Dr Web Cureit detecta JS.Miner.11

#1

Hola, os pido ayuda porque periodicamente Dr Web cureit detecta un archivo JS Miner.

Gracias

#2

Hola

Realiza el an√°lisis como se indica en el manual y oega el log como se indica


#3
Total 84389363499 bytes in 329548 files scanned (448119 objects)
Total 329626 files (447967 objects) are clean
Total 4 files are infected
Total 145 files are raised error condition
Scan time is 00:22:15.403

-----------------------------------------------------------------------------
Start curing
-----------------------------------------------------------------------------

C:\Program Files\HitmanPro\HitmanPro.exe - quarantined
C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000040 - deleted
C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000077 - deleted
C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007d - deleted

Total 84389363499 bytes in 329548 files scanned (448119 objects)
Total 329626 files (447967 objects) are clean
Total 4 files are infected
Total 4 files are neutralized
Total 145 files are raised error condition
Scan time is 00:22:15.403
#4

No sé ve nada de lo que comentaste…

#5

Hice otro an√°lisis, puede que cogiese el informe que no era.

Start curing -----------------------------------------------------------------------------

C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ff - quarantined

Total 83920825244 bytes in 325858 files scanned (445270 objects)
Total 325930 files (445113 objects) are clean
Total 1 file are infected
Total 1 file are neutralized
Total 153 files are raised error condition
Scan time is 00:17:49.792

#6

Hola Miguel. Después de leer esto, podés borrar el texto. Hace un tiempo, usaba una web que luego se volvió scam. El asunto es que cada vez que la abría avast neutralizaba el minero que intentaba ingresar. Quedaba un residuo en la carpeta de usuario de mi navegador (como en este caso). Pero reitero, el minero no era operativo. El AV lo destrozaba antes. Al realizar un análisis a demanda de la carpeta de mi USER de windows, avast detectaba y eliminaba el pedazo de minero. Con cada nueva visita a esa web, el ciclo se volvía a repetir :laughing:.
Lo que te digo, es que si eliminan fragmento aquí llamado f0000ff, y vuelve aparecer, tendrían que pregunatarse si el usuario no visita frecuentemente alguna web que esté intentando minería a través del navegador. Solo eso saludos.

#7

Gracias por el aporte @Aprenderas

Vamos a comprobar

Realiza los siguientes pasos, , sin cambiar el orden

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware,

Manual Malwarebytes, para que sepas usarlo y configurarlo.

  • Realiza un An√°lisis Personalizado,marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
  • Pulsar en ‚ÄúEliminar Seleccionados‚ÄĚ para enviarlo a la cuarentena y Reinicias el sistema.
  • Para acceder posteriormente al informe del an√°lisis : Informes >> Registro de an√°lisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward:Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.

  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Pulsar en el bot√≥n Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el bot√≥n Iniciar Reparacion.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • Si no encuentra nada, pulsamos ‚ÄúOmitir Reparaci√≥n‚ÄĚ

  • El log lo encontramos en la pesta√Īa ‚ÄúInformes‚ÄĚ, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Descarga Ccleaner

Instalalo y ejec√ļtalo. En la pesta√Īa limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pesta√Īa Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, AdwCleaner y comentas como va el problema.


#8

Dejo los resultados de los análisis. Aparentemente todo está bien pero antes de detectar los archivos con Dr Web no había nada anormal.

-Detalles del registro-
Fecha del an√°lisis: 20/3/19
Hora del an√°lisis: 20:31
Archivo de registro: c7ed0f50-4b46-11e9-89e2-2cfda1c02bdb.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.538
Versión del paquete de actualización: 1.0.9770
Licencia: Premium

-Información del sistema-
SO: Windows 10 (Build 17763.379)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-60GLB5A\Moya

-Resumen del an√°lisis-
Tipo de an√°lisis: An√°lisis personalizado
An√°lisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 429508
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 17 min, 59 seg

-Opciones de an√°lisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del an√°lisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)




# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-03-11.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-20-2019
# Duration: 00:00:07
# OS:       Windows 10 Pro
# Scanned:  31867
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1249 octets] - [14/03/2019 11:31:00]
AdwCleaner[S01].txt - [1310 octets] - [20/03/2019 01:10:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
#9
  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versi√≥n adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¬ŅC√≥mo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el bot√≥n Scan y espera a que concluya el an√°lisis.

  • Se abrir√°n dos (2) archivos (Logs), Frst.txt y Addition.txt, que estar√°n grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

#10
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Moya (administrator) on DESKTOP-60GLB5A (20-03-2019 22:57:56)
Running from C:\Users\Moya\Desktop
Loaded Profiles: Moya (Available Profiles: Moya)
Platform: Windows 10 Pro Version 1809 17763.379 (X64) Language: Espa√Īol (Espa√Īa, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335718.inf_amd64_736cb2f03b3e2e8b\B334754\atiesrxx.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_8a9535cd18c90bc3\igfxCUIService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMSvc.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.15\atkexComSvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_8a9535cd18c90bc3\IntelCpHDCPSvc.exe
(Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Gemalto, Inc. -> SafeNet, Inc.) C:\Windows\System32\hasplms.exe
(ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Nalpeiron Inc -> Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Greatis Software LLC -> Greatis Software, LLC) C:\Program Files (x86)\StopUpdates10\SU10Guard.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Macrovision) [File not signed] C:\Program Files (x86)\MonitorSoftware\monitor.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(X-Rite Incorporated -> X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(Zemana BiliŇüim Teknolojileri Sanayi Ticaret Limited Ňěirketi -> Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Gemalto, Inc. -> SafeNet, Inc.) C:\Windows\System32\hasplmv.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe
(Binary Fortress Software Ltd. -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335718.inf_amd64_736cb2f03b3e2e8b\B334754\atieclxx.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
() [File not signed] C:\Users\Moya\Desktop\barra tareas traslucida\TranslucentTB.2017.2\TranslucentTB.exe
() [File not signed] C:\Users\Moya\Desktop\barra tareas traslucida\TranslucentTB.2017.2\TranslucentTB.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
() [File not signed] C:\Users\Moya\Desktop\barra tareas traslucida\TranslucentTB.2017.2\TranslucentTB.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avpui.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\AsPowerBar.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\CNext\CCCSlim\CCC.exe
(Martin Malik - REALiX -> REALiX) C:\Program Files\HWiNFO64\HWiNFO64.EXE
(Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Zemana BiliŇüim Teknolojileri Sanayi Ticaret Limited Ňěirketi -> Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.49.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.exe
(Binary Fortress Software Ltd. -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe
(Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sidebar.exe
(Macrovision) [File not signed] C:\Program Files (x86)\MonitorSoftware\UPSMS.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(QFX Software Corporation -> QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation -> QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Binary Fortress Software Ltd. -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe
(Binary Fortress Software Ltd. -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.12127.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Kaspersky Lab -> Kaspersky Lab AO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\plugin-nm-server.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\transport_proxy.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.21218.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Moya\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Moya\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Moya\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Zemana BiliŇüim Teknolojileri Sanayi Ticaret Limited Ňěirketi -> Copyright 2017.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [589104 2017-06-22] (Acronis International GmbH -> )
HKLM-x32\...\Run: [UPSMS] => C:\Program Files (x86)\MonitorSoftware\UPSMS.exe [114688 2018-08-24] (Macrovision) [File not signed]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [516240 2018-09-12] (QFX Software Corporation -> QFX Software Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\...\Run: [GUSDelayStartup] => C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe [44016 2019-01-25] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5735784 2018-10-30] (Adguard Software Limited -> Adguard Software Ltd)
HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [10048920 2018-12-27] (Binary Fortress Software Ltd. -> Binary Fortress Software)
HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2019-03-11] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe [584128 2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-05] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{9B8373AC-D1DA-40C5-989F-008260458090}] -> C:\WINDOWS\system32\KeyScramblerLogon.dll [2018-09-12] (QFX Software Corporation -> QFX Software Corporation)
IFEO\dismHost.exe: [Debugger] nul
IFEO\EOSNOTIFY.EXE: [Debugger] nul
IFEO\InstallAgent.exe: [Debugger] nul
IFEO\MusNotification.exe: [Debugger] nul
IFEO\remsh.exe: [Debugger] nul
IFEO\SIHClient.exe: [Debugger] nul
IFEO\UpdateAssistant.exe: [Debugger] nul
IFEO\UsoClient.exe: [Debugger] nul
IFEO\WaaSMedic.exe: [Debugger] nul
IFEO\Windows10Upgrade.exe: [Debugger] nul
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] nul
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Synkron.lnk [2019-03-06]
ShortcutTarget: Synkron.lnk -> C:\Program Files (x86)\Synkron\Synkron.exe () [File not signed]
Startup: C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar756.lnk [2019-03-20]
ShortcutTarget: Sidebar756.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed]
BootExecute: autocheck autochk *  
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b53d8717-ae33-4062-8760-b35786bd095c}: [DhcpNameServer] 192.168.0.1
HKLM\System\...\Parameters\PersistentRoutes: [104.87.88.177,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [104.89.242.39,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [104.96.147.3,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.177,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.34.230,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.40.37,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.100,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.64,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.68,255.255.255.255,0.0.0.0,1]
PersistentRoutes: There are 82 PersistentRoutes.


Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\x64\ie_engine.dll [2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-02-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\ie_engine.dll [2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -  No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-19] (Microsoft Corporation -> Microsoft Corporation)

Edge: 
======
Edge Extension: (Kaspersky Password Manager) -> EdgeExtension_KasperskyLabKasperskyPasswordManagerExtension_8jx5e25qw3tdc => C:\Program Files\WindowsApps\KasperskyLab.KasperskyPasswordManagerExtension_2.2.0.0_x64__8jx5e25qw3tdc [2018-06-08]

FireFox:
========
FF ProfilePath: C:\Users\Moya\AppData\Roaming\Mozilla\Firefox\Profiles\ez570dvt.default [2019-03-20]
FF Homepage: Mozilla\Firefox\Profiles\ez570dvt.default -> hxxps://www.google.es/
FF NewTabOverride: Mozilla\Firefox\Profiles\ez570dvt.default -> Enabled: [email protected]
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\Moya\AppData\Roaming\Mozilla\Firefox\Profiles\ez570dvt.default\Extensions\[email protected] [2019-03-05]
FF Extension: (Kaspersky Password Manager) - C:\Users\Moya\AppData\Roaming\Mozilla\Firefox\Profiles\ez570dvt.default\Extensions\[email protected] [2019-02-12] [UpdateUrl:hxxps://special.s.kaspersky-labs.com/firefox_extensions/kpm_win_add_on/update.json]
FF Extension: (Espa√Īol (Espa√Īa) Language Pack) - C:\Users\Moya\AppData\Roaming\Mozilla\Firefox\Profiles\ez570dvt.default\Extensions\[email protected] [2019-03-05]
FF Extension: (New Tab Override) - C:\Users\Moya\AppData\Roaming\Mozilla\Firefox\Profiles\ez570dvt.default\Extensions\[email protected] [2019-01-03]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-11-29]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-09-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2018-12-04] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2018-12-04] <==== ATTENTION

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.es/webhp?source=search_app&gws_rd=cr
CHR StartupUrls: Default -> "hxxps://www.google.es/","hxxp://www.google.com/"
CHR Profile: C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default [2019-03-20]
CHR Extension: (Presentaciones) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-29]
CHR Extension: (Kaspersky Protection) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-11-29]
CHR Extension: (Documentos) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-29]
CHR Extension: (Google Drive) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-29]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2019-03-20]
CHR Extension: (WOT: Web of Trust, valoraciones de reputación de sitios web) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-11-29]
CHR Extension: (Pop up blocker for Chrome‚ĄĘ - Poper Blocker) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2019-02-21]
CHR Extension: (YouTube) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-29]
CHR Extension: (OneNote Online) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciniambnphakdoflgeamacamhfllbkmo [2018-11-29]
CHR Extension: (uBlock Origin) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-03-13]
CHR Extension: (Kaspersky Password Manager) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhnkblpjbkfklfloegejegedcafpliaa [2019-02-23]
CHR Extension: (Dropbox para Gmail) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2019-02-07]
CHR Extension: (Hojas de c√°lculo) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-29]
CHR Extension: (OPSWAT File Security for Chrome) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjampemfhdfmangifafmianhokmpjbcj [2019-03-20]
CHR Extension: (Photo Transfer App) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjfbkbdcdmafppmmeajldfnkjllemkej [2018-11-29]
CHR Extension: (Avira Navegación segura) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2019-03-19]
CHR Extension: (EditThisCookie) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2018-11-29]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2018-11-29]
CHR Extension: (HTTPS Everywhere) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2019-02-01]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-30]
CHR Extension: (Montón Nota) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpiejadkdojdbfgfocaoahhbepnlpph [2018-11-29]
CHR Extension: (Malwarebytes Browser Extension) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2019-03-13]
CHR Extension: (Mailvelope) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2019-03-12]
CHR Extension: (Ugly Email) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgiafaliifpknmgofiifianlnbgflgj [2018-11-29]
CHR Extension: (Extensión de Google Keep para Chrome) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2019-03-19]
CHR Extension: (Nota F√°cil) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfdpakabndfaaggapcljpikbjgbmebff [2018-11-29]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-29]
CHR Extension: (ScriptSafe) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2019-02-24]
CHR Extension: (OneClick Cleaner for Chrome) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh [2019-02-21]
CHR Extension: (Gmail) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-29]
CHR Extension: (Chrome Media Router) - C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-13]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhnkblpjbkfklfloegejegedcafpliaa] - hxxps://chrome.google.com/webstore/detail/dhnkblpjbkfklfloegejegedcafpliaa
CHR HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\45838EC3390E5114 <==== ATTENTION (Rootkit!)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [136040 2018-10-30] (Adguard Software Limited -> Adguard Software Ltd)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0335718.inf_amd64_736cb2f03b3e2e8b\B334754\atiesrxx.exe [513640 2018-11-13] (Advanced Micro Devices, Inc. -> AMD)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.15\atkexComSvc.exe [415680 2018-10-24] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMSvc.exe [963544 2016-08-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe [1340376 2017-12-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-06] (Microsoft Corporation -> Microsoft Corporation)
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2017-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-10-26] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-10-26] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [6601128 2018-12-27] (Binary Fortress Software Ltd. -> Binary Fortress Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [7236720 2018-11-29] (Gemalto, Inc. -> SafeNet, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2019-01-24] (SurfRight B.V. -> SurfRight B.V.)
R2 ICEsoundService; C:\Windows\system32\ICEsoundService64.exe [807808 2019-02-16] (ICEpower a/s -> ICEpower)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\vssbridge64.exe [414352 2018-11-29] (Kaspersky Lab -> AO Kaspersky Lab)
R2 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [354008 2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [87184 2018-09-12] (QFX Software Corporation -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381128 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SU10Guard; C:\Program Files (x86)\StopUpdates10\SU10Guard.exe [67480 2018-11-06] (Greatis Software LLC -> Greatis Software, LLC)
R2 unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-06-08] (Reason Software Company Inc. -> Reason Software Company Inc.)
R2 UPSmonitor; C:\Program Files (x86)\MonitorSoftware\monitor.exe [114688 2018-08-24] (Macrovision) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [668808 2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [363888 2018-06-01] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3830128 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\Windows\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [91048 2019-01-24] (X-Rite Incorporated -> X-Rite Inc.)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Zemana BiliŇüim Teknolojileri Sanayi Ticaret Limited Ňěirketi -> Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [89560 2018-09-05] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 aksdf; C:\Windows\system32\drivers\aksdf.sys [389560 2018-11-29] (Gemalto, Inc. -> SafeNet, Inc.)
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [487352 2018-11-29] (Gemalto, Inc. -> SafeNet, Inc.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0335718.inf_amd64_736cb2f03b3e2e8b\B334754\atikmdag.sys [47256656 2018-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0335718.inf_amd64_736cb2f03b3e2e8b\B334754\atikmpag.sys [596032 2018-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-12-26] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] (ASUSTeK Computer Inc. -> )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [107496 2019-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [186152 2019-02-16] (Broadcom Corporation -> Broadcom Corporation.)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [213312 2019-02-16] (Broadcom Corporation -> Broadcom Corporation.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1074984 2017-01-18] (Creative Technology Ltd -> Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [33792 2017-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S3 CYDTV_SRV; C:\Windows\system32\drivers\cydtv.sys [761088 2014-02-27] (Shenzhen Geniatech Technology LTD. ->  )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2018-07-11] (Glarysoft LTD -> Glarysoft Ltd)
R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [28936 2019-01-28] (Glarysoft LTD -> Glarysoft Ltd)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [1970104 2018-11-29] (Gemalto, Inc. -> SafeNet, Inc.)
R3 HPMoA407; C:\Windows\System32\drivers\HPMoA407.sys [25088 2011-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
R3 HPubA407; C:\Windows\System32\Drivers\HPubA407.sys [18944 2012-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [55960 2018-06-08] (Martin Malik - REALiX -> REALiX(tm))
R1 HWiNFO; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-02-16] (Martin Malik - REALiX -> REALiX(tm))
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-02-16] (Martin Malik - REALiX -> REALiX(tm))
R0 iaStorAC; C:\Windows\System32\drivers\iaStorAC.sys [967696 2019-02-16] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [243800 2018-09-08] (QFX Software Corporation -> QFX Software Corporation)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [73416 2018-09-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [123152 2018-09-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [89168 2018-09-27] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [219744 2018-11-29] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [1214752 2018-09-27] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [190784 2018-11-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1113696 2018-11-29] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [45768 2018-09-27] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [244544 2019-02-21] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [100136 2018-11-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [301336 2019-02-21] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [116096 2019-02-21] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [198464 2019-02-21] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [176976 2018-11-29] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-02-21] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-03-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [72864 2019-03-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-03-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [114040 2019-03-19] (Malwarebytes Corporation -> Malwarebytes)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1139848 2019-02-16] (Realtek Semiconductor Corp. -> Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1310552 2019-02-24] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [213336 2019-02-24] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2014-07-11] (PC Micro Systems Inc. -> Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2018-08-29] (Nicomsoft Ltd.) [File not signed]
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-06-08] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-06-08] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
#12
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [114040 2019-03-19] (Malwarebytes Corporation -> Malwarebytes)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1139848 2019-02-16] (Realtek Semiconductor Corp. -> Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1310552 2019-02-24] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [213336 2019-02-24] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2014-07-11] (PC Micro Systems Inc. -> Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2018-08-29] (Nicomsoft Ltd.) [File not signed]
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-06-08] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-06-08] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-20 22:57 - 2019-03-20 22:58 - 000046631 _____ C:\Users\Moya\Desktop\FRST.txt
2019-03-20 22:57 - 2019-03-20 22:57 - 000000000 ____D C:\FRST
2019-03-20 22:55 - 2019-03-20 22:55 - 002434048 _____ (Farbar) C:\Users\Moya\Desktop\FRST64.exe
2019-03-20 21:37 - 2019-03-20 21:37 - 000001371 _____ C:\Users\Moya\Desktop\AdwCleaner[S02].txt
2019-03-20 21:34 - 2019-03-20 21:34 - 000001548 _____ C:\Users\Moya\Desktop\Malwarebytes.txt
2019-03-20 20:27 - 2019-03-20 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-03-20 01:10 - 2019-03-20 01:10 - 000003140 _____ C:\Windows\System32\Tasks\MSIAfterburner
2019-03-19 23:28 - 2019-03-19 23:28 - 000000000 ____D C:\Users\Moya\AppData\LocalLow\AMD
2019-03-19 22:59 - 2019-03-19 23:01 - 000000000 ____D C:\Users\Moya\Desktop\tp link ac 1750 drivers
2019-03-19 22:30 - 2019-03-19 22:30 - 185414880 _____ C:\Users\Moya\Desktop\f1pnmff0.exe
2019-03-19 22:29 - 2019-03-19 22:29 - 106745856 _____ C:\Windows\system32\config\software.rctemp
2019-03-19 22:29 - 2019-03-19 22:29 - 043986944 _____ C:\Windows\system32\config\system.rctemp
2019-03-19 22:29 - 2019-03-19 22:29 - 000782336 _____ C:\Windows\system32\config\default.rctemp
2019-03-19 22:29 - 2019-03-19 22:29 - 000045056 _____ C:\Windows\system32\config\sam.rctemp
2019-03-19 22:29 - 2019-03-19 22:29 - 000028672 _____ C:\Windows\system32\config\security.rctemp
2019-03-19 22:28 - 2019-03-19 22:28 - 000003654 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2019-03-19 22:06 - 2019-03-19 22:06 - 000008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2019-03-19 22:05 - 2019-03-20 22:58 - 002149019 _____ C:\Windows\ZAM.krnl.trace
2019-03-19 22:05 - 2019-03-20 22:58 - 000356125 _____ C:\Windows\ZAM_Guard.krnl.trace
2019-03-19 22:05 - 2019-03-19 22:05 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-03-19 22:05 - 2019-03-19 22:05 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-03-19 22:05 - 2019-03-19 22:05 - 000114040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-03-19 22:05 - 2019-03-19 22:05 - 000072864 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-03-19 20:48 - 2019-03-19 20:48 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-03-19 20:48 - 2019-03-19 20:48 - 000047800 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-03-19 20:48 - 2019-03-19 20:48 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-03-19 20:48 - 2019-03-19 20:48 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-03-14 18:02 - 2019-03-14 18:03 - 000000000 ____D C:\Users\Moya\AppData\Local\Intel
2019-03-14 18:02 - 2019-03-14 18:02 - 000000000 __SHD C:\Users\Moya\IntelGraphicsProfiles
2019-03-14 18:02 - 2019-03-14 18:02 - 000000000 ____D C:\ProgramData\Intel
2019-03-14 18:02 - 2019-03-14 18:02 - 000000000 ____D C:\Program Files\Intel
2019-03-14 18:02 - 2019-03-14 18:02 - 000000000 ____D C:\Intel
2019-03-14 18:02 - 2019-03-14 18:02 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2019-03-14 11:30 - 2019-03-14 11:31 - 000000000 ____D C:\AdwCleaner
2019-03-14 11:12 - 2019-03-14 11:12 - 000008192 _____ C:\Windows\system32\config\elam.rctemp
2019-03-14 02:27 - 2019-03-14 02:27 - 000000080 ___SH C:\bootTel.dat
2019-03-14 02:23 - 2019-03-14 02:23 - 026810368 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 024616960 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 023440896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 022114960 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 020814848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 019284480 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 019023872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 017520640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 015224320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 012857856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 012151296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 009683256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 009670656 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 008875008 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 007897088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 007883776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 007882240 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 007688088 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 007647256 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 007556392 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 007251456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 006548168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 006440960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 006309040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 006069760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 005915936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 005588184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 005566464 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 005436184 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 005296640 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 004920832 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 004883968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 004689408 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 004588744 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 004245280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 003983360 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 003923456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 003761664 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 003744256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 003729808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 003660288 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 003656192 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 003652656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 003566080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 003551408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 003504128 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 003427840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 003399168 _____ (Microsoft Corporation) C:\Windows\system32\MapRouter.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 003382272 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 003378488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 003108864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002942464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002926904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 002871312 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 002842112 _____ (Microsoft Corporation) C:\Windows\system32\MapGeocoder.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002776712 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002766648 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002752360 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002720768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 002700792 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002689536 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002637312 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 002630656 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002626360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 002488320 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 002469440 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002447360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapRouter.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002437344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002323688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002278240 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002275680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002199864 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002187776 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002141184 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppAgent.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002127360 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002073240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002044416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002021584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002013696 _____ C:\Windows\system32\rdpnano.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 002001408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapGeocoder.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001994760 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001969464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 001969152 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001931264 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001899160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001893888 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001884672 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001860608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001844448 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001830200 _____ (Microsoft Corporation) C:\Windows\system32\rdpserverbase.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001782272 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001760768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001751352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001742104 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001715712 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001711616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001701376 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001697744 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-03-14 02:23 - 2019-03-14 02:23 - 001672704 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001656832 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001644048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001641400 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001612600 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001604096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001590072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001572176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001563336 _____ (Microsoft Corporation) C:\Windows\system32\ttdrecordcpu.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001522488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001521664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001506816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001496064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001481488 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001479480 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001468440 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 001457544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001403920 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001360696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 001341880 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-03-14 02:23 - 2019-03-14 02:23 - 001332224 _____ (Microsoft Corporation) C:\Windows\system32\lpasvc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001331536 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001307648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001296576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001294856 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001289192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001272552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ttdrecordcpu.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001267712 _____ (Microsoft Corporation) C:\Windows\system32\APMon.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001259320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 001258808 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2019-03-14 02:23 - 2019-03-14 02:23 - 001256448 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001253688 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 001224704 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001221944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001221120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 001208320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001200920 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001199104 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001191512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001180248 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001179168 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 001177088 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CommonBridge.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001176064 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001131520 _____ (Microsoft Corporation) C:\Windows\system32\nettrace.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001121280 _____ (Microsoft Corporation) C:\Windows\system32\ApplySettingsTemplateCatalog.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 001098128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001087800 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001078072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Services.TargetedContent.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001077912 _____ (Microsoft Corporation) C:\Windows\system32\DolbyDecMFT.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001072720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001056272 _____ (Microsoft Corporation) C:\Windows\system32\pidgenx.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001054200 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 001052160 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001047040 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001043256 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 001022616 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001008128 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 001001472 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2019-03-14 02:23 - 2019-03-14 02:23 - 000981816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refsv1.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000955392 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000926208 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000918032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000908800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2019-03-14 02:23 - 2019-03-14 02:23 - 000902144 _____ (Microsoft Corporation) C:\Windows\system32\BingOnlineServices.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000895048 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000888320 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000888120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pidgenx.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000883712 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000871792 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000866152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DolbyDecMFT.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000865568 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000860160 _____ C:\Windows\system32\MBR2GPT.EXE
2019-03-14 02:23 - 2019-03-14 02:23 - 000850760 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000840192 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000836096 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000833064 _____ C:\Windows\system32\InputHost.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000831288 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000823296 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000817464 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000808464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000793088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000790328 _____ (Microsoft Corporation) C:\Windows\system32\upshared.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000782968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000775168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000773120 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000772608 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000772408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Services.TargetedContent.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000769536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000764216 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000762880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000760832 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.PrinterCustomActions.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000757664 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000745984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000743224 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000735760 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistCacheProvider.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000726416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingOnlineServices.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000714240 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000691712 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000684032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000680184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000661816 _____ (Microsoft Corporation) C:\Windows\system32\computecore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000655160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000652824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000651576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000649528 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000649272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000646656 _____ (Microsoft Corporation) C:\Windows\system32\w32time.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000646632 _____ (Microsoft Corporation) C:\Windows\system32\msvcp_win.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000642048 _____ (Microsoft Corporation) C:\Windows\system32\SharedRealitySvc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000622080 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnrSvc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000621568 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000619832 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000605496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000604336 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000599040 _____ (Microsoft Corporation) C:\Windows\system32\facecredentialprovider.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\dsound.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000591832 _____ C:\Windows\SysWOW64\InputHost.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfh264enc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000572416 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000566272 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000560128 _____ (Microsoft Corporation) C:\Windows\system32\mfh264enc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000553784 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000549376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000548864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000540672 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2019-03-14 02:23 - 2019-03-14 02:23 - 000531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000525312 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000519992 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000511800 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000508216 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000505656 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsound.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000495104 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\ResourceMapper.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000484976 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_enclave.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000479232 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000474936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-03-14 02:23 - 2019-03-14 02:23 - 000463672 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000460304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Picker.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000453944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000452096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cldflt.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000449368 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000449024 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000444728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000435712 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000421688 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000420864 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSh.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000419128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000414720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2019-03-14 02:23 - 2019-03-14 02:23 - 000411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000407552 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000404792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000402944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000395064 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000387832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000386872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000383288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000383288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000367616 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageHandlers.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000359424 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000355360 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDistSh.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000348160 _____ (Microsoft Corporation) C:\Windows\system32\BioCredProv.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000336744 _____ (Microsoft Corporation) C:\Windows\system32\AudioSrvPolicyManager.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Picker.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000330464 _____ (Microsoft Corporation) C:\Windows\system32\ttdwriter.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000322576 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MbbCx.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000279376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BioCredProv.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000272648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ttdwriter.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000264192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000263360 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000262456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\w32tm.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000246584 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistCleaner.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\smbwmiv2.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000224768 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000224256 _____ (Microsoft Corporation) C:\Windows\system32\ptpprov.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000214528 _____ (Microsoft Corporation) C:\Windows\system32\srumsvc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000211968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\SecureTimeAggregator.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000202552 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000196608 _____ (Microsoft Corporation) C:\Windows\system32\smartscreenps.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000195896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spacedump.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000181248 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000180736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srumsvc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000178688 _____ (Microsoft Corporation) C:\Windows\system32\winbio.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\ngctasks.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\spacebridge.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000174392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AppvVemgr.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000173568 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\SpatialAudioLicenseSrv.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000169784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000167424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spacebridge.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000156984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000156160 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000147968 _____ (Microsoft Corporation) C:\Windows\system32\srpapi.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000147256 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SpatialAudioLicenseSrv.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000138960 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000134144 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageLiveTileTask.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srpapi.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winbio.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000120832 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\DolbyMATEnc.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000115152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wldp.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000104248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000095544 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000095544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storqosflt.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000090424 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000071184 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Common.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\UevAppMonitor.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\CredentialMigrationHandler.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredentialMigrationHandler.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
#13
2019-03-14 02:23 - 2019-03-14 02:23 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000035640 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2019-03-14 02:23 - 2019-03-14 02:23 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\SecureBioSysprep.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys
2019-03-14 02:23 - 2019-03-14 02:23 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rfxvmt.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-03-14 02:23 - 2019-03-14 02:23 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-03-14 02:23 - 2019-03-14 02:23 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-03-14 02:23 - 2019-03-14 02:23 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-03-14 02:23 - 2019-03-14 02:23 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-03-14 02:23 - 2019-03-14 02:23 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-03-14 02:23 - 2019-03-14 02:23 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-03-14 02:23 - 2019-03-14 02:23 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-03-14 02:23 - 2019-03-14 02:23 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2019-03-14 02:20 - 2019-03-14 02:20 - 006021120 _____ C:\Windows\system32\config\drivers.rctemp
2019-03-14 02:09 - 2019-03-03 01:45 - 000835480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-03-14 02:09 - 2019-03-03 01:45 - 000179608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-14 01:27 - 2019-03-14 01:27 - 000002915 _____ C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
2019-03-14 01:27 - 2019-03-14 01:27 - 000000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2019-03-14 01:25 - 2019-03-14 01:25 - 000000000 ____D C:\Program Files (x86)\MSECACHE
2019-03-14 01:17 - 2019-03-14 01:17 - 000000260 _____ C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2019-03-14 01:17 - 2019-03-14 01:17 - 000000000 ____D C:\Windows\CSC
2019-03-13 22:48 - 2019-03-13 22:48 - 000030094 _____ C:\Users\Moya\Documents\13-03-2019.txt
2019-03-13 22:47 - 2019-03-13 22:47 - 000000000 ____D C:\Users\Moya\Documents\Kaspersky Password Manager
2019-03-13 12:10 - 2019-03-13 12:10 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-03-12 11:38 - 2019-03-12 11:38 - 003321728 _____ C:\Users\Moya\Desktop\ZHPCleaner (1).exe
2019-03-09 23:52 - 2019-03-20 15:29 - 000000000 ____D C:\Users\Moya\AppData\LocalLow\uTorrent
2019-03-09 23:42 - 2019-03-09 23:42 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2019-03-09 23:42 - 2019-03-09 23:42 - 000000142 _____ C:\Windows\system32\bootdelete.lst
2019-03-07 10:41 - 2019-03-07 11:08 - 000000000 ____D C:\Program Files (x86)\Epson Software
2019-03-07 10:40 - 2019-03-07 10:40 - 000000000 ____D C:\Program Files\EpsonNet
2019-03-07 10:40 - 2012-11-12 20:41 - 000535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll
2019-03-07 10:40 - 2012-11-12 20:41 - 000535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll
2019-03-07 10:40 - 2012-11-12 15:15 - 000558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll
2019-03-07 10:40 - 2012-11-12 15:15 - 000558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll
2019-03-07 10:40 - 2012-10-22 17:19 - 000219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll
2019-03-07 10:40 - 2012-10-22 17:19 - 000219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll
2019-03-07 10:39 - 2019-03-07 10:43 - 000000000 ____D C:\Program Files (x86)\epson
2019-03-07 10:39 - 2012-07-24 00:00 - 000466432 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2019-03-07 10:39 - 2011-12-12 00:00 - 000135824 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2019-03-06 00:12 - 2019-03-06 00:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2019-03-06 00:12 - 2019-03-06 00:29 - 000000000 ____D C:\Program Files (x86)\KeyScrambler
2019-03-05 22:49 - 2019-03-05 22:49 - 000000436 _____ C:\Users\Moya\AppData\Roaming\DNGProfileManager
2019-03-05 20:06 - 2019-03-13 21:38 - 000000000 ____D C:\Users\Moya\.Synkron
2019-03-05 20:06 - 2019-03-05 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synkron
2019-03-05 20:06 - 2019-03-05 20:06 - 000000000 ____D C:\Program Files (x86)\Synkron
2019-03-05 18:11 - 2019-03-05 19:46 - 000000000 ____D C:\Windows\System32\Tasks\Yamicsoft
2019-03-02 00:23 - 2019-03-02 00:23 - 000003474 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2019-03-02 00:23 - 2010-12-06 03:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2019-03-01 13:17 - 2019-03-05 19:54 - 000000000 ____D C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-01 13:17 - 2019-03-05 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-01 12:32 - 2019-03-01 12:32 - 000000000 ____D C:\Program Files\onOne Software
2019-03-01 12:32 - 2014-05-08 21:58 - 000070768 _____ (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
2019-03-01 12:32 - 2014-05-08 21:58 - 000070768 _____ (Nalpeiron Ltd.) C:\Windows\system32\nlssrv32.exe
2019-03-01 12:22 - 2019-03-01 12:22 - 000001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2019.lnk
2019-03-01 01:19 - 2019-03-01 01:19 - 000000000 ___HD C:\temp
2019-02-27 19:14 - 2019-02-27 19:14 - 000000000 ____D C:\Users\URET TEAM\AppData\Roaming\onOne Software
2019-02-27 19:13 - 2019-03-01 12:32 - 000000000 ____D C:\Program Files (x86)\onOne Software
2019-02-27 19:13 - 2019-02-27 19:13 - 000000000 ____D C:\Users\URET TEAM\AppData\Roaming\Adobe
2019-02-24 23:25 - 2019-02-24 23:25 - 000000000 ____D C:\Users\Moya\AppData\Roaming\Acronis
2019-02-24 23:24 - 2019-02-24 23:24 - 001310552 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2019-02-24 23:24 - 2019-02-24 23:24 - 000690520 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tnd.sys
2019-02-24 23:24 - 2019-02-24 23:24 - 000479064 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_protector.sys
2019-02-24 23:24 - 2019-02-24 23:24 - 000378712 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys
2019-02-24 23:24 - 2019-02-24 23:24 - 000370008 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
2019-02-24 23:24 - 2019-02-24 23:24 - 000324952 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\virtual_file.sys
2019-02-24 23:24 - 2019-02-24 23:24 - 000213336 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
2019-02-24 23:24 - 2019-02-24 23:24 - 000181592 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv2275.sys
2019-02-24 23:24 - 2019-02-24 23:24 - 000181592 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2019-02-24 23:24 - 2019-02-24 23:24 - 000001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image.lnk
2019-02-24 23:24 - 2019-02-24 23:24 - 000001293 _____ C:\Users\Public\Desktop\Acronis True Image.lnk
2019-02-24 23:24 - 2019-02-24 23:24 - 000000000 ____D C:\ProgramData\Acronis Mobile Backup Data
2019-02-24 23:24 - 2019-02-24 23:24 - 000000000 ____D C:\Program Files (x86)\Acronis
2019-02-24 23:23 - 2019-02-24 23:23 - 000003526 _____ C:\Windows\System32\Tasks\{382206AF-3B40-4179-A5AB-6282A401826A}
2019-02-24 23:21 - 2019-03-01 12:58 - 000000000 ____D C:\Users\Moya\Desktop\TrueImageReadme
2019-02-24 23:19 - 2019-03-01 13:03 - 000000000 ____D C:\ProgramData\Acronis
2019-02-24 22:48 - 2019-02-24 22:48 - 000000000 ____D C:\ProgramData\Camera Bits, Inc
2019-02-24 22:46 - 2019-02-24 22:46 - 000000000 ____D C:\Users\Moya\AppData\Roaming\Camera Bits, Inc
2019-02-24 22:43 - 2019-02-24 22:43 - 000000934 _____ C:\Users\Public\Desktop\Photo Mechanic 5.lnk
2019-02-24 22:43 - 2019-02-24 22:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Mechanic 5
2019-02-24 22:43 - 2019-02-24 22:43 - 000000000 ____D C:\Program Files (x86)\Camera Bits
2019-02-24 22:43 - 2012-11-07 17:43 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2019-02-24 22:43 - 2012-11-07 17:43 - 000348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2019-02-24 22:43 - 2012-11-07 17:43 - 000324096 _____ () C:\Windows\SysWOW64\SDL.dll
2019-02-24 22:43 - 2012-11-07 17:43 - 000324096 _____ () C:\Windows\system32\SDL.dll
2019-02-24 22:43 - 2012-11-07 17:43 - 000143360 _____ (Camera Bits, Inc.) C:\Windows\system32\PMAutoplay.exe
2019-02-24 22:43 - 2011-06-11 02:58 - 004422992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc100u.dll
2019-02-24 22:43 - 2011-06-11 02:58 - 000055120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc100enu.dll
2019-02-24 22:43 - 2011-06-11 01:58 - 000773968 _____ C:\Windows\SysWOW64\MSVCR100.dll
2019-02-24 22:43 - 2011-06-11 01:58 - 000421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2019-02-24 22:23 - 2019-02-24 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-02-24 19:38 - 2019-02-24 20:26 - 000000428 _____ C:\Windows\Tasks\X-Rite Device Services Software Updater.job
2019-02-24 19:38 - 2019-02-24 19:38 - 000003024 _____ C:\Windows\System32\Tasks\X-Rite Device Services Software Updater
2019-02-24 16:42 - 2019-02-24 16:42 - 000002013 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-02-24 13:06 - 2019-02-24 13:07 - 000001360 ____H C:\Windows\Tasks\{279FBE9F-5D86-4257-A776-25C69491039B}.job
2019-02-24 13:06 - 2019-02-24 13:06 - 000003654 _____ C:\Windows\System32\Tasks\{279FBE9F-5D86-4257-A776-25C69491039B}
2019-02-24 12:35 - 2019-02-24 12:35 - 000000000 ____D C:\ProgramData\SafeNet Sentinel
2019-02-24 12:35 - 2018-11-29 14:57 - 003614832 _____ (SafeNet, Inc.) C:\Windows\system32\hasplmv.exe
2019-02-24 12:30 - 2006-12-20 11:55 - 003066968 _____ (Aladdin Knowledge Systems.) C:\Windows\SysWOW64\hinstd.dll
2019-02-24 12:30 - 2006-12-20 10:00 - 002511360 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\haspds_windows.dll
2019-02-24 12:30 - 2006-12-20 10:00 - 000671112 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\hdinst_windows.dll
2019-02-24 12:30 - 2006-11-30 11:06 - 000069632 _____ (Aladdin Knowledge Systems) C:\Windows\SysWOW64\hasp_inst_help1.dll
2019-02-24 12:30 - 2005-09-06 17:06 - 000028672 _____ C:\Windows\SysWOW64\hlduinst.exe
2019-02-24 12:30 - 2002-07-26 17:02 - 000153088 _____ C:\Windows\SysWOW64\UNWISE.EXE
2019-02-21 23:33 - 2019-02-21 23:33 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2019-02-21 23:26 - 2019-02-21 23:26 - 005086208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 004627456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 001671864 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 001467560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 000982576 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 000765960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 000461824 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 000047136 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2019-02-21 23:26 - 2019-02-21 23:26 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\npmproxy.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 000039304 _____ (Microsoft Corporation) C:\Windows\system32\NtlmShared.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 000033056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NtlmShared.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2019-02-21 23:26 - 2019-02-21 23:26 - 000000072 _____ C:\Windows\system32\edgehtmlpluginpolicy.bin
2019-02-21 23:14 - 2019-02-21 23:14 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-02-21 22:57 - 2019-02-21 22:57 - 000000000 ____D C:\Users\Moya\AppData\Local\VS Revo Group
2019-02-21 22:57 - 2019-02-21 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2019-02-21 22:57 - 2019-02-21 22:57 - 000000000 ____D C:\Program Files\VS Revo Group
2019-02-21 22:57 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2019-02-21 22:46 - 2009-09-24 15:07 - 000051600 _____ (Thesycon GmbH, Germany) C:\Windows\system32\Drivers\i1iSis_x64.sys
2019-02-21 22:46 - 2009-09-24 15:07 - 000051600 _____ (Thesycon GmbH, Germany) C:\Windows\system32\Drivers\i1iO2_x64.sys
2019-02-21 22:46 - 2009-09-24 15:07 - 000051600 _____ (Thesycon GmbH, Germany) C:\Windows\system32\Drivers\i1_x64.sys
2019-02-21 22:46 - 2009-09-24 15:07 - 000007808 _____ (GretagMacbeth LLC) C:\Windows\system32\Drivers\i1display_x64.sys
2019-02-21 19:46 - 2019-02-21 19:46 - 000301336 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2019-02-21 19:45 - 2019-02-21 19:46 - 000198464 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2019-02-21 19:45 - 2019-02-21 19:45 - 000244544 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2019-02-21 19:45 - 2019-02-21 19:45 - 000116096 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2019-02-19 12:27 - 2019-02-19 12:27 - 000182832 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv2310.sys
2019-02-19 10:45 - 2019-03-15 14:14 - 000000000 ____D C:\Users\Moya\AppData\Local\Spotify
2019-02-19 10:45 - 2019-02-19 10:45 - 000001884 _____ C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2019-02-19 10:44 - 2019-03-15 14:04 - 000000000 ____D C:\Users\Moya\AppData\Roaming\Spotify
2019-02-19 10:30 - 2019-02-19 00:25 - 000001681 _____ C:\Windows\system32\Drivers\etc\hosts.backup
2019-02-19 10:07 - 2019-02-27 19:14 - 000000000 ____D C:\Users\URET TEAM
2019-02-19 10:07 - 2019-02-19 10:07 - 000000000 ____D C:\Users\URET TEAM\AppData\Local\VS Revo Group
2019-02-18 23:25 - 2019-02-18 23:25 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-18 23:25 - 2019-02-18 23:25 - 000002123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-20 22:58 - 2018-06-25 01:28 - 000000000 ____D C:\ProgramData\Adguard
2019-03-20 22:57 - 2018-06-08 20:15 - 000000000 ____D C:\Users\Moya\AppData\Roaming\uTorrent
2019-03-20 22:56 - 2018-06-08 16:23 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-03-20 22:49 - 2019-01-11 05:13 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-03-20 22:18 - 2018-06-09 13:02 - 000000000 ____D C:\Users\Moya\AppData\LocalLow\Mozilla
2019-03-20 20:27 - 2018-10-25 11:29 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-03-20 20:26 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-20 16:01 - 2018-12-09 18:11 - 000000000 ____D C:\Users\Moya\Doctor Web
2019-03-20 07:26 - 2019-01-11 05:24 - 000000000 ____D C:\Users\Moya
2019-03-20 07:26 - 2018-06-08 20:56 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2019-03-20 00:24 - 2018-06-10 20:26 - 000000000 ____D C:\Users\Moya\AppData\Local\ElevatedDiagnostics
2019-03-19 23:26 - 2018-07-04 00:46 - 000000000 ____D C:\Users\Moya\AppData\Roaming\ZHP
2019-03-19 22:54 - 2018-06-21 13:22 - 000000000 ____D C:\Program Files\HitmanPro
2019-03-19 22:11 - 2019-01-11 05:26 - 000005810 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-19 22:11 - 2018-09-15 17:37 - 000866790 _____ C:\Windows\system32\perfh00A.dat
2019-03-19 22:11 - 2018-09-15 17:37 - 000179410 _____ C:\Windows\system32\perfc00A.dat
2019-03-19 22:06 - 2018-06-08 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2019-03-19 22:05 - 2019-01-11 05:28 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-19 22:05 - 2018-09-15 07:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-03-19 22:05 - 2018-06-25 01:28 - 000000000 ____D C:\Program Files (x86)\Adguard
2019-03-19 22:05 - 2018-06-16 22:35 - 000000000 ____D C:\Program Files (x86)\StopUpdates10
2019-03-19 22:05 - 2018-06-11 23:15 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-03-19 21:51 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2019-03-19 21:49 - 2019-02-09 00:18 - 000000000 ____D C:\Program Files\Microsoft Office
2019-03-15 13:51 - 2018-06-08 17:03 - 000000000 ____D C:\Users\Moya\AppData\Local\DisplayFusion
2019-03-14 18:02 - 2019-01-26 11:17 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-03-14 11:08 - 2018-06-10 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Rite
2019-03-14 11:08 - 2018-06-10 12:51 - 000000000 ____D C:\Program Files (x86)\X-Rite
2019-03-14 02:29 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2019-03-14 02:29 - 2018-06-08 16:04 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-03-14 02:29 - 2018-06-08 16:04 - 000000000 ___RD C:\Users\Moya\3D Objects
2019-03-14 02:27 - 2019-01-11 05:13 - 000465968 _____ C:\Windows\system32\FNTCACHE.DAT
2019-03-14 02:26 - 2018-09-15 17:40 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-03-14 02:26 - 2018-09-15 08:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-03-14 02:26 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\TextInput
2019-03-14 02:26 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\oobe
2019-03-14 02:26 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\appraiser
2019-03-14 02:26 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\ShellExperiences
2019-03-14 02:26 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\bcastdvr
2019-03-14 02:24 - 2018-09-15 08:23 - 000000000 ____D C:\Windows\CbsTemp
2019-03-14 02:23 - 2019-01-11 05:15 - 002865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2019-03-14 02:00 - 2019-01-11 23:58 - 000000000 ____D C:\Windows\Panther
2019-03-14 01:54 - 2018-09-15 07:09 - 000008192 _____ C:\Windows\system32\config\ELAM
2019-03-14 01:45 - 2018-06-08 16:23 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-03-13 21:35 - 2018-08-05 23:30 - 000000000 ____D C:\Users\Moya\AppData\Roaming\FileZilla
2019-03-13 21:35 - 2018-06-08 17:39 - 000000000 ____D C:\Users\Moya\AppData\Roaming\vlc
2019-03-13 21:34 - 2018-08-05 23:30 - 000000000 ____D C:\Users\Moya\AppData\Local\FileZilla
2019-03-13 11:43 - 2018-06-08 20:56 - 000001172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2019-03-12 22:06 - 2019-01-11 05:28 - 000004624 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-03-12 22:06 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-03-12 22:06 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\Macromed
2019-03-07 21:20 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-03-07 17:01 - 2018-06-10 12:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2019-03-07 10:43 - 2018-06-08 16:56 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-03-07 10:39 - 2018-06-10 12:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2019-03-07 10:35 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-03-06 18:14 - 2018-06-10 15:04 - 000000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2019-03-06 00:34 - 2018-06-08 17:37 - 000000000 ____D C:\Users\Moya\AppData\Local\CrashDumps
2019-03-05 23:44 - 2018-06-09 13:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-05 23:44 - 2018-06-08 16:52 - 000000000 ____D C:\Program Files\WinRAR
2019-03-05 19:54 - 2018-06-09 13:02 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-03-05 19:54 - 2018-06-09 13:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-03-05 19:53 - 2018-11-29 10:34 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-04 22:05 - 2018-06-08 21:38 - 000000000 ____D C:\Users\Moya\AppData\Local\D3DSCache
2019-03-04 11:04 - 2018-06-09 16:31 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2019-03-04 11:01 - 2018-06-08 16:04 - 000000000 ____D C:\Users\Moya\AppData\Local\Packages
2019-03-02 08:32 - 2018-06-08 17:09 - 000000000 ____D C:\Users\Moya\AppData\Local\Adobe
2019-03-01 16:57 - 2018-06-08 17:10 - 000000000 ____D C:\Program Files\Adobe
2019-03-01 12:49 - 2018-06-08 17:21 - 000000000 ____D C:\Users\Moya\AppData\Roaming\Google
2019-03-01 12:32 - 2018-08-30 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software
2019-03-01 12:32 - 2018-06-12 21:23 - 000000000 ____D C:\ProgramData\onOne Software
2019-03-01 12:22 - 2018-08-30 17:03 - 000000000 ____D C:\Users\Moya\Documents\Adobe
2019-03-01 12:22 - 2018-06-08 16:04 - 000000000 ____D C:\Users\Moya\AppData\Roaming\Adobe
2019-03-01 12:18 - 2019-02-11 19:27 - 000000000 ____D C:\Program Files\Common Files\Topaz Labs
2019-03-01 12:17 - 2019-02-15 06:04 - 000000000 ____D C:\Users\Moya\AppData\Roaming\ON1
2019-03-01 01:36 - 2019-01-26 11:19 - 000000000 ____D C:\Windows\Minidump
2019-03-01 01:21 - 2018-06-08 17:09 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-03-01 01:19 - 2018-06-08 17:09 - 000000000 ____D C:\ProgramData\Adobe
2019-02-27 19:35 - 2018-06-10 12:51 - 000000000 ____D C:\Users\Moya\AppData\Roaming\X-Rite
2019-02-24 22:53 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\NDF
2019-02-24 22:23 - 2018-06-08 17:00 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2019-02-24 22:12 - 2018-08-24 13:15 - 000000000 ____D C:\Program Files (x86)\MonitorSoftware
2019-02-24 20:34 - 2018-06-08 16:06 - 000000000 ___RD C:\Users\Moya\OneDrive
2019-02-24 16:42 - 2019-01-24 09:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-02-24 12:52 - 2018-06-10 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pantone Color Manager
2019-02-24 12:52 - 2018-06-10 12:58 - 000000000 ____D C:\Program Files (x86)\Pantone Color Manager
2019-02-24 12:43 - 2018-06-10 12:51 - 000000000 ____D C:\ProgramData\X-Rite
2019-02-24 12:35 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\setup
2019-02-23 21:18 - 2018-06-08 17:10 - 000000000 ____D C:\Program Files\Common Files\Adobe
2019-02-23 21:14 - 2018-06-08 17:19 - 000000000 ___RD C:\Users\Moya\Creative Cloud Files
2019-02-23 21:05 - 2018-06-08 16:05 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-21 20:46 - 2019-01-26 19:32 - 000002886 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-02-21 20:46 - 2018-06-11 22:43 - 000000000 ____D C:\Program Files\CCleaner
2019-02-19 00:20 - 2019-01-23 00:26 - 000000000 ____D C:\Program Files (x86)\OCCTPT
2019-02-19 00:19 - 2018-06-12 21:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imagenomic
2019-02-19 00:19 - 2018-06-12 21:27 - 000000000 ____D C:\Program Files (x86)\Imagenomic

==================== Files in the root of some directories =======

2018-06-25 01:29 - 2019-01-11 05:25 - 000000260 _____ () C:\ProgramData\fontcacheev1.dat
2019-03-05 22:49 - 2019-03-05 22:49 - 000000436 _____ () C:\Users\Moya\AppData\Roaming\DNGProfileManager
2018-09-28 13:43 - 2018-09-28 13:43 - 000000000 _____ () C:\Users\Moya\AppData\Local\oobelibMkey.log
2018-08-24 13:24 - 2018-08-24 13:24 - 000000000 _____ () C:\Users\Moya\AppData\Local\{5B91C30A-FE62-4732-B467-F2D3FCB0249D}

Some files in TEMP:
====================
2019-03-20 07:26 - 2019-03-20 07:26 - 000000000 _____ () C:\Users\Moya\AppData\Local\Temp\KeyScrambler_Update4d9be28eb30ba74.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
#14
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Moya (20-03-2019 22:58:51)
Running from C:\Users\Moya\Desktop
Windows 10 Pro Version 1809 17763.379 (X64) (2019-01-11 04:28:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1839582078-2959218616-3469933489-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1839582078-2959218616-3469933489-503 - Limited - Disabled)
Invitado (S-1-5-21-1839582078-2959218616-3469933489-501 - Limited - Enabled)
Moya (S-1-5-21-1839582078-2959218616-3469933489-1001 - Administrator - Enabled) => C:\Users\Moya
WDAGUtilityAccount (S-1-5-21-1839582078-2959218616-3469933489-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Kaspersky Total Security (Disabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Total Security (Disabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8GadgetPack (HKLM-x32\...\{AEF55727-E650-4061-856B-A7951E50E53A}) (Version: 27.0.0 - 8GadgetPack.net)
AdGuard (HKLM-x32\...\{563cb78b-7933-497a-94cd-3d17707fabe1}) (Version: 6.4.1814.4903 - Adguard Software Ltd)
AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 6.4.1814.4903 - Adguard Software Ltd) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.89 - Adobe Systems Incorporated)
Adobe Bridge CC 2019 (HKLM-x32\...\KBRG_9_0_2) (Version: 9.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_1) (Version: 8.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_3) (Version: 20.0.3 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.01.61 - ASUSTeK Computer Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.50 - Advanced Micro Devices, Inc.)
Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
ColorChecker Passport 1.1.1 (HKLM-x32\...\ColorChecker Passport_is1) (Version: 1.1.1 - X-Rite)
Desinstalar impresora EPSON WF-3520 Series (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
DisplayFusion 9.4.3 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 9.4.3.0 - Binary Fortress Software)
DNG ProfileManager 1.0.3 (HKLM-x32\...\DNG ProfileManager_is1) (Version:  - X-Rite)
Dropbox (HKLM-x32\...\Dropbox) (Version: 69.4.102 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Encore ENMVG-2 (HKLM-x32\...\{F60B8CC3-561F-47BE-B1F9-8F208617B830}) (Version: 1.00.0000 - Encore)
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.1 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Manual de red WF-3520 Series (HKLM-x32\...\WF-3520 Series Netg) (Version:  - )
Epson Manual de usuario WF-3520 Series (HKLM-x32\...\WF-3520 Series Useg) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FastStone Image Viewer 6.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.9 - FastStone Soft)
FileZilla Client 3.40.0 (HKLM-x32\...\FileZilla Client) (Version: 3.40.0 - Tim Kosse)
Glary Utilities PRO 5.115 (HKLM-x32\...\Glary Utilities 5) (Version: 5.115.0.140 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Hardlock Device Drivers (HKLM-x32\...\Hardlock Device Drivers) (Version:  - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
HWiNFO64 Version 5.90 (HKLM\...\HWiNFO64_is1) (Version: 5.90 - Martin Malík - REALiX)
i1Profiler (HKLM-x32\...\i1Profiler_is1) (Version: 1.8.1.8025 - X-Rite)
Imagenomic Noiseware 5.0.2 Plug-in (build 5020) (HKLM\...\ImagenomicNoisewarePlugin) (Version:  - )
Imagenomic Portraiture 3 Plug-in (build 3027) (HKLM\...\Portraiture 3_is1) (Version: 3027 - Team V.R)
IrfanView 4.52 (64-bit) (HKLM\...\IrfanView64) (Version: 4.52 - Irfan Skiljan)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Kaspersky Password Manager (HKLM-x32\...\{457FD841-CFA4-484B-B2FC-A471D080B56E}) (Version: 9.0.1.447 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.12.0.1 - QFX Software Corporation)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11328.20158 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 65.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0.2 (x64 en-US)) (Version: 65.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.2 - Mozilla)
MSI Afterburner 4.5.0 (HKLM-x32\...\Afterburner) (Version: 4.5.0 - MSI Co., LTD)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
Pantone Color Manager 2.1.0 (HKLM-x32\...\Pantone Color Manager_is1) (Version:  - PANTONE)
Paquete Dolby Digital Live (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Photo Mechanic 5 (HKLM-x32\...\{DE924CF0-B8BB-42BA-BDA0-14535F79DF3F}) (Version: 5.0 - Camera Bits, Inc)
PhotoSync (HKLM\...\PhotoSync) (Version: 3.3.6 - touchbyte GmbH)
Quick Startup 5.10.1.142 (HKLM-x32\...\Quick Startup) (Version: 5.10.1.142 - Glarysoft Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8549 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 4.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.0.5 - VS Revo Group, Ltd.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.2.1.1780 - Samsung Electronics)
SanDisk SSD Dashboard (HKLM-x32\...\SanDisk SSD Dashboard) (Version: 2.3.3.0 - SanDisk | a Western Digital brand)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SmartPSS 2.01.0 (HKLM-x32\...\SmartPSS) (Version: 2.01.0 - )
Sound Blaster Z-Series (HKLM-x32\...\{4C6CD3EB-BC0F-4B59-B20C-26BD766166E1}) (Version: 1.01.08 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\...\Spotify) (Version: 1.1.1.348.g9064793a - Spotify AB)
StopUpdates10 versión 2.0.34 (HKLM-x32\...\{C186B659-50F8-4F40-9822-2B1163AAAEF2}_is1) (Version: 2.0.34 - Greatis Software)
Synkron 1.6.2 (HKLM-x32\...\Tomlein.Synkron_is1) (Version: 1.6.2 - Mat√ļŇ° Tomlein)
T230 Driver Install (HKLM-x32\...\{4D32FA82-AC56-4592-9EC5-90FACFB17DE5}) (Version: 1.31.1145.0 - Geniatech) Hidden
T230 Driver Install (HKLM-x32\...\InstallShield_{4D32FA82-AC56-4592-9EC5-90FACFB17DE5}) (Version: 1.31.1145.0 - Geniatech)
Telegram Desktop versión 1.5.15 (HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.5.15 - Telegram Messenger LLP)
Topaz DeNoise 6 (HKLM-x32\...\Topaz DeNoise 6) (Version: 6.0.1 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.2.0 - Topaz Labs, LLC)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Unlocker 1.9.0 (HKLM-x32\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-6) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{490aca2d-0bcf-4d7d-bfb8-c6785e2ba5f3}) (Version: 2.0.0.48 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{CC0FD183-6E59-4D9C-87A9-5055814C3E90}) (Version: 2.0.0.48 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{BA764987-FF57-40BA-AD08-61F9C556ACBF}) (Version: 2.4.21.1 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{2895E7A2-1926-494B-99A2-0ED7A84397A0}) (Version: 2.4.21.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{5be946d0-7ba1-41b6-808a-0e7f2b7cb4a8}) (Version: 2.4.21.1 - Western Digital Technologies, Inc.)
Who Is On My Wifi version 2.1.3 (HKLM-x32\...\{010D45A1-093D-4534-8147-4E10E80F81CC}_is1) (Version: 2.1.3 - IO3O LLC)
Windows 10 Manager (HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\...\Windows 10 Manager 2.3.9) (Version: 2.3.9 - Yamicsoft)
Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Winpower (HKLM-x32\...\Winpower) (Version: 5.3.0.3 - )
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Wise Memory Optimizer 3.6.4 (HKLM-x32\...\Wise Memory Optimizer_is1) (Version: 3.6.4 - WiseCleaner.com, Inc.)
X-Rite Device Services Manager (HKLM\...\{95158828-CB92-4CD2-B85C-1B280CC6167D}) (Version: 3.1.7.6 - X-Rite)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1839582078-2959218616-3469933489-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Moya\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1839582078-2959218616-3469933489-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Moya\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1839582078-2959218616-3469933489-1001_Classes\CLSID\{2D7E1637-7BD7-0F38-ED4B-0E6D142D0F0A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1839582078-2959218616-3469933489-1001_Classes\CLSID\{467990BB-AB94-0A28-E1E7-83FDDD49075B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1839582078-2959218616-3469933489-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => E:\Dropbox [2019-03-14 01:36]
ShellIconOverlayIdentifiers: [     AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [     AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [     AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [     AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers-x32: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-06-08] (Zemana Ltd. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-01-01] (Notepad++ -> )
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-11-29] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [PhotoSyncShellExtension] -> {cd400ee5-8d91-38f2-b2e2-e82242b6d328} => C:\Program Files\PhotoSync\PhotoSyncShellExtension.DLL [2019-01-17] (touchbyte GmbH) [File not signed]
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-11-29] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3-x32: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files (x86)\Unlocker\UnlockerCOM.dll [2010-07-04] () [File not signed]
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-11-29] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [PhotoSyncShellExtension] -> {cd400ee5-8d91-38f2-b2e2-e82242b6d328} => C:\Program Files\PhotoSync\PhotoSyncShellExtension.DLL [2019-01-17] (touchbyte GmbH) [File not signed]
ContextMenuHandlers4: [PMShellExt] -> {D33CAA34-6010-4798-A3A3-11600C03EDDB} => C:\Program Files (x86)\Camera Bits\Photo Mechanic 5\PMShellMenu.dll [2014-07-11] (Camera Bits, Inc.) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-12-17] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_8a9535cd18c90bc3\igfxDTCM.dll [2018-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-06-08] (Zemana Ltd. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-01-23] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\ShellEx.dll [2018-11-29] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2018-09-06] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6-x32: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files (x86)\Unlocker\UnlockerCOM.dll [2010-07-04] () [File not signed]
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {024268C1-CD57-4AFE-9A51-10E03E4513B4} - System32\Tasks\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97} => C:\Users\Moya\AppData\Local\Temp\is-J5DS7.tmp\XRD Manager.exe <==== ATTENTION
Task: {03678160-1B4A-4AAE-A572-44E410FC8660} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {0708ED04-23C0-441A-A10F-5529EC78EE30} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {09BD1AEA-FDD7-4A15-AAFF-739B4D0C5D07} - System32\Tasks\hwinfo64 => C:\Program Files\HWiNFO64\HWiNFO64.EXE (Martin Malik - REALiX -> REALiX) <==== ATTENTION
Task: {0A055CC9-3A4E-461D-933F-5FF3930F1FB2} - System32\Tasks\{279FBE9F-5D86-4257-A776-25C69491039B} => C:\Users\Moya\AppData\Local\Temp\is-GTVAT.tmp\XRD Manager.exe <==== ATTENTION
Task: {1735707D-9FD2-4CC7-A936-670F51A10524} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {224DC6D5-2FFB-4F7A-AA1E-568BECC9B334} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {29F34AFA-D037-4645-805C-51B4B1CAB745} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2B74EBB1-CE2E-449E-9454-1666607E6AF5} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe (ASUSTeK Computer Inc. -> )
Task: {30E9D51A-2BDC-43F2-9BEB-F52C80FAC8E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {3280BA7F-2C2F-49B7-AC3E-85B55D0F37D1} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {3EB99703-7E12-4383-A57D-742352918B8D} - System32\Tasks\Translucent => C:\Users\Moya\Desktop\barra tareas traslucida\TranslucentTB.2017.2\TranslucentTB.exe () [File not signed]
Task: {41605B9A-0AC0-4257-A541-525FE925571D} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {48E37BFA-3281-4BD0-B40D-9B5E3470B99E} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe (ASUSTeK Computer Inc. -> )
Task: {49610A4E-4D7A-4324-93BD-62B4A707AF5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {49A79219-8145-4071-9858-043BD1BBDE0F} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {52C0E097-9957-405D-B634-396E09446305} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed]
Task: {570F2C1B-0BDE-4854-9DB9-62436FB5F07C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6249DE2E-99C1-4B26-8B90-248DC80C4157} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {654A091D-FA52-4CF5-A564-9F2E6412378F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {65A58556-3C02-47A8-9766-B01AEF2DB18F} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe (Glarysoft LTD -> Glarysoft Ltd)
Task: {65C8E660-E076-48A9-A5DD-CF539885FA6F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6826271F-0456-445E-9F69-E95CCC37A018} - System32\Tasks\Actualización del sistema del Navegador Yandex => C:\Program Files (x86)\Yandex\YandexBrowser\18.7.0.2695\service_update.exe
Task: {70C38055-77E5-49C1-8248-CD620691AAE3} - System32\Tasks\Barra trasl√ļcida => C:\Users\Moya\Desktop\barra tareas traslucida\TranslucentTB.2017.2\TranslucentTB.exe () [File not signed]
Task: {721E0DAE-1F4B-40CA-9537-67FAC4A7FB53} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {733F6CB5-39A3-4D9A-8E10-95793AD6ED72} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {7B84CFF4-6A5A-45D9-9F12-959748D1A5BD} - System32\Tasks\TranslucentTB => C:\Users\Moya\Desktop\barra tareas traslucida\TranslucentTB.2017.2\TranslucentTB.exe () [File not signed]
Task: {8E47DAA8-BA7A-489F-9C84-9F63E35A8F7F} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe (X-Rite Incorporated -> X-Rite Inc.)
Task: {953E6F46-3FAD-4FEE-BD47-1C157C137CF6} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {96B8486D-FEBE-4856-BCC4-C8B8748F7361} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AA878659-0A45-421E-945A-A6AEE51CBF78} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {B04633B1-2109-414A-8859-037B3C185600} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B8B43AC7-9ACA-425C-ADCA-0C787874FDCC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CC419EBF-5F23-4ADA-8DE6-9D94E0E35A02} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {D48EA01B-22E6-40FB-A239-A3DFB5F253E0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {E2943627-8893-4414-83C6-C478C69848DC} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {E3E8FC28-5E82-46B8-BF08-39DDA8DC2159} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {EF74B7C6-2296-4097-9C26-074DEF414EBF} - System32\Tasks\{382206AF-3B40-4179-A5AB-6282A401826A} => C:\Users\Moya\AppData\Local\Temp\F6676A67-3867-4FDE-AB2E-4E4867F2F5E2\ga_service.exe <==== ATTENTION
Task: {F28E03BD-73EA-4A8C-810D-23A440D07D9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {F7B7ED5D-B8B1-478D-A00D-B340D21227E8} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-60GLB5A-Moya => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {FC9B2206-494D-4229-A3E9-B0F61E53D965} - System32\Tasks\HWiNFO => C:\Program Files\HWiNFO64\HWiNFO64.EXE (Martin Malik - REALiX -> REALiX)
Task: {FE543E03-E086-475A-9486-AEE10E358AED} - System32\Tasks\Actualización del Navegador Yandex => C:\Users\Moya\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Actualización del Navegador Yandex.job => C:\Users\Moya\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\Windows\Tasks\Actualización del sistema del Navegador Yandex.job => C:\Program Files (x86)\Yandex\YandexBrowser\18.7.0.2695\service_update.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe
Task: C:\Windows\Tasks\{279FBE9F-5D86-4257-A776-25C69491039B}.job => C:\Users\Moya\AppData\Local\Temp\is-GTVAT.tmp\XRD Manager.exeȎ/exenoupdates  /exelang 3082 /noprereqs  /qr   AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE E:\ TRANSFORMS=:3082 AI_PREREQFILES=C:\Users\Moya\AppData\Local\Temp\{279FBE9F-5D86-4257-A776-25C69491039B}\drivers64.msi AI_PREREQDIRS=C:\Users\Moya\AppData\Local\Temp AI_SETUPEXEPATH=C:\Users\Moya\AppData\Local\Temp\is-GTVAT.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\Moya\AppData\Local\Temp\is-GTVAT.tmp <==== ATTENTION
Task: C:\Windows\Tasks\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}.job => C:\Users\Moya\AppData\Local\Temp\is-J5DS7.tmp\XRD Manager.exe»Ę/exenoupdates  /noprereqs  /qr   AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE E:\ AI_PREREQFILES=C:\Users\Moya\AppData\Local\Temp\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}\drivers64.msi AI_PREREQDIRS=C:\Users\Moya\AppData\Local\Temp OLDPRODUCTS={AB15D468-EFFC-43A8-883B-4B31BC7E3D07} AI_SETUPEXEPATH=C:\Users\Moya\AppData\Local\Temp\is-J5DS7.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\Moya\AppData\Local\Temp\is-J5DS7.tmp <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Photo Transfer App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fjfbkbdcdmafppmmeajldfnkjllemkej

==================== Loaded Modules (Whitelisted) ==============

2019-03-07 10:40 - 2012-11-12 15:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2019-03-07 10:40 - 2012-10-22 17:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll
2018-08-24 13:15 - 2018-08-24 13:15 - 000114688 _____ (Macrovision) [File not signed] C:\Program Files (x86)\MonitorSoftware\monitor.exe
2017-12-17 15:06 - 2017-12-17 15:06 - 000155688 _____ (AMD PMP-PE CB Code Signer v20170331 -> Advanced Micro Devices, Inc.) [File not signed] C:\Windows\SYSTEM32\amdihk64.dll
2019-01-11 16:15 - 2018-09-21 20:31 - 000633856 _____ (Helmut Buhler) [File not signed] C:\Program Files\Windows Sidebar\dwmapi.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000013824 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\es_es\Acrobat Elements\ContextMenuShim64.esp
2019-02-12 00:16 - 2017-01-12 18:41 - 000563712 _____ () [File not signed] C:\Users\Moya\Desktop\barra tareas traslucida\TranslucentTB.2017.2\TranslucentTB.exe
2017-07-25 12:25 - 2017-07-25 12:25 - 000325632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 068669952 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000283136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2017-07-25 12:24 - 2017-07-25 12:24 - 006045696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 003234304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 003281408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2017-07-25 12:24 - 2017-07-25 12:24 - 001204736 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2017-12-17 14:48 - 2017-12-17 14:48 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000110080 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2017-07-25 12:24 - 2017-07-25 12:24 - 000279552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 001336832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-25 12:25 - 2017-07-25 12:25 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000034816 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000237568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2017-07-25 12:26 - 2017-07-25 12:26 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-06-08 21:25 - 2012-05-19 06:17 - 001371648 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sidebar.exe
2018-08-24 13:15 - 2018-08-24 13:15 - 000114688 _____ (Macrovision) [File not signed] C:\Program Files (x86)\MonitorSoftware\UPSMS.exe
2017-11-01 20:58 - 2017-11-01 20:58 - 001141248 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Adguard\SQLite.Interop.dll
2017-03-15 17:08 - 2017-03-15 17:08 - 000732672 _____ () [File not signed] C:\Program Files (x86)\Adguard\brolib32.dll
2019-01-18 23:38 - 2015-06-05 12:00 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.25\ASACPI.DLL
2019-03-19 22:05 - 2019-03-19 22:05 - 000034064 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.15\PEbiosinterface32.dll
2019-01-23 19:03 - 2018-03-26 09:31 - 000053248 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.15\cpuutil.dll
2019-01-24 20:20 - 2019-01-24 20:20 - 004127232 _____ (X-Rite) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1Studio\i1Studio.dll
2019-01-24 20:20 - 2019-01-24 20:20 - 001019392 _____ (X-Rite) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro\i1Fun.dll
2019-01-24 20:20 - 2019-01-24 20:20 - 001502208 _____ (X-Rite Inc.) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro\i1iO.dll
2019-01-24 20:20 - 2019-01-24 20:20 - 003962368 _____ (X-Rite Inc.) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro\i1Pro.dll
2019-01-24 20:20 - 2019-01-24 20:20 - 002359296 _____ (X-Rite) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1isis\EyeOne_iSis.dll
2014-06-23 17:06 - 2014-06-23 17:06 - 000420864 _____ (X-Rite) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1d3\i1d3SDK.dll
2014-06-23 17:06 - 2014-06-23 17:06 - 002633728 _____ () [File not signed] C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll
2018-08-24 13:15 - 2018-08-24 13:15 - 000036864 _____ () [File not signed] C:\Program Files (x86)\MonitorSoftware\writeSystemLogDll.dll
2018-08-24 13:15 - 2018-08-24 13:15 - 000045056 _____ () [File not signed] C:\Program Files (x86)\MonitorSoftware\jspWin.dll
2018-08-24 13:15 - 2018-08-24 13:15 - 000032768 _____ () [File not signed] C:\Program Files (x86)\MonitorSoftware\jusb.dll
2018-05-23 11:02 - 2018-05-23 11:02 - 001006080 ____R (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\System.Data.SQLite.dll
2019-03-01 12:58 - 2017-01-18 22:21 - 001482240 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-02-09 11:01 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-02-09 11:01 - 2019-02-01 09:56 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsAcpi.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\asacpiEx.dll
2019-01-18 23:39 - 2016-11-23 10:35 - 001092608 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\System Information\SystemInfo.dll
2019-01-18 23:39 - 2016-07-14 16:10 - 001139712 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2018-06-08 18:17 - 2017-12-20 04:01 - 000193536 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\AsusGpuTweak.dll
2018-06-08 18:17 - 2017-11-27 10:57 - 001772544 _____ () [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\Vender.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsMultiLang.dll
2018-06-08 18:17 - 2017-11-24 07:47 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\AsMultiLang.dll
2018-06-08 18:17 - 2017-11-24 07:47 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\asacpi.dll
2018-06-08 18:17 - 2017-11-24 07:47 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\asacpiEx.dll
2019-01-18 23:39 - 2016-09-20 14:08 - 000241664 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2019-01-18 23:39 - 2016-07-14 16:10 - 000621056 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\UIImprovmentHelper.dll
2019-01-18 23:39 - 2016-07-14 16:09 - 000208896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2018-04-23 16:13 - 2018-04-23 16:13 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2018-04-23 16:13 - 2018-04-23 16:13 - 000072704 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2018-04-23 16:13 - 2018-04-23 16:13 - 000232448 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2018-04-23 16:13 - 2018-04-23 16:13 - 000567808 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2018-04-23 16:13 - 2018-04-23 16:13 - 000357888 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000299520 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Xmld.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 009541632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Cored.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 008565248 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Widgetsd.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 010430464 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Guid.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 002932736 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\platforms\qwindowsd.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000076288 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qgifd.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000097280 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qicnsd.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000077312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qicod.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000432640 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qjpegd.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000058880 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qsvgd.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000557056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Svgd.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000058880 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qtgad.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000574976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qtiffd.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000058368 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qwbmpd.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000844800 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qwebpd.dll
2018-06-08 18:17 - 2017-11-24 07:48 - 000743424 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\asacpi.dll
2018-06-08 18:17 - 2017-10-29 18:15 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\asacpiEx.dll
2018-08-24 13:15 - 2018-08-24 13:15 - 000077824 _____ () [File not signed] C:\Program Files (x86)\MonitorSoftware\TrayIcon12.dll
2019-02-01 01:24 - 2019-02-01 01:24 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\es_es\AcroTray.esp

==================== Alternate Data Streams (Whitelisted) =========
#15
(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-02-06 16:07 - 2019-03-19 22:05 - 000002106 _____ C:\Windows\system32\drivers\etc\hosts

0.0.0.0                   telemetry.malwarebytes.com
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 www.googletagservices.com
0.0.0.0 gads.pubmatic.com
0.0.0.0 ads.pubmatic.com
0.0.0.0 tpc.googlesyndication.com
0.0.0.0 pagead2.googlesyndication.com
0.0.0.0 googleads.g.doubleclick.net
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %SystemRoot%\system32\WBEM;C:\Windows\system32\WBEM;C:\Windows\system32\WBEM;C:\Windows\system32\WBEM;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32\WBEM;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Users\Moya\AppData\Local\Microsoft\WindowsApps;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;
HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Moya\AppData\Local\DisplayFusion\Wallpaper_2.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "TMMonitor.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\...\StartupApproved\Run: => "GUDelayStartup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D6DE0C4F-C0CF-4F4A-8B11-996A04982EE0}] => (Allow) LPort=7437
FirewallRules: [{34FB17B4-9F4A-4789-9CEA-322C37B9CF91}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)
FirewallRules: [{CFE6DC41-7B1E-4644-BE08-70F44C74B6DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{16C0E086-09C8-46C8-B3C4-3526EE6AA2E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{431E18E5-B1FC-4317-A846-47D8DCD8123A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2A366440-7686-4AAF-8ED2-00046286790C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{36278577-9841-4A81-AB3C-1EEFA6568053}] => (Allow) C:\Program Files (x86)\Pantone Color Manager\PantoneColorManager.exe (X-Rite Incorporated -> X-Rite)
FirewallRules: [{E0F028E4-69C6-4A5F-9D12-859000E309FD}] => (Allow) C:\Program Files (x86)\Pantone Color Manager\PantoneColorManager.exe (X-Rite Incorporated -> X-Rite)
FirewallRules: [{D93AC3C1-CE60-44D6-A2C2-50D9C13E964F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B3F7943B-7F75-4A7D-AA10-59F142D027C7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9848F13B-E4FD-4697-A616-43981FECCBA9}] => (Allow) C:\Users\Moya\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{46F52B83-A745-420A-AFF5-00075F8E91C6}] => (Allow) C:\Users\Moya\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{4A3CB703-630D-4A17-9047-27EF279E9258}C:\users\moya\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\moya\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{F6E8D787-7348-4177-9341-EC0F0B755901}C:\users\moya\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\moya\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D06BC264-2CAC-466F-8D2D-E86D0CAFD008}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{000FDBBB-1104-4BBA-B088-EB1639CAD205}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{0F643DB0-B204-4F87-A754-2F113F154F54}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C9EA29A5-45E4-4E7C-BC3E-1C4588C05EF9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{0C7923C9-19BC-436C-AB47-6E81CA23F338}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{39D8E92E-2D55-42D2-885E-9C855B6277B3}] => (Allow) LPort=35722
FirewallRules: [{7240B4B1-7690-4849-9B49-F7D7930FCA5B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{796F22C6-FC6F-44B8-98BE-2DC38A192F48}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4EC8D6A5-7039-4180-90D7-56ECE750379E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3AC1A0B8-3D2F-4E1C-82D6-70129D57218F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{793C8598-CB58-4714-8B42-F29F40E94C91}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0D92D928-FEE4-4E39-9DF6-6A2E1CC36BE5}] => (Allow) LPort=1688
FirewallRules: [{93FED18D-A38E-4EB9-A822-E77891750BF7}] => (Allow) C:\WINDOWS\system32\hasplms.exe (Gemalto, Inc. -> SafeNet, Inc.)
FirewallRules: [{2B81504B-8CCC-4225-824C-17973D8585D8}] => (Allow) C:\Program Files (x86)\Pantone Color Manager\PantoneColorManager.exe (X-Rite Incorporated -> X-Rite)
FirewallRules: [{5DE883DA-FEF8-47DB-B922-A879F343C274}] => (Allow) C:\Program Files (x86)\Pantone Color Manager\PantoneColorManager.exe (X-Rite Incorporated -> X-Rite)
FirewallRules: [{E89712C0-2D50-4753-8541-B431753F5EB0}] => (Allow) LPort=5454
FirewallRules: [{77DF114F-31E4-47F9-88A5-AC24F2BFB79E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [{689D67A9-6E14-494E-ADB1-8DF337C24642}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{094B5402-C169-4EAA-90FC-5774AB94D547}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{99835D31-4E5D-4666-9CDB-1DA562E62141}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{3848DC8E-75D2-4C37-9D22-90189FACC3D4}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2019 10:12:04 PM) (Source: COM) (EventID: 10035) (User: )
Description: El cálculo de referencias de COM estándar no pudo corregir un error de coincidencia entre el IID {618736E0-3C3D-11CF-810C-00AA00389B71} proporcionado por el servidor y el IID {00020400-0000-0000-C000-000000000046} solicitado por el cliente, con el controlador CLSID {00000000-887C-00CF-C08D-CF0019DA9B76}. Código de error: 0x80010114.

Error: (03/20/2019 10:12:04 PM) (Source: COM) (EventID: 10035) (User: )
Description: El cálculo de referencias de COM estándar no pudo corregir un error de coincidencia entre el IID {618736E0-3C3D-11CF-810C-00AA00389B71} proporcionado por el servidor y el IID {00020400-0000-0000-C000-000000000046} solicitado por el cliente, con el controlador CLSID {769B9345-4114-00CF-5846-CF0019DA9B76}. Código de error: 0x80010114.

Error: (03/20/2019 10:12:04 PM) (Source: COM) (EventID: 10035) (User: )
Description: El cálculo de referencias de COM estándar no pudo corregir un error de coincidencia entre el IID {618736E0-3C3D-11CF-810C-00AA00389B71} proporcionado por el servidor y el IID {00020400-0000-0000-C000-000000000046} solicitado por el cliente, con el controlador CLSID {00000000-EB4C-00CE-90F0-CE0019DA9B76}. Código de error: 0x80010114.

Error: (03/20/2019 10:12:04 PM) (Source: COM) (EventID: 10035) (User: )
Description: El cálculo de referencias de COM estándar no pudo corregir un error de coincidencia entre el IID {618736E0-3C3D-11CF-810C-00AA00389B71} proporcionado por el servidor y el IID {00020400-0000-0000-C000-000000000046} solicitado por el cliente, con el controlador CLSID {00000001-A47C-00CE-C0A9-CE0019DA9B76}. Código de error: 0x80010114.

Error: (03/20/2019 10:12:04 PM) (Source: COM) (EventID: 10035) (User: )
Description: El cálculo de referencias de COM estándar no pudo corregir un error de coincidencia entre el IID {618736E0-3C3D-11CF-810C-00AA00389B71} proporcionado por el servidor y el IID {00020400-0000-0000-C000-000000000046} solicitado por el cliente, con el controlador CLSID {00590000-3D6C-00CE-B042-CE0019DA9B76}. Código de error: 0x80010114.

Error: (03/20/2019 10:12:04 PM) (Source: COM) (EventID: 10035) (User: )
Description: El cálculo de referencias de COM estándar no pudo corregir un error de coincidencia entre el IID {618736E0-3C3D-11CF-810C-00AA00389B71} proporcionado por el servidor y el IID {00020400-0000-0000-C000-000000000046} solicitado por el cliente, con el controlador CLSID {769B92AF-147C-00CE-C019-CE0019DA9B76}. Código de error: 0x80010114.

Error: (03/20/2019 08:27:45 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad

Error: (03/20/2019 08:27:45 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad


System errors:
=============
Error: (03/20/2019 09:14:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk7\DR7.

Error: (03/20/2019 09:01:37 AM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk5\DR5.

Error: (03/20/2019 08:38:48 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-60GLB5A)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-60GLB5A\Moya con SID (S-1-5-21-1839582078-2959218616-3469933489-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/20/2019 08:38:48 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-60GLB5A)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-60GLB5A\Moya con SID (S-1-5-21-1839582078-2959218616-3469933489-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/20/2019 07:29:32 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-60GLB5A)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-60GLB5A\Moya con SID (S-1-5-21-1839582078-2959218616-3469933489-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/20/2019 07:28:22 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-60GLB5A)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-60GLB5A\Moya con SID (S-1-5-21-1839582078-2959218616-3469933489-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/20/2019 07:26:59 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-60GLB5A)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-60GLB5A\Moya con SID (S-1-5-21-1839582078-2959218616-3469933489-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/20/2019 07:26:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


CodeIntegrity:
===================================

Date: 2019-03-20 16:07:06.138
Description: 
Windows blocked file \Device\HarddiskVolume7\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-03-14 01:25:17.361
Description: 
Windows blocked file \Device\HarddiskVolume7\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2019-03-13 11:50:26.471
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll that did not meet the Store signing level requirements.

Date: 2019-03-13 11:49:44.025
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll that did not meet the Store signing level requirements.

Date: 2019-03-13 11:49:42.326
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\MicrosoftEdgeSH.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll that did not meet the Store signing level requirements.

Date: 2019-03-13 11:49:35.989
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\DisplayFusion\Hooks\AppHook64_E5F40BE6-CD0D-4656-BB66-82EF8879B329.dll that did not meet the Store signing level requirements.

Date: 2019-03-13 11:49:35.779
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll that did not meet the Store signing level requirements.

Date: 2019-03-10 22:33:26.945
Description: 
Windows blocked file \Device\HarddiskVolume7\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 27%
Total physical RAM: 32710.09 MB
Available physical RAM: 23807.01 MB
Total Virtual: 34758.09 MB
Available Virtual: 23903.77 MB

==================== Drives ================================

Drive c: (W10 M.2) (Fixed) (Total:237.87 GB) (Free:163.32 GB) NTFS
Drive d: (M2 500GB) (Fixed) (Total:465.76 GB) (Free:450.12 GB) NTFS
Drive e: (SSD 900gb) (Fixed) (Total:893.59 GB) (Free:754.17 GB) NTFS

\\?\Volume{3dd262d0-e131-4896-ae09-4af3d44c97a4}\ (Recuperación) (Fixed) (Total:0.49 GB) (Free:0.12 GB) NTFS
\\?\Volume{94b264d1-8c61-49f9-b8ff-4a9148d3e83d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0E616CC1)

Partition: GPT.

========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 286B2DA7)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 894.3 GB) (Disk ID: 14A266F0)

Partition: GPT.

==================== End of Addition.txt ============================
#16

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atenci√≥n, ahora marca/selecciona √ļnicamente la casilla "Create registry backup", las dem√°s NO

  • Pulsar en Run.

Se abrir√° el informe (DelFix.txt), gu√°rdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
IFEO\dismHost.exe: [Debugger] nul
IFEO\EOSNOTIFY.EXE: [Debugger] nul
IFEO\InstallAgent.exe: [Debugger] nul
IFEO\MusNotification.exe: [Debugger] nul
IFEO\remsh.exe: [Debugger] nul
IFEO\SIHClient.exe: [Debugger] nul
IFEO\UpdateAssistant.exe: [Debugger] nul
IFEO\UsoClient.exe: [Debugger] nul
IFEO\WaaSMedic.exe: [Debugger] nul
IFEO\Windows10Upgrade.exe: [Debugger] nul
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] nul
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page
Toolbar: HKLM-x32 - No Name - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -  No File
CHR HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
HKLM\SYSTEM\CurrentControlSet\Services\45838EC3390E5114 <==== ATTENTION (Rootkit!)
2019-02-24 23:23 - 2019-02-24 23:23 - 000003526 _____ C:\Windows\System32\Tasks\{382206AF-3B40-4179-A5AB-6282A401826A}
2018-08-24 13:24 - 2018-08-24 13:24 - 000000000 _____ () C:\Users\Moya\AppData\Local\{5B91C30A-FE62-4732-B467-F2D3FCB0249D}
2019-03-20 07:26 - 2019-03-20 07:26 - 000000000 _____ () C:\Users\Moya\AppData\Local\Temp\KeyScrambler_Update4d9be28eb30ba74.exe
CustomCLSID: HKU\S-1-5-21-1839582078-2959218616-3469933489-1001_Classes\CLSID\{2D7E1637-7BD7-0F38-ED4B-0E6D142D0F0A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1839582078-2959218616-3469933489-1001_Classes\CLSID\{467990BB-AB94-0A28-E1E7-83FDDD49075B}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers-x32: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
Task: {024268C1-CD57-4AFE-9A51-10E03E4513B4} - System32\Tasks\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97} => C:\Users\Moya\AppData\Local\Temp\is-J5DS7.tmp\XRD Manager.exe <==== ATTENTION
Task: {09BD1AEA-FDD7-4A15-AAFF-739B4D0C5D07} - System32\Tasks\hwinfo64 => C:\Program Files\HWiNFO64\HWiNFO64.EXE (Martin Malik - REALiX -> REALiX) <==== ATTENTION
Task: {0A055CC9-3A4E-461D-933F-5FF3930F1FB2} - System32\Tasks\{279FBE9F-5D86-4257-A776-25C69491039B} => C:\Users\Moya\AppData\Local\Temp\is-GTVAT.tmp\XRD Manager.exe <==== ATTENTION
Task: {EF74B7C6-2296-4097-9C26-074DEF414EBF} - System32\Tasks\{382206AF-3B40-4179-A5AB-6282A401826A} => C:\Users\Moya\AppData\Local\Temp\F6676A67-3867-4FDE-AB2E-4E4867F2F5E2\ga_service.exe <==== ATTENTION
Task: C:\Windows\Tasks\{279FBE9F-5D86-4257-A776-25C69491039B}.job => C:\Users\Moya\AppData\Local\Temp\is-GTVAT.tmp\XRD Manager.exeȎ/exenoupdates  /exelang 3082 /noprereqs  /qr   AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE E:\ TRANSFORMS=:3082 AI_PREREQFILES=C:\Users\Moya\AppData\Local\Temp\{279FBE9F-5D86-4257-A776-25C69491039B}\drivers64.msi AI_PREREQDIRS=C:\Users\Moya\AppData\Local\Temp AI_SETUPEXEPATH=C:\Users\Moya\AppData\Local\Temp\is-GTVAT.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\Moya\AppData\Local\Temp\is-GTVAT.tmp <==== ATTENTION
Task: C:\Windows\Tasks\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}.job => C:\Users\Moya\AppData\Local\Temp\is-J5DS7.tmp\XRD Manager.exe»Ę/exenoupdates  /noprereqs  /qr   AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE E:\ AI_PREREQFILES=C:\Users\Moya\AppData\Local\Temp\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}\drivers64.msi AI_PREREQDIRS=C:\Users\Moya\AppData\Local\Temp OLDPRODUCTS={AB15D468-EFFC-43A8-883B-4B31BC7E3D07} AI_SETUPEXEPATH=C:\Users\Moya\AppData\Local\Temp\is-J5DS7.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\Moya\AppData\Local\Temp\is-J5DS7.tmp <==== ATTENTION
ShortcutWithArgument: C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Photo Transfer App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fjfbkbdcdmafppmmeajldfnkjllemkej
AlternateDataStreams: C:\Windows:nlsPreferences [386]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

Lo pegas en tu próxima respuesta, comentado como va el problema

#17
Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Moya (21-03-2019 10:25:35) Run:1
Running from C:\Users\Moya\Desktop
Loaded Profiles: Moya (Available Profiles: Moya)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
IFEO\dismHost.exe: [Debugger] nul
IFEO\EOSNOTIFY.EXE: [Debugger] nul
IFEO\InstallAgent.exe: [Debugger] nul
IFEO\MusNotification.exe: [Debugger] nul
IFEO\remsh.exe: [Debugger] nul
IFEO\SIHClient.exe: [Debugger] nul
IFEO\UpdateAssistant.exe: [Debugger] nul
IFEO\UsoClient.exe: [Debugger] nul
IFEO\WaaSMedic.exe: [Debugger] nul
IFEO\Windows10Upgrade.exe: [Debugger] nul
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] nul
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page
Toolbar: HKLM-x32 - No Name - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -  No File
CHR HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
HKLM\SYSTEM\CurrentControlSet\Services\45838EC3390E5114 <==== ATTENTION (Rootkit!)
2019-02-24 23:23 - 2019-02-24 23:23 - 000003526 _____ C:\Windows\System32\Tasks\{382206AF-3B40-4179-A5AB-6282A401826A}
2018-08-24 13:24 - 2018-08-24 13:24 - 000000000 _____ () C:\Users\Moya\AppData\Local\{5B91C30A-FE62-4732-B467-F2D3FCB0249D}
2019-03-20 07:26 - 2019-03-20 07:26 - 000000000 _____ () C:\Users\Moya\AppData\Local\Temp\KeyScrambler_Update4d9be28eb30ba74.exe
CustomCLSID: HKU\S-1-5-21-1839582078-2959218616-3469933489-1001_Classes\CLSID\{2D7E1637-7BD7-0F38-ED4B-0E6D142D0F0A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1839582078-2959218616-3469933489-1001_Classes\CLSID\{467990BB-AB94-0A28-E1E7-83FDDD49075B}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers-x32: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
Task: {024268C1-CD57-4AFE-9A51-10E03E4513B4} - System32\Tasks\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97} => C:\Users\Moya\AppData\Local\Temp\is-J5DS7.tmp\XRD Manager.exe <==== ATTENTION
Task: {09BD1AEA-FDD7-4A15-AAFF-739B4D0C5D07} - System32\Tasks\hwinfo64 => C:\Program Files\HWiNFO64\HWiNFO64.EXE (Martin Malik - REALiX -> REALiX) <==== ATTENTION
Task: {0A055CC9-3A4E-461D-933F-5FF3930F1FB2} - System32\Tasks\{279FBE9F-5D86-4257-A776-25C69491039B} => C:\Users\Moya\AppData\Local\Temp\is-GTVAT.tmp\XRD Manager.exe <==== ATTENTION
Task: {EF74B7C6-2296-4097-9C26-074DEF414EBF} - System32\Tasks\{382206AF-3B40-4179-A5AB-6282A401826A} => C:\Users\Moya\AppData\Local\Temp\F6676A67-3867-4FDE-AB2E-4E4867F2F5E2\ga_service.exe <==== ATTENTION
Task: C:\Windows\Tasks\{279FBE9F-5D86-4257-A776-25C69491039B}.job => C:\Users\Moya\AppData\Local\Temp\is-GTVAT.tmp\XRD Manager.exe?/exenoupdates  /exelang 3082 /noprereqs  /qr   AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE E:\ TRANSFORMS=:3082 AI_PREREQFILES=C:\Users\Moya\AppData\Local\Temp\{279FBE9F-5D86-4257-A776-25C69491039B}\drivers64.msi AI_PREREQDIRS=C:\Users\Moya\AppData\Local\Temp AI_SETUPEXEPATH=C:\Users\Moya\AppData\Local\Temp\is-GTVAT.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\Moya\AppData\Local\Temp\is-GTVAT.tmp <==== ATTENTION
Task: C:\Windows\Tasks\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}.job => C:\Users\Moya\AppData\Local\Temp\is-J5DS7.tmp\XRD Manager.exe?/exenoupdates  /noprereqs  /qr   AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE E:\ AI_PREREQFILES=C:\Users\Moya\AppData\Local\Temp\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}\drivers64.msi AI_PREREQDIRS=C:\Users\Moya\AppData\Local\Temp OLDPRODUCTS={AB15D468-EFFC-43A8-883B-4B31BC7E3D07} AI_SETUPEXEPATH=C:\Users\Moya\AppData\Local\Temp\is-J5DS7.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\Moya\AppData\Local\Temp\is-J5DS7.tmp <==== ATTENTION
ShortcutWithArgument: C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Photo Transfer App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fjfbkbdcdmafppmmeajldfnkjllemkej
AlternateDataStreams: C:\Windows:nlsPreferences [386]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dismHost.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EOSNOTIFY.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\InstallAgent.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MusNotification.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\remsh.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SIHClient.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UpdateAssistant.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UsoClient.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WaaSMedic.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Windows10Upgrade.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINDOWS10UPGRADERAPP.EXE => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE} => not found
HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\amkpcclbbgegoafihnpgomddadjhcadd => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\45838EC3390E5114 <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
C:\Windows\System32\Tasks\{382206AF-3B40-4179-A5AB-6282A401826A} => moved successfully
C:\Users\Moya\AppData\Local\{5B91C30A-FE62-4732-B467-F2D3FCB0249D} => moved successfully
"C:\Users\Moya\AppData\Local\Temp\KeyScrambler_Update4d9be28eb30ba74.exe" => not found
HKU\S-1-5-21-1839582078-2959218616-3469933489-1001_Classes\CLSID\{2D7E1637-7BD7-0F38-ED4B-0E6D142D0F0A} => removed successfully
HKU\S-1-5-21-1839582078-2959218616-3469933489-1001_Classes\CLSID\{467990BB-AB94-0A28-E1E7-83FDDD49075B} => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\    OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\    OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\    OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\    OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\    OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\    OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{024268C1-CD57-4AFE-9A51-10E03E4513B4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{024268C1-CD57-4AFE-9A51-10E03E4513B4}" => removed successfully
C:\Windows\System32\Tasks\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09BD1AEA-FDD7-4A15-AAFF-739B4D0C5D07}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09BD1AEA-FDD7-4A15-AAFF-739B4D0C5D07}" => removed successfully
C:\Windows\System32\Tasks\hwinfo64 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hwinfo64" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A055CC9-3A4E-461D-933F-5FF3930F1FB2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A055CC9-3A4E-461D-933F-5FF3930F1FB2}" => removed successfully
C:\Windows\System32\Tasks\{279FBE9F-5D86-4257-A776-25C69491039B} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{279FBE9F-5D86-4257-A776-25C69491039B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF74B7C6-2296-4097-9C26-074DEF414EBF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF74B7C6-2296-4097-9C26-074DEF414EBF}" => removed successfully
"C:\Windows\System32\Tasks\{382206AF-3B40-4179-A5AB-6282A401826A}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{382206AF-3B40-4179-A5AB-6282A401826A}" => removed successfully
C:\Windows\Tasks\{279FBE9F-5D86-4257-A776-25C69491039B}.job => moved successfully
C:\Windows\Tasks\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}.job => moved successfully
C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Photo Transfer App.lnk => Shortcut argument removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1839582078-2959218616-3469933489-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¬Ę correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¬Ęn IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¬Ęn IP de Windows

No se puede vaciar la cach‚Äö de resoluci¬Ęn de DNS: Error de una funci¬Ęn durante la ejecuci¬Ęn.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores



========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11296768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 52038632 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 11209851 B
Edge => 136704 B
Chrome => 359063113 B
Firefox => 36093636 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4552 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Moya => 1648626 B

RecycleBin => 39619 B
EmptyTemp: => 449.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:25:56 ====
#18

No pude iniciar Windows 10 en modo seguro con los pasos indicados. Lo hice desde: ejecutar-msconfig-inicio seguro.

Por lo que dijo Aprenderas. Kaspersky antivirus bloquea una URL en una página de series online que abro con frecuencia. Por si tiene relación con lo que detecta Dr Web cureit.

Muchas gracias por la ayuda. Desde hace infospyware es para mí un sitio al que le tengo estima.

1 me gusta
#19

Ese tipo de paginas suelen traer problema, efectivamente…y el problema puede venir por ahi

Vuelve a ejecutar Dr Web ( descarga una nueva version actualizada) y ponme el log

#20
Start curing
-----------------------------------------------------------------------------

C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a2a - deleted

Total 84884196993 bytes in 327639 files scanned (447177 objects)
Total 327707 files (447015 objects) are clean
Total 1 file are infected
Total 1 file are neutralized
Total 158 files are raised error condition
Scan time is 00:18:16.600

Es una p√°gina que abro a diaro. Las ventanas emergentes y p√°ginas de publicidad son bloqueadas de forma autom√°tica con Kaspersky Antivirus, Malwarebytes Premium, Adguard y extensiones Chrome tambien de Malwarebytes, Adguard y Pop Up Blocker.

#21

`Pues prueba una vez eliminado ese archivo por Dr Wen a no entra en esa pagina 25 horas, vuelve a ejecutar Dr Web y mira si sale limpio y me comentas