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-11-08 23:25 - 2018-11-08 23:25 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-11-08 00:10 - 2018-11-08 23:25 - 000000000 ____D C:\Users\ezequ\Desktop\Nueva carpeta
2018-11-07 23:33 - 2018-11-07 23:33 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-07 23:13 - 2018-11-07 23:13 - 000483384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2018-11-07 23:13 - 2018-11-07 23:13 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk
2018-11-07 23:13 - 2018-11-07 23:13 - 000001967 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2018-11-07 23:13 - 2018-11-07 23:04 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-11-07 23:04 - 2018-11-07 23:13 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-11-07 23:04 - 2018-11-07 23:04 - 001028840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-11-07 23:04 - 2018-11-07 23:04 - 000467904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-11-07 23:04 - 2018-11-07 23:04 - 000381144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-11-07 23:04 - 2018-11-07 23:04 - 000346760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-11-07 23:04 - 2018-11-07 23:04 - 000230512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-11-07 23:04 - 2018-11-07 23:04 - 000208640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-11-07 23:04 - 2018-11-07 23:04 - 000201928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-11-07 23:04 - 2018-11-07 23:04 - 000201408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-11-07 23:04 - 2018-11-07 23:04 - 000163376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-11-07 23:04 - 2018-11-07 23:04 - 000111968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-11-07 23:04 - 2018-11-07 23:04 - 000088112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-11-07 23:04 - 2018-11-07 23:04 - 000059664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-11-07 23:04 - 2018-11-07 23:04 - 000047064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-11-07 23:04 - 2018-11-07 23:04 - 000042456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2018-11-07 23:04 - 2018-11-07 23:04 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2018-11-07 21:15 - 2018-11-07 21:17 - 000000000 ____D C:\AdwCleaner
2018-11-05 00:37 - 2018-11-05 00:37 - 000000000 ____D C:\Users\ezequ\AppData\LocalLow\Klei
2018-10-30 22:32 - 2018-10-30 22:32 - 000000000 ____D C:\Users\ezequ\AppData\LocalLow\Lazy Bear Games
2018-10-30 18:16 - 2018-10-30 18:17 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-10-29 23:26 - 2018-10-29 23:37 - 000000000 ____D C:\Users\ezequ\AppData\Roaming\TeamViewer
2018-10-29 23:26 - 2018-10-29 23:26 - 000001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-10-29 23:26 - 2018-10-29 23:26 - 000001104 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-10-29 23:25 - 2018-11-05 12:30 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-10-29 19:30 - 2018-10-29 19:30 - 000000000 ____D C:\Users\ezequ\AppData\LocalLow\PinoklGames
2018-10-29 19:12 - 2018-11-06 22:00 - 000000000 ____D C:\Users\ezequ\AppData\Roaming\EasyAntiCheat
2018-10-29 19:12 - 2018-10-29 19:12 - 000000000 ____D C:\Users\ezequ\AppData\Local\SummerCamp
2018-10-27 02:52 - 2018-10-27 02:52 - 000000000 ____D C:\Users\ezequ\AppData\Roaming\Crystal Dynamics
2018-10-27 01:16 - 2018-10-27 01:16 - 000000000 ____D C:\Users\ezequ\AppData\Local\76561198108619134
2018-10-25 02:59 - 2018-10-25 14:18 - 000001456 _____ C:\Users\ezequ\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2018-10-21 15:14 - 2018-10-21 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2018-10-10 19:00 - 2018-10-10 19:00 - 000000167 _____ C:\WINDOWS\system32\Drivers\mozart_12360906860325_fw_dump.cmm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-09 11:17 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-09 11:08 - 2018-05-18 19:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-09 10:13 - 2018-01-17 19:54 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-09 00:46 - 2018-01-17 23:00 - 000000000 ____D C:\Users\ezequ\AppData\Roaming\TS3Client
2018-11-09 00:38 - 2018-04-11 18:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-08 23:31 - 2018-05-18 19:49 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-08 23:31 - 2018-04-12 13:19 - 000786502 _____ C:\WINDOWS\system32\perfh00A.dat
2018-11-08 23:31 - 2018-04-12 13:19 - 000155134 _____ C:\WINDOWS\system32\perfc00A.dat
2018-11-08 23:31 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-08 23:26 - 2018-05-18 19:47 - 000000000 ____D C:\Users\ezequ\AppData\Local\D3DSCache
2018-11-08 23:25 - 2018-05-18 19:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-08 23:25 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-08 23:25 - 2018-04-09 19:46 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-08 23:03 - 2018-02-20 15:06 - 000000000 ____D C:\Users\ezequ\AppData\Local\CrashDumps
2018-11-08 22:46 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-08 22:30 - 2018-05-18 19:47 - 000002700 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2018-11-08 22:30 - 2018-05-18 19:47 - 000002560 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2018-11-08 21:20 - 2018-09-22 16:47 - 000000132 _____ C:\Users\ezequ\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2018-11-08 20:45 - 2018-07-18 19:28 - 000002202 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-11-08 20:45 - 2018-07-18 19:28 - 000002116 _____ C:\WINDOWS\System32\Tasks\StartDVR
2018-11-08 20:45 - 2018-06-04 19:03 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-11-08 20:45 - 2018-06-04 19:02 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-08 20:45 - 2018-05-18 19:47 - 000003484 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-08 20:45 - 2018-05-18 19:47 - 000003260 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-08 20:45 - 2018-05-18 19:47 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2040544471-3188524410-1632111590-1001
2018-11-08 20:45 - 2018-05-18 19:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-11-08 02:20 - 2018-01-18 02:28 - 000000000 ____D C:\Users\ezequ\AppData\Local\Spotify
2018-11-08 02:17 - 2018-01-18 02:22 - 000000000 ____D C:\Users\ezequ\AppData\Roaming\Spotify
2018-11-07 23:32 - 2018-04-11 18:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-11-07 23:32 - 2018-01-17 19:10 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-11-07 23:13 - 2018-04-11 20:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-07 23:05 - 2018-09-25 14:47 - 000000000 ____D C:\Users\ezequ\AppData\Roaming\AVAST Software
2018-11-07 23:05 - 2018-01-26 06:07 - 000000000 ____D C:\Users\ezequ\AppData\Local\AVAST Software
2018-11-07 23:03 - 2018-08-26 02:31 - 000000000 ____D C:\Program Files\AVAST Software
2018-11-07 23:03 - 2018-01-17 19:05 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-07 21:53 - 2018-07-19 01:47 - 000002578 _____ C:\WINDOWS\System32\Tasks\BlueStacksHelper
2018-11-07 21:18 - 2018-05-18 19:47 - 000003338 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1516331622
2018-11-07 19:29 - 2018-01-19 00:13 - 000001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2018-11-07 19:29 - 2018-01-19 00:13 - 000000000 ____D C:\Program Files\Opera
2018-11-06 22:11 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-05 01:16 - 2018-01-23 15:49 - 000000000 ____D C:\Users\ezequ\.MemuHyperv
2018-10-30 18:11 - 2018-07-08 19:58 - 004905208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-30 17:17 - 2018-01-17 19:15 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-30 14:21 - 2018-10-09 02:48 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-10-30 14:21 - 2018-10-09 02:48 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-10-30 02:28 - 2018-05-18 19:39 - 000000000 ____D C:\Users\ezequ
2018-10-30 00:11 - 2018-02-15 00:29 - 000000000 ____D C:\Users\ezequ\AppData\Roaming\discord
2018-10-27 01:40 - 2018-01-18 17:36 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2018-10-27 01:15 - 2018-02-01 03:32 - 000466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2018-10-27 01:15 - 2018-02-01 03:32 - 000444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2018-10-27 01:15 - 2018-02-01 03:32 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2018-10-27 01:15 - 2018-02-01 03:32 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2018-10-25 14:58 - 2018-01-29 19:16 - 000000000 ____D C:\Users\ezequ\AppData\Local\Ubisoft Game Launcher
2018-10-24 21:36 - 2018-01-17 19:03 - 000000000 ____D C:\Users\ezequ\AppData\Local\Packages
2018-10-22 23:52 - 2018-03-15 12:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-10-22 18:13 - 2018-07-09 20:15 - 000000000 ____D C:\ProgramData\Packages
2018-10-21 15:14 - 2018-01-17 19:14 - 000000000 ____D C:\Program Files (x86)\Google
2018-10-21 15:14 - 2018-01-17 19:06 - 000000000 ____D C:\Users\ezequ\AppData\Local\Google
2018-10-18 16:39 - 2018-01-17 19:22 - 000000000 ____D C:\Users\ezequ\AppData\Local\PlaceholderTileLogoFolder
2018-10-18 14:37 - 2018-01-17 22:38 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2018-10-16 17:20 - 2018-03-15 12:19 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-10-10 17:28 - 2018-01-17 19:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-10 17:25 - 2018-01-17 19:38 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-10 03:47 - 2018-07-13 18:48 - 000000000 ____D C:\WINDOWS\Minidump

==================== Files in the root of some directories =======

2018-09-22 16:47 - 2018-11-08 21:20 - 000000132 _____ () C:\Users\ezequ\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2018-10-25 02:59 - 2018-10-25 14:18 - 000001456 _____ () C:\Users\ezequ\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2018-04-24 01:02 - 2018-07-27 21:00 - 000007619 _____ () C:\Users\ezequ\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-11-05 01:16 - 2018-11-05 01:16 - 000492544 _____ () C:\Users\ezequ\AppData\Local\Temp\s3.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-18 19:38

==================== End of FRST.txt ============================

#8

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08.11.2018
Ran by ezequ (09-11-2018 11:24:53)
Running from E:\Usuario\Descargas
Windows 10 Pro Version 1803 17134.286 (X64) (2018-05-18 22:47:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2040544471-3188524410-1632111590-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2040544471-3188524410-1632111590-503 - Limited - Disabled)
ezequ (S-1-5-21-2040544471-3188524410-1632111590-1001 - Administrator - Enabled) => C:\Users\ezequ
Invitado (S-1-5-21-2040544471-3188524410-1632111590-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2040544471-3188524410-1632111590-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2040544471-3188524410-1632111590-1001\...\uTorrent) (Version: 3.5.4.44520 - BitTorrent Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.7.1 - Advanced Micro Devices, Inc.)
Audacity 2.2.1 (HKLM-x32\...\Audacity_is1) (Version: 2.2.1 - Audacity Team)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.2.5964 - AVAST Software)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 18.7.2354 - AVAST Software)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 2.1.397 - AVAST Software)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Camtasia Studio 8 (HKLM-x32\...\{45F34E54-DAD9-405B-A4F6-B12B0A46B984}) (Version: 8.4.1.1745 - TechSmith Corporation)
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Crash Bandicoot N Sane Trilogy MULTi6 - ElAmigos versión 1.0 (HKLM-x32\...\{327BFB1B-E44E-4824-9EB7-EA92A8D3CAEC}_is1) (Version: 1.0 - Activision)
Discord (HKU\S-1-5-21-2040544471-3188524410-1632111590-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{702A012E-0E64-40E7-BDA9-3197DE5E3EBB}) (Version: 1.1.143.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FIFA 18 MULTi18 - ElAmigos versión 1.0 (HKLM-x32\...\{F8DEE27B-0ABA-4B36-A615-317B4E2193D5}_is1) (Version: 1.0 - EA Games)
Forza Horizon 3 MULTi13 - ElAmigos versión 1.0.119.1002 (HKLM-x32\...\{E9A96096-80E0-45CE-B5C3-A65F766DDCA8}_is1) (Version: 1.0.119.1002 - Microsoft Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.0.0.11" - Rockstar Games)
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MEmu (HKLM-x32\...\MEmu) (Version: 3.6.9.0 - Microvirt Software Technology Co. Ltd.)
Microsoft OneDrive (HKU\S-1-5-21-2040544471-3188524410-1632111590-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{756E195A-CB58-4B99-917F-0DDA0D881204}) (Version: 1.0.4.0 - Mojang)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
NVIDIA Controlador de 3D Vision 341.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.74 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 341.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.74 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.1.0 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 56.0.3051.99 (HKLM-x32\...\Opera 56.0.3051.99) (Version: 56.0.3051.99 - Opera Software)
Oracle VM VirtualBox 5.2.12 (HKLM\...\{128AD467-F107-4FED-A283-F355E74DE103}) (Version: 5.2.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.27.11381 - Electronic Arts, Inc.)
Panel de control de NVIDIA 341.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 341.74 - NVIDIA Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Razer Chroma SDK (HKLM-x32\...\Razer Chroma SDK) (Version: 2.20.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.3.1004.092821 - Razer Inc.)
Roblox Player for ezequ (HKU\S-1-5-21-2040544471-3188524410-1632111590-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
SanDisk SSD Dashboard (HKLM-x32\...\SanDisk SSD Dashboard) (Version: 1.4.4.4 - Western Digital Corporation or its affiliates)
SanDisk SSD Dashboard Service (HKLM-x32\...\{F4D977F4-1480-4F6A-A6BC-B2AB1D9E4F66}) (Version: 1.1.0 - SanDisk Corporation)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2040544471-3188524410-1632111590-1001\...\Spotify) (Version: 1.0.92.390.g2ce5ec7d - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.26558 - TeamViewer)
The Walking Dead Telltale The Final Season MULTi9 - ElAmigos versión 1.0 u2 (HKLM-x32\...\{02135C74-6661-46CF-A0F5-62A728E83A67}_is1) (Version: 1.0 u2 - Telltale)
Two Point Hospital MULTi9 - ElAmigos versión 1.0 (HKLM-x32\...\{2D56628D-FA17-4CFC-A577-9F573E9FA8FA}_is1) (Version: 1.0 - SEGA)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{3934F12E-091D-11E4-A0AD-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VEGAS Pro 15.0 (HKLM\...\{E1FCD40F-7FC4-11E7-88AD-95BE57594EAC}) (Version: 15.0.177 - VEGAS)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-4) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-3) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-07] (AVAST Software)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-03-18] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-07] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-07] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-07-11] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2015-06-29] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-07] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {039A1341-BA2C-405C-B083-6D2AABC308C8} - System32\Tasks\Opera scheduled Autoupdate 1516331622 => C:\Program Files\Opera\launcher.exe [2018-11-06] (Opera Software)
Task: {065EC8F7-FB30-4ADD-8F48-77A5ED397A21} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-11-01] (AVAST Software)
Task: {222A0968-97BC-47D4-B463-EF0DD72B4504} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)
Task: {222F366A-1CFC-4D45-8618-44A2E49E5E03} - System32\Tasks\Avast SecureLine Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [2018-10-18] (AVAST Software)
Task: {43B9DC57-C1A5-4430-BDF2-43344366D8CE} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {44057325-E512-4811-B3D5-19F641A78F01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
Task: {4566D65A-5F8B-40EA-A0F9-B83C096C5178} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2040544471-3188524410-1632111590-1001 => C:\Users\ezequ\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {4971EDE4-EAB5-4E6A-89DE-3F6D57146C4D} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {4F3EBDB3-BCCD-4378-BAF0-AF9255869C8E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {53531A94-9425-4462-B8B2-5C6975F87B16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-17] (Google Inc.)
Task: {56B8D52D-61CF-4A2D-9501-8C3DBA3D5B5F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6F59851E-7EB4-47AA-9203-E0D077CB397A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
Task: {8454FE3A-DF3B-4C95-8001-7A1DE408820C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-07-11] (Advanced Micro Devices, Inc.)
Task: {84D6C7BD-7DD7-466D-A7FE-F2E3BE56E84A} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2040544471-3188524410-1632111590-1001
Task: {A3DD89A5-44BC-4A99-B092-C53CF4A5D645} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-07] (AVAST Software)
Task: {BB8709B9-C71E-4CA6-AE37-876741EAB89F} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
Task: {C78EC88F-5050-44AE-8489-BB77B6DBD224} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
Task: {CE8F5422-84C3-4A3C-A60A-C428E3A0DB0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-17] (Google Inc.)
Task: {E0A2875C-8581-463F-8D3D-81745E21670D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-10-29] (AVAST Software)
Task: {F53582AB-C14A-4C29-9E2A-BD121FEDD63A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-07-11] (Advanced Micro Devices, Inc.)
Task: {F566F3D8-361A-4980-9190-F8704006AD9A} - System32\Tasks\S-1-5-21-2040544471-3188524410-1632111590-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\ezequ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg

==================== Loaded Modules (Whitelisted) ==============

2018-03-10 22:05 - 2018-09-12 20:52 - 000075064 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2018-01-17 20:39 - 2018-08-20 14:11 - 000356856 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
2018-10-09 02:48 - 2018-10-30 14:21 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-09 02:48 - 2018-10-30 14:21 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-09-28 05:00 - 2018-09-28 05:00 - 000281840 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
2018-04-11 20:34 - 2018-04-11 20:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-03 12:40 - 2018-07-03 12:40 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-07-03 12:40 - 2018-07-03 12:40 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-09-18 17:55 - 2018-09-14 23:17 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-22 18:13 - 2018-10-22 18:13 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-10-22 18:13 - 2018-10-22 18:13 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-04 12:07 - 2018-10-04 12:08 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-10-22 18:13 - 2018-10-22 18:13 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-10-22 18:13 - 2018-10-22 18:13 - 010978304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-10-22 18:13 - 2018-10-22 18:13 - 002810368 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\skypert.dll
2018-10-22 18:13 - 2018-10-22 18:13 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-09-28 05:46 - 2018-09-28 05:46 - 003431152 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
2018-08-29 04:06 - 2018-10-30 15:06 - 001057056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
2018-08-29 04:06 - 2018-09-22 21:00 - 102804768 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-08-29 04:06 - 2018-09-22 21:00 - 004866336 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2018-08-29 04:06 - 2018-09-22 21:00 - 000116000 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2018-09-28 10:28 - 2018-09-28 10:28 - 000303344 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe
2018-01-17 20:39 - 2018-09-21 22:00 - 001760760 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
2018-01-17 20:39 - 2018-09-21 22:00 - 000969208 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe
2018-11-08 22:45 - 2018-11-08 22:46 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-11-08 22:45 - 2018-11-08 22:46 - 066031616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-11-08 22:45 - 2018-11-08 22:46 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-01-17 19:37 - 2018-01-17 19:39 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-11-08 22:45 - 2018-11-08 22:46 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-11-08 22:45 - 2018-11-08 22:46 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-16 22:25 - 2018-08-16 22:25 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-08-16 22:25 - 2018-08-16 22:25 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-04-05 15:36 - 2018-04-05 15:38 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-11-08 22:45 - 2018-11-08 22:46 - 014094848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-11-08 22:45 - 2018-11-08 22:46 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-11-08 22:45 - 2018-11-08 22:46 - 002863104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-30 16:59 - 2018-08-30 17:01 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 03:56 - 2018-07-26 03:57 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-08 22:45 - 2018-11-08 22:46 - 000145920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\SKU.dll
2018-10-16 19:03 - 2018-10-16 19:03 - 004183040 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-09-25 18:08 - 2018-09-25 18:08 - 004472952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-30 17:17 - 2018-10-23 18:24 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libglesv2.dll
2018-10-30 17:17 - 2018-10-23 18:24 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libegl.dll
2018-11-07 23:04 - 2018-11-07 23:04 - 000598232 _____ () c:\program files\avast software\avast\streamback.dll
2018-10-04 12:07 - 2018-09-28 04:57 - 000150768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.ChromaSDKWrapper.dll
2018-10-04 12:07 - 2018-09-28 04:58 - 000179952 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativeDeviceDetectionWrapper.dll
2018-10-04 12:07 - 2018-09-28 04:58 - 000202480 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.PowerPlan.dll
2018-10-04 12:07 - 2018-09-28 09:13 - 000081648 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AccelWinM.dll
2018-10-04 12:07 - 2018-09-28 04:54 - 000354544 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AudioPlayer.dll
2018-10-04 12:07 - 2018-09-28 04:54 - 000135408 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_KeyboardKeysWrapper.dll
2018-10-04 12:07 - 2018-09-28 09:13 - 000086256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedCommon.dll
2018-10-04 12:07 - 2018-09-28 09:13 - 000344816 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedMacros.dll
2018-10-04 12:07 - 2018-09-28 09:13 - 000260336 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_MappingTypesM.dll
2018-10-04 12:07 - 2018-09-28 04:57 - 002278128 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_PowerSwitchWrapper.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000595184 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Blackwidow Chroma V2\Bin\RSy3_DeviceStatus.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000299760 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Blackwidow Chroma V2\Bin\RSy3_DriverMode.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000358128 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Blackwidow Chroma V2\Bin\RSy3_GameMode.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000348400 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Blackwidow Chroma V2\Bin\RSy3_Lighting.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000150768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Blackwidow Chroma V2\Bin\RSy3_Mapping.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000585968 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Blackwidow Chroma V2\Bin\RSy3_MappingBaseM.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000595184 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_DeviceStatus.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000299760 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_DriverMode.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000348400 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_Lighting.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000150768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_Mapping.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000585968 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_MappingBaseM.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000324848 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_PollingRate.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000345840 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_Sensitivity.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000420080 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_SurfaceCalBaseM.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000086768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_SurfaceCalPixart.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000595184 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Firefly\Bin\RSy3_DeviceStatus.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000299760 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Firefly\Bin\RSy3_DriverMode.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000348400 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Firefly\Bin\RSy3_Lighting.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000056048 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Blackwidow Chroma V2\Bin\RSy3_KeyboardKeys.dll
2018-10-04 12:08 - 2018-07-31 06:04 - 000056048 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_KeyboardKeys.dll
2018-11-07 23:05 - 2018-11-07 23:05 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-17 19:55 - 2018-10-30 15:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-01-17 19:55 - 2016-08-31 22:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-01-17 19:55 - 2018-11-08 16:02 - 002649376 _____ () C:\Program Files (x86)\Steam\video.dll
2018-01-17 19:55 - 2016-08-31 22:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-01-17 19:55 - 2016-08-31 22:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-01-17 19:55 - 2017-12-19 22:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-01-17 19:55 - 2017-12-19 22:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-01-17 19:55 - 2017-12-19 22:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-01-17 19:55 - 2017-12-19 22:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-01-17 19:55 - 2017-12-19 22:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-01-17 19:55 - 2018-11-08 16:02 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-01-17 19:55 - 2016-07-04 19:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-08-04 19:17 - 2018-08-04 19:17 - 000098544 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Common.Dependencies\RSy3_AudioMicPeakMeter.dll
2018-09-28 05:43 - 2018-09-28 05:43 - 000135408 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Common.Dependencies\RSy3_KeyboardKeysWrapper.dll
2018-07-27 21:29 - 2018-07-27 21:31 - 001005408 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.dll
2018-07-27 21:29 - 2018-07-27 21:31 - 053444984 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libcef.dll
2018-09-28 10:28 - 2018-09-28 10:28 - 000361712 _____ () C:\Program Files (x86)\Razer\Synapse3\UserProcess\RSy3_AudioAppStreamsWrapper.dll
2018-01-17 20:39 - 2018-06-28 13:27 - 085731816 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\libcef.dll
2018-01-17 20:39 - 2018-06-28 13:27 - 003879400 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\libglesv2.dll
2018-01-17 20:39 - 2018-06-28 13:27 - 000086504 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\libegl.dll
2018-07-27 21:29 - 2018-07-27 21:31 - 000691056 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.Core.dll
2018-07-27 21:29 - 2018-07-27 21:31 - 001984392 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libglesv2.dll
2018-07-27 21:29 - 2018-07-27 21:31 - 000082824 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\ezequ\Datos de programa:00e481b5e22dbe1f649fcddd505d3eb7 [0]
AlternateDataStreams: C:\Users\ezequ\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [470]

#9

Adidition 2da parte:

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 10:46 - 2017-09-29 10:44 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2040544471-3188524410-1632111590-1001\Control Panel\Desktop\\Wallpaper -> E:\Usuario\Imágenes\Prism_1920x1080.png
DNS Servers: 190.55.60.129 - 200.115.192.29
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Avast Cleanup Premium.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-2040544471-3188524410-1632111590-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2040544471-3188524410-1632111590-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2040544471-3188524410-1632111590-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7565D2BB-9A93-492B-B907-627BD9C8F33B}] => (Allow) E:\SteamLibrary\steamapps\common\Another Lost Phone Laura's Story\alp.exe
FirewallRules: [{B1677858-095C-48F6-A2E4-FC2300BA1370}] => (Allow) E:\SteamLibrary\steamapps\common\Another Lost Phone Laura's Story\alp.exe
FirewallRules: [{150F812F-9645-4D8F-BC47-834B98FDD05F}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\Pool Nation FX\PoolNationFX\Binaries\Win64\PoolNationFX.exe
FirewallRules: [{73BE5BCE-5BF8-4101-A54A-4CF8CC27317B}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\Pool Nation FX\PoolNationFX\Binaries\Win64\PoolNationFX.exe
FirewallRules: [{22F3F5FB-CEDF-4686-949C-993783DED313}] => (Allow) E:\SteamLibrary\steamapps\common\FarCry5\bin\ArcadeEditor64.exe
FirewallRules: [{00B3EDB7-EA30-4CEA-97D8-260B3559000C}] => (Allow) E:\SteamLibrary\steamapps\common\FarCry5\bin\ArcadeEditor64.exe
FirewallRules: [{0AF4E28C-9DAE-4A66-B33C-003DBA7EABEF}] => (Allow) E:\SteamLibrary\steamapps\common\FarCry5\bin\FarCry5.exe
FirewallRules: [{77A5F554-E6AF-4B67-89EB-535E0A0EF23B}] => (Allow) E:\SteamLibrary\steamapps\common\FarCry5\bin\FarCry5.exe
FirewallRules: [{A7677911-EDBE-4CCF-925C-EFABE96F1F7D}] => (Allow) E:\SteamLibrary\steamapps\common\Survivalist\Survivalist.exe
FirewallRules: [{8B9C2A9B-51D0-474B-9E0E-59EDFF8B34C0}] => (Allow) E:\SteamLibrary\steamapps\common\Survivalist\Survivalist.exe
FirewallRules: [{1CFDCE53-4D0A-40BB-B724-4C79C2BB7B88}] => (Allow) D:\Disco D\Gta v\GTA5.exe
FirewallRules: [{B8DFCCB6-FD59-4EFD-AB4E-5239AC98A704}] => (Allow) D:\Disco D\Gta v\GTA5.exe
FirewallRules: [{7773B828-7BAF-4F50-8488-BD7E07947FA6}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E51985E7-C760-4D5C-9E68-2BCAF869D625}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{B7E496DF-12B4-4385-80D1-56E91BDD9E1C}] => (Allow) E:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{F1A22DBA-8275-4CAA-9742-157A42B50EB0}] => (Allow) E:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{96C0893F-DE92-4F86-8EAD-99D9959BFD86}] => (Allow) E:\SteamLibrary\steamapps\common\FarCry5\bin\FarCry5.exe
FirewallRules: [{D514E4EC-1B88-4202-B78A-92ADF5553C72}] => (Allow) E:\SteamLibrary\steamapps\common\FarCry5\bin\FarCry5.exe
FirewallRules: [{6E8F6AE5-05CA-4684-B480-76CE615908AA}] => (Allow) E:\SteamLibrary\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{37FE7C2D-FD90-4BD6-AB56-B2A956BB1EAB}] => (Allow) E:\SteamLibrary\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{08278983-F39D-4DA2-B0D7-756E380F6753}] => (Allow) E:\SteamLibrary\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{CAD57BFB-5E85-4B1E-8BA1-6C9D90B6CC16}] => (Allow) E:\SteamLibrary\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{723945FA-D7D8-49C9-AEF1-50EA12210E63}] => (Allow) E:\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{1E672354-392E-44F8-9344-A2D9D2E190F2}] => (Allow) E:\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{567D8361-BA47-477C-A034-7E32776CE997}] => (Allow) E:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{0916D7EA-8A65-40C1-A5FF-C296BE4D1093}] => (Allow) E:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{3256DCBC-44E5-42FF-B059-0E22B6CBCB69}] => (Allow) E:\SteamLibrary\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{349A0961-4664-4C5D-8A3F-163E71A1A534}] => (Allow) E:\SteamLibrary\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{BC9DA22B-EDD3-4F89-BE53-99EDD1011C08}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{6161528E-928F-4D3D-A13A-97CC748BD0EC}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{6E81021A-9906-4A52-9147-1B09F75B8025}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{1C557307-CFCF-4CC2-B4AE-04F62C5ACC81}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{D5AE476C-2799-4BF3-828D-4E8657DDF076}] => (Allow) LPort=8317
FirewallRules: [{A18A7F5B-2DA0-4539-81AA-DE3FBAD1AA49}] => (Allow) E:\SteamLibrary\steamapps\common\H1Z1 King of the Kill\H1Z1_BE.exe
FirewallRules: [{52CE46FC-74A6-43A8-BA8A-100FBFFB67F0}] => (Allow) E:\SteamLibrary\steamapps\common\H1Z1 King of the Kill\H1Z1_BE.exe
FirewallRules: [{96F9B010-9374-4DFC-A7B4-D27663E9806E}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{0D885589-FD59-4C38-9725-1B6B96B8D4E4}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{65114D91-8C21-4CDC-BB6F-0C319740AB6F}] => (Allow) E:\SteamLibrary\steamapps\common\Hand Simulator\Hand Simulator.exe
FirewallRules: [{BBED808B-FEEE-435C-A8C7-040A141AF155}] => (Allow) E:\SteamLibrary\steamapps\common\Hand Simulator\Hand Simulator.exe
FirewallRules: [{F6C73DCB-D7E6-436A-94ED-426BF207EE14}] => (Allow) E:\SteamLibrary\steamapps\common\Sheltered\Sheltered.exe
FirewallRules: [{1C829F84-8115-4254-A627-8AE1ED2A0112}] => (Allow) E:\SteamLibrary\steamapps\common\Sheltered\Sheltered.exe
FirewallRules: [{1499284A-7BC1-4A20-AF1D-5F3F66B70321}] => (Allow) E:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{EE2AB156-C3CB-4B1F-9F9F-272E16AC3936}] => (Allow) E:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{AB33CA3B-A624-4C46-8F8F-8208A0B6FD45}] => (Allow) E:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{EB255DD3-A676-481D-8E8E-00A2F720DDA0}] => (Allow) E:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{6593B172-D983-41B8-B132-E5E53EBC0AC7}] => (Allow) E:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{4CE4BB07-1D15-4EDA-9FED-281A7B8DAF06}] => (Allow) E:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{FA3331BC-A279-45A7-948E-DAB07B01CD21}] => (Allow) E:\SteamLibrary\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{2834479A-4140-403D-B49D-0842761211E2}] => (Allow) E:\SteamLibrary\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{819F8EF6-ADC1-46F3-9EFB-159625F2FE8F}] => (Allow) E:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{330CFCFC-3488-45EC-8DA7-163B550871D6}] => (Allow) E:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{3B354554-5C79-40DF-A7DF-B7D0B650EAE1}] => (Allow) E:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{86CABF8C-43DB-4E23-9401-49EB7DED6C4F}] => (Allow) E:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{7B66E454-562D-44E4-9F67-D2973763FBB4}] => (Allow) E:\SteamLibrary\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{166D91B2-007C-42F6-BD9D-D31D45E123F0}] => (Allow) E:\SteamLibrary\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{DDEC50D8-AF21-4375-B2C1-EF9D0B685259}] => (Allow) E:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{BCC25102-C965-4177-8673-56EEDAB647F2}] => (Allow) E:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{74F23000-3539-4C82-8C68-A85F0BF323DB}] => (Allow) E:\SteamLibrary\steamapps\common\For Honor\forhonor.exe
FirewallRules: [{DFDDEFD2-A00B-4533-9810-37A2F4BB87AE}] => (Allow) E:\SteamLibrary\steamapps\common\For Honor\forhonor.exe
FirewallRules: [{C90D41A6-70A3-4D74-A1A2-C175DE0ECFB3}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{FC1C44B2-1DC0-4A50-B04E-D7F951A6C667}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{A1BA1B43-3ED8-4CFE-90DB-7E75CBADA0B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{A9DF3018-4450-4AC8-9DE1-CE48C0C3C0B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{EFB1CB81-D2F5-4BF3-9DB3-E631DE45E236}] => (Allow) E:\SteamLibrary\steamapps\common\They Are Billions\TheyAreBillions.exe
FirewallRules: [{0DEC86E9-F9C4-485B-B87E-6FA37893726A}] => (Allow) E:\SteamLibrary\steamapps\common\They Are Billions\TheyAreBillions.exe
FirewallRules: [{9D6BE4D0-5C15-4053-BBCF-CF1617EA49CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{885044AC-D200-45DB-938F-093731B4E8C7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{69AAFF17-29CD-40C0-AD4B-AB222A6671E6}] => (Allow) E:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{17D04B89-D0A4-4A61-BD57-2009105916D8}] => (Allow) E:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{66750E72-2759-4292-A14D-6D7775A2C52F}] => (Allow) E:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{0DCA7F95-EB9F-4012-AE0E-55077455705A}] => (Allow) E:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{1F51759C-DB9D-4DA1-A83A-4B15C71FB019}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{D74B18A3-DCF3-40BC-9B79-5A0560DA69A4}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{114ED53F-F6AD-4B7D-93BE-A6ADFF277283}] => (Allow) E:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{BA84429E-E94C-454F-8094-76609E492BAA}] => (Allow) E:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{BD473B52-F417-441B-95DE-0B0523C152B7}] => (Allow) E:\SteamLibrary\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{6F96DA37-8ECB-4B6C-8E91-2BCD7D166F46}] => (Allow) E:\SteamLibrary\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{333A1B6F-3856-42EF-9665-AB55DC122C06}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe
FirewallRules: [{A72C2E19-4A1D-4D15-896F-873D7379BC73}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe
FirewallRules: [{A237FC6F-D133-4862-A7B0-BC1B2D797C91}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{F7A0F436-E1FD-4835-97C7-522ADAAD752B}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{DB55B28A-0029-4B4E-9CB9-C45FBDED30FD}] => (Allow) E:\SteamLibrary\steamapps\common\Steep\steep.exe
FirewallRules: [{4CC316C9-479C-42D8-A0F1-33D40287BE18}] => (Allow) E:\SteamLibrary\steamapps\common\Steep\steep.exe
FirewallRules: [{CFA165ED-1E17-4015-934A-B92D43F800E6}] => (Allow) E:\Origin games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{5C72F1FD-CC4F-4602-A0D7-E988596057CA}] => (Allow) E:\Origin games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe
FirewallRules: [TCP Query User{6E95DB85-A694-4C93-B80E-3D9D8AE9B6D1}C:\users\ezequ\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezequ\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7142887E-C9DF-4741-97A3-C19027C57A9D}C:\users\ezequ\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezequ\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F4B520B5-594C-4ACB-8FC9-90FFC3171AF9}E:\steamlibrary\steamapps\common\islands of nyne battle royale\ionbranch\binaries\win64\ionbranch.exe] => (Allow) E:\steamlibrary\steamapps\common\islands of nyne battle royale\ionbranch\binaries\win64\ionbranch.exe
FirewallRules: [UDP Query User{A4B0E086-6290-4CB5-BFD4-F77BF5BDB3B0}E:\steamlibrary\steamapps\common\islands of nyne battle royale\ionbranch\binaries\win64\ionbranch.exe] => (Allow) E:\steamlibrary\steamapps\common\islands of nyne battle royale\ionbranch\binaries\win64\ionbranch.exe
FirewallRules: [TCP Query User{469674B8-4103-4EAF-90BE-92E272E014AD}E:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) E:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{662BD909-3421-4CCD-A266-9C76F8E87056}E:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) E:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{15F6CCA3-06E6-4CD0-BFBF-75FAFCE7EDCA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{35A34EA5-7B8E-430C-AC5F-A8EAFBC0FCF0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [{A6B18E6D-B4D0-482E-B9F8-C4E9A7B6991F}] => (Allow) E:\SteamLibrary\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{DBD88E7A-F3E9-43D7-B3BE-C934360F61FA}] => (Allow) E:\SteamLibrary\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [TCP Query User{046022BD-5503-4FB1-BC56-42EC23744F3A}C:\users\ezequ\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ezequ\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{79D1BD3D-182E-47B7-8183-408C2E68166B}C:\users\ezequ\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ezequ\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{41CAF1FF-8F92-42B2-8AE5-26E52440BDA6}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe
FirewallRules: [{0750E2E9-4D53-45BC-BA8B-4E6C32701073}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe
FirewallRules: [TCP Query User{F80A1C86-33A6-48AD-9033-EF38D24BF5BF}E:\steamlibrary\steamapps\common\beat cop\beatcop.exe] => (Block) E:\steamlibrary\steamapps\common\beat cop\beatcop.exe
FirewallRules: [UDP Query User{59D76D65-8051-4AB1-8F0D-B94AEA105439}E:\steamlibrary\steamapps\common\beat cop\beatcop.exe] => (Block) E:\steamlibrary\steamapps\common\beat cop\beatcop.exe
FirewallRules: [{AB057725-F78D-411A-B7C3-85613EC34E69}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{B47E42BF-6F94-4A2E-8DB4-E3F68775E9D5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{8B94A6AE-86CF-4497-B0C4-BD442C9A3114}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8F15AB63-5152-4ED2-85E3-7A73C2A9E504}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{51DAD7D8-34D4-4AE2-9EEC-AE9254507E9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{96DCC664-11FD-4FFE-9D2C-446E54A2B482}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{BC2AC6B4-73DB-42C3-9881-32988ACA4C56}D:\disco d\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\disco d\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{5AF4B8AB-28B8-4763-B1CD-FCDB00FAE436}D:\disco d\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\disco d\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{8C79084D-DF64-45AB-B54D-BF2CE97322C1}] => (Allow) E:\SteamLibrary\steamapps\common\RimWorld\RimWorldWin64.exe
FirewallRules: [{B0F94B76-9DA8-44C0-9A57-01C1C6C5455E}] => (Allow) E:\SteamLibrary\steamapps\common\RimWorld\RimWorldWin64.exe
FirewallRules: [TCP Query User{46526B6C-0C88-4652-8C7A-0A16B47F25BF}E:\riot games\lol\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) E:\riot games\lol\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [UDP Query User{F684216E-FB01-425F-9DA2-0E32F4DA418F}E:\riot games\lol\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) E:\riot games\lol\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [TCP Query User{1E50BEFC-70BF-4990-8233-134611EBFD89}E:\riot games\lol\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) E:\riot games\lol\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe
FirewallRules: [UDP Query User{A7C961C4-B636-4BD9-B2A8-6AE9091A826D}E:\riot games\lol\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) E:\riot games\lol\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe
FirewallRules: [{6AD0992A-060D-442F-9423-3A52544CE4FA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{3B93F86F-E48F-4205-B0CE-33E1C924CD31}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{F797796A-E0C3-4AC6-9347-217B6A3396A3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FE35BAB4-6675-43F7-A431-4FA82312626F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{638D2B93-4CC4-4B14-A339-104BF8091226}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{618F6A1D-DA5E-4C56-9AFE-360D0BC473D7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{C688B296-EDD8-430F-A2FE-D6DF0DEFBFCD}E:\juegos\hearts of iron iv waking the tiger\hoi4.exe] => (Allow) E:\juegos\hearts of iron iv waking the tiger\hoi4.exe
FirewallRules: [UDP Query User{5A74DAAA-0F3D-4BE4-9C43-2693694B5D3C}E:\juegos\hearts of iron iv waking the tiger\hoi4.exe] => (Allow) E:\juegos\hearts of iron iv waking the tiger\hoi4.exe
FirewallRules: [TCP Query User{F0CEA70B-7829-47FE-8FFF-604DA256E491}E:\juegos\stellaris distant stars\stellaris.exe] => (Allow) E:\juegos\stellaris distant stars\stellaris.exe
FirewallRules: [UDP Query User{AE37817C-3669-40CC-9C1E-23DDBB7F9606}E:\juegos\stellaris distant stars\stellaris.exe] => (Allow) E:\juegos\stellaris distant stars\stellaris.exe
FirewallRules: [TCP Query User{683C8887-E355-44FB-8E64-AD528D4B7835}D:\disco d\juegos\fifa 18\fifa 18\fifa18.exe] => (Block) D:\disco d\juegos\fifa 18\fifa 18\fifa18.exe
FirewallRules: [UDP Query User{A1C95005-BF1A-4F35-A508-384B90BEF8B4}D:\disco d\juegos\fifa 18\fifa 18\fifa18.exe] => (Block) D:\disco d\juegos\fifa 18\fifa 18\fifa18.exe
FirewallRules: [TCP Query User{5DC08157-8EDD-4A44-9BC2-B286A8155438}E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{4539917F-0061-4730-A7EF-66F92A905C40}E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{BD876928-310C-4F18-8956-AF4A1D2CE067}] => (Allow) E:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FD1294AB-B0D0-43D2-A862-848F7C26082F}] => (Allow) E:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{01CB1EFC-08E6-4EE8-AE08-A5DCBB6A7152}E:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) E:\steamlibrary\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{78DAB7F6-7D8D-48EE-B970-BC7BE95B8459}E:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) E:\steamlibrary\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{2BBFC427-78EA-49F6-858C-E5AC7477E7A6}] => (Allow) E:\SteamLibrary\steamapps\common\FarCry5\bin\FarCry5.exe
FirewallRules: [{87666AB3-26AF-4847-9AE3-6225F2E180C0}] => (Allow) E:\SteamLibrary\steamapps\common\FarCry5\bin\FarCry5.exe
FirewallRules: [{07B0C515-DD31-4173-9F17-D0942439F252}] => (Allow) E:\SteamLibrary\steamapps\common\FarCry5\bin\ArcadeEditor64.exe
FirewallRules: [{3A425707-C357-4E87-8E18-7CA76DC8BB42}] => (Allow) E:\SteamLibrary\steamapps\common\FarCry5\bin\ArcadeEditor64.exe
FirewallRules: [{1448D2E6-BCEB-4CA8-8517-7DA5E55CA483}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{9C4C958F-D08A-436F-BC8E-74709A9CCA10}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{0C7DD462-6DC0-458C-AEA1-0848C641E39D}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{5E64D145-F05A-4337-81B7-938B8F7AB2E7}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{54CE96B5-B57E-4582-A7A3-EB6C782DA188}] => (Allow) E:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{46A78D2F-EFE1-4324-B934-46FAB5F072DC}] => (Allow) E:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{3536FFC9-C3F4-4D93-8159-CC2018605F40}] => (Allow) C:\Program Files\Opera\56.0.3051.52\opera.exe
FirewallRules: [{40D32CED-D369-43CF-A80D-DAF4670A9AA9}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{6BC7BEC7-AEFD-4DCF-9212-A23E897351F5}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{7E7A0EEE-3138-4B3B-B7F4-0050224BD98D}] => (Allow) E:\SteamLibrary\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{EDDCA7D6-8736-48E3-9C79-45E6B56E404F}] => (Allow) E:\SteamLibrary\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{2B6AECF1-0694-49DE-B927-73068F208552}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\Party Hard\PartyHardGame.exe
FirewallRules: [{C0E64F4B-8AFE-4315-93E8-23E84A5E3AB3}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\Party Hard\PartyHardGame.exe
FirewallRules: [{5D974CCC-4F40-44C2-A8DC-2EA0CACA3464}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe
FirewallRules: [{AB62EFCC-6C52-45B1-ABD3-D549E620C001}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe
FirewallRules: [{14C87C02-5F70-48A0-9AF7-571D57BB2E4F}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\F13Game\EAC_Launcher.exe
FirewallRules: [{B3A6782C-5670-4EAD-816C-C1A5770CFE9B}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\F13Game\EAC_Launcher.exe
FirewallRules: [{B78A818A-865D-4956-988B-58A6E54619A9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{785B4976-FC51-4221-955A-CBBD642D4CD4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3FE7C9EB-B452-4BC0-9C51-DF3F440CDDF5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{ADDFAAEC-CDB2-401D-8535-498D849CB024}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B9B9CB8F-6F72-4BC7-9858-6FAD5AF889F8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B30EF63A-5236-4C54-9FF6-F68AF626ECA1}] => (Allow) E:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{9B4C5D7B-FD9B-4364-9F1C-87BF985F9491}] => (Allow) E:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{3955C1E8-8D7C-41A3-AACF-4421BF3AA50B}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\Graveyard Keeper\Graveyard Keeper.exe
FirewallRules: [{C7096C58-3085-448E-8845-E72AC9FE8735}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\Graveyard Keeper\Graveyard Keeper.exe
FirewallRules: [{3CA52E46-40AF-4FB1-B9ED-439F0DDF7056}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\Punch Club\Punch Club.exe
FirewallRules: [{09740B9A-5566-4C45-911D-502DC1E0EF9F}] => (Allow) D:\Disco D\SteamLibrary\steamapps\common\Punch Club\Punch Club.exe
FirewallRules: [{3CC10B3D-10AB-4DC5-AEA5-8E61412121D9}] => (Allow) C:\Program Files\Opera\56.0.3051.99\opera.exe
FirewallRules: [{3099C66D-DBAD-4930-8AC6-E428858E1E1F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{53A5D550-DFFB-4DA3-991A-EA446D1F8919}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{B08C2F7B-04B9-4453-967B-FDF40519D6C6}] => (Allow) E:\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{ADF63375-EF90-4A77-A746-A540D4BB84C8}] => (Allow) E:\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{BA22FB88-C04C-4335-A56F-FF444D4655D7}] => (Allow) E:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{24680FAB-75C4-4443-A1A5-EE42C38FECCF}] => (Allow) E:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{26AF0784-69A8-486B-83C9-4F6BCD61C1F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe
FirewallRules: [{BEB01FB2-8EDB-4FD2-B1C9-EE2AB4FA2DC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe

==================== Restore Points =========================

22-10-2018 20:43:25 Instalador de Módulos de Windows
24-10-2018 01:47:11 Instalador de Módulos de Windows
25-10-2018 03:14:58 Instalador de Módulos de Windows
26-10-2018 12:44:17 Instalador de Módulos de Windows
27-10-2018 14:44:27 Instalador de Módulos de Windows
28-10-2018 16:43:28 Instalador de Módulos de Windows
29-10-2018 18:43:21 Instalador de Módulos de Windows
30-10-2018 20:11:04 Instalador de Módulos de Windows
31-10-2018 22:11:59 Instalador de Módulos de Windows
02-11-2018 00:11:29 Instalador de Módulos de Windows
03-11-2018 02:11:10 Instalador de Módulos de Windows
04-11-2018 18:11:10 Instalador de Módulos de Windows
05-11-2018 20:11:11 Instalador de Módulos de Windows
06-11-2018 22:11:18 Instalador de Módulos de Windows
09-11-2018 11:22:26 Antes FRST

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2018 10:13:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Audacity\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.286_none_fb43982d306480cc.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.286_none_42f0cf0444e0a9d2.manifest.

Error: (11/08/2018 11:25:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Audacity\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.286_none_fb43982d306480cc.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.286_none_42f0cf0444e0a9d2.manifest.

Error: (11/08/2018 11:06:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Audacity\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.286_none_fb43982d306480cc.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.286_none_42f0cf0444e0a9d2.manifest.

Error: (11/08/2018 11:03:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: svchost.exe_WpnUserService, versión: 10.0.17134.1, marca de tiempo: 0xa38b9ab2
Nombre del módulo con errores: NotificationController.dll, versión: 10.0.17134.165, marca de tiempo: 0xe0385185
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000007a24d
Identificador del proceso con errores: 0x31cc
Hora de inicio de la aplicación con errores: 0x01d477ccdb8b6301
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\svchost.exe
Ruta de acceso del módulo con errores: C:\Windows\System32\NotificationController.dll
Identificador del informe: 6a7ce316-ed47-410c-b05c-d06bf5a76be1
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/08/2018 10:37:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: svchost.exe_WpnUserService, versión: 10.0.17134.1, marca de tiempo: 0xa38b9ab2
Nombre del módulo con errores: NotificationController.dll, versión: 10.0.17134.165, marca de tiempo: 0xe0385185
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000007a24d
Identificador del proceso con errores: 0x22a8
Hora de inicio de la aplicación con errores: 0x01d477c8d6380756
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\svchost.exe
Ruta de acceso del módulo con errores: C:\Windows\System32\NotificationController.dll
Identificador del informe: d32d962a-3b54-4fa1-b98f-4b8c460952aa
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/08/2018 10:09:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: svchost.exe_WpnUserService, versión: 10.0.17134.1, marca de tiempo: 0xa38b9ab2
Nombre del módulo con errores: NotificationController.dll, versión: 10.0.17134.165, marca de tiempo: 0xe0385185
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000007a24d
Identificador del proceso con errores: 0x3620
Hora de inicio de la aplicación con errores: 0x01d477c0ba56954d
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\svchost.exe
Ruta de acceso del módulo con errores: C:\Windows\System32\NotificationController.dll
Identificador del informe: 4f7e5d0e-3d84-465f-8981-75e386fb3a4e
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/08/2018 09:11:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: svchost.exe_WpnUserService, versión: 10.0.17134.1, marca de tiempo: 0xa38b9ab2
Nombre del módulo con errores: NotificationController.dll, versión: 10.0.17134.165, marca de tiempo: 0xe0385185
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000007a24d
Identificador del proceso con errores: 0x2f94
Hora de inicio de la aplicación con errores: 0x01d477bd0b5d77c4
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\svchost.exe
Ruta de acceso del módulo con errores: C:\Windows\System32\NotificationController.dll
Identificador del informe: b8f6ec3b-9d00-4e91-b84d-9029f488d37e
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/08/2018 06:04:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Audacity\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.286_none_fb43982d306480cc.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.286_none_42f0cf0444e0a9d2.manifest.


System errors:
=============
Error: (11/09/2018 11:08:47 AM) (Source: DCOM) (EventID: 10016) (User: FX)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario FX\ezequ con SID (S-1-5-21-2040544471-3188524410-1632111590-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/09/2018 10:19:25 AM) (Source: DCOM) (EventID: 10016) (User: FX)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 y APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 al usuario FX\ezequ con SID (S-1-5-21-2040544471-3188524410-1632111590-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/09/2018 10:18:40 AM) (Source: DCOM) (EventID: 10016) (User: FX)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario FX\ezequ con SID (S-1-5-21-2040544471-3188524410-1632111590-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/09/2018 10:13:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio Razer Synapse Service.

Error: (11/09/2018 10:13:28 AM) (Source: DCOM) (EventID: 10016) (User: FX)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario FX\ezequ con SID (S-1-5-21-2040544471-3188524410-1632111590-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/09/2018 12:57:55 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (11/09/2018 12:29:00 AM) (Source: DCOM) (EventID: 10016) (User: FX)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario FX\ezequ con SID (S-1-5-21-2040544471-3188524410-1632111590-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/08/2018 11:26:44 PM) (Source: DCOM) (EventID: 10016) (User: FX)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario FX\ezequ con SID (S-1-5-21-2040544471-3188524410-1632111590-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2018-11-07 22:33:04.030
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {F2C8247D-FD9A-4557-863C-8EBFC3C43DAD}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-10-30 21:31:45.426
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {4537ACDB-682A-4823-99D9-AB1A3348F427}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-10-19 19:51:36.846
Description: 
Antivirus de Windows Defender detectó un comportamiento sospechoso.
Nombre: Informational:Behavior/ModifiedKernel
Id.: 3821461852
Gravedad: Baja
Categoría: Comportamiento sospechoso
Ruta de acceso encontrada: process:_0
Origen de detección: Desconocido
Tipo de detección: Sospechoso
Fuente de detección: Protección en tiempo real
Estado: Ejecutando
Usuario: Unknown\Unknown
Nombre de proceso: Unknown
Id. de firma: 717259538435
Versión de firma: AV: 1.279.136.0, AS: 1.279.136.0
Versión de motor: 1.1.15400.4
Etiqueta de fidelidad:  Bajo
Nombre de archivo de destino:  

Date: 2018-10-19 18:46:02.077
Description: 
Antivirus de Windows Defender detectó un comportamiento sospechoso.
Nombre: Informational:Behavior/ModifiedKernel
Id.: 27368033
Gravedad: Baja
Categoría: Comportamiento sospechoso
Ruta de acceso encontrada: process:_0
Origen de detección: Desconocido
Tipo de detección: Sospechoso
Fuente de detección: Protección en tiempo real
Estado: Ejecutando
Usuario: Unknown\Unknown
Nombre de proceso: Unknown
Id. de firma: 717259538435
Versión de firma: AV: 1.279.102.0, AS: 1.279.102.0
Versión de motor: 1.1.15400.4
Etiqueta de fidelidad:  Bajo
Nombre de archivo de destino:  

Date: 2018-10-19 18:44:29.156
Description: 
Antivirus de Windows Defender detectó un comportamiento sospechoso.
Nombre: Informational:Behavior/ModifiedKernel
Id.: 1097844899
Gravedad: Baja
Categoría: Comportamiento sospechoso
Ruta de acceso encontrada: process:_0
Origen de detección: Desconocido
Tipo de detección: Sospechoso
Fuente de detección: Protección en tiempo real
Estado: Ejecutando
Usuario: Unknown\Unknown
Nombre de proceso: Unknown
Id. de firma: 717259538435
Versión de firma: AV: 1.279.102.0, AS: 1.279.102.0
Versión de motor: 1.1.15400.4
Etiqueta de fidelidad:  Bajo
Nombre de archivo de destino:  

CodeIntegrity:
===================================

Date: 2018-11-09 10:42:39.589
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-09 10:42:39.572
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-08 23:36:43.588
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-08 23:36:43.579
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-08 19:02:32.344
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-08 19:02:07.832
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-08 18:54:20.528
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-08 18:53:48.212
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

Processor: AMD FX-8320E Eight-Core Processor 
Percentage of memory in use: 37%
Total physical RAM: 12252.63 MB
Available physical RAM: 7708.36 MB
Total Virtual: 14108.63 MB
Available Virtual: 7551.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.97 GB) (Free:116.95 GB) NTFS
Drive d: (Datos) (Fixed) (Total:465.76 GB) (Free:69.39 GB) NTFS
Drive e: (HD 1TB WD BLUE) (Fixed) (Total:931.51 GB) (Free:33.4 GB) NTFS

\\?\Volume{508cca20-88c1-43f9-b1aa-74a6049e0664}\ (Recuperación) (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{e4012fc4-5757-461b-a905-429664f37056}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3FF1CF09)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: CC9E05F6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=42)

==================== End of Addition.txt ============================

Por cierto, por el momento desde que respondi el mensaje ayer no me volvio a pasar lo de los pop ups. Saludos


#10

oK, en cuanto lo revise todo, te pondre respuesta…( sera mañana ya)


#11

Primero, cortas y pegas, Frst.exe, en el Escritorio, que es donde se indicaba claramente que habia que ponerlo y ejecutarlo

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

IFEO\adobe extension manager cs6.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\extendscript toolkit.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\gyazogif.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\gyazowin.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\gystation.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\memuconsole.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\origin.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\switchboard.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]
2018-11-05 00:37 - 2018-11-05 00:37 - 000000000 ____D C:\Users\ezequ\AppData\LocalLow\Klei
2018-10-27 01:16 - 2018-10-27 01:16 - 000000000 ____D C:\Users\ezequ\AppData\Local\76561198108619134
2018-11-05 01:16 - 2018-11-05 01:16 - 000492544 _____ () C:\Users\ezequ\AppData\Local\Temp\s3.exe
ShortcutWithArgument: C:\Users\ezequ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
AlternateDataStreams: C:\Users\ezequ\Datos de programa:00e481b5e22dbe1f649fcddd505d3eb7 [0]
AlternateDataStreams: C:\Users\ezequ\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [470]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema