Hola
Te dejo el Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30.01.2019
Ran by Vanhelsing (administrator) on VANHELSING-PC (02-02-2019 22:57:23)
Running from C:\Users\Vanhelsing\Desktop
Loaded Profiles: Vanhelsing (Available Profiles: Vanhelsing)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(MAGIX®) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\58.0.3135.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\58.0.3135.53\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\58.0.3135.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\58.0.3135.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\58.0.3135.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\58.0.3135.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\58.0.3135.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\58.0.3135.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\58.0.3135.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\58.0.3135.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\58.0.3135.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\58.0.3135.53\opera.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Winlogon: [Userinit] c:\windows\syswow64\userinit.exe,c:\program files (x86)\neuratron\audioscore ultimate 8 demo\neuratron audioscoresrv.exe,
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] C:\Windows\System32\0 [0 2016-05-15] ()
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\System32\frapsv64.dll [105984 2018-09-25] (Beepa P/L)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\System32\l3codecp.acm [182272 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\System32\prodad-codec.dll [607256 2015-08-27] (proDAD GmbH)
HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\System32\ficvdec_x64.dll [652288 2013-05-28] ()
HKLM\...\Drivers32-x32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2018-09-25] (Beepa P/L)
HKLM\...\Drivers32-x32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
HKLM\...\Drivers32-x32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software)
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32-x32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] ()
HKLM\...\Drivers32-x32: [vidc.x264] => C:\Program Files (x86)\x264vfw\x264vfw.dll [3649536 2013-03-17] (x264vfw project)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-14] (Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2009-10-02] (Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{67187239-0780-4d9b-895B-7F0968AA474E}] -> C:\Program Files (x86)\CyberLink\YouCam7\CLCredProv\x64\CLCredProv.dll [2017-05-16] (CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{67187239-0780-4d9b-895B-7F0968AA474E}] -> C:\Program Files (x86)\CyberLink\YouCam7\CLCredProv\x64\CLCredProv.dll [2017-05-16] (CyberLink)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 186.130.128.111 200.63.155.64
Tcpip\..\Interfaces\{ABA4E354-C46C-4657-BBED-EC7EDD9C9BCC}: [DhcpNameServer] 186.130.128.111 200.63.155.64
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000 -> {DB5BFFD0-F555-4008-AFDE-DA0571CFDFFE} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-02-01] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-02-01] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-02-01] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-02-01] (AO Kaspersky Lab)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected] ] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-02-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected] ] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017-06-02] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F88[email protected] ] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-07-31] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Vanhelsing\AppData\Local\Google\Chrome\User Data\Default [2019-01-31]
CHR Extension: (Presentaciones) - C:\Users\Vanhelsing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-14]
CHR Extension: (Documentos) - C:\Users\Vanhelsing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-14]
CHR Extension: (Google Drive) - C:\Users\Vanhelsing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-14]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Vanhelsing\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2019-01-25]
CHR Extension: (YouTube) - C:\Users\Vanhelsing\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-14]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Vanhelsing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-25]
CHR Extension: (Hojas de cálculo) - C:\Users\Vanhelsing\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-14]
CHR Extension: (AdBlock) - C:\Users\Vanhelsing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-01-31]
CHR Extension: (Conversor de vídeo) - C:\Users\Vanhelsing\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2018-12-14]
CHR Extension: (Ghostery – Bloqueador de anuncios para privacidad) - C:\Users\Vanhelsing\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2019-01-25]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Vanhelsing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-14]
CHR Extension: (Gmail) - C:\Users\Vanhelsing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-14]
CHR Extension: (Chrome Media Router) - C:\Users\Vanhelsing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-14]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
Opera:
=======
OPR Extension: (Ghostery – Bloqueador de anuncios para privacidad) - C:\Users\Vanhelsing\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2018-12-06]
OPR Extension: (AdGuard AdBlocker) - C:\Users\Vanhelsing\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2018-10-03]
OPR Extension: (WOT: Web of Trust, valoraciones de reputación de sitios web) - C:\Users\Vanhelsing\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2018-07-18]
OPR Extension: (Bookmarks Import & Export) - C:\Users\Vanhelsing\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2016-10-28]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
S2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
R2 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [414352 2019-02-01] (AO Kaspersky Lab)
S3 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2018-12-18] (Razer Inc)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [535424 2018-12-18] (Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [290352 2018-12-19] (Razer Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11660528 2018-12-07] (TeamViewer GmbH)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [118184 2018-05-14] ()
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [53904 2018-05-17] (The OpenVPN Project)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-06-07] ()
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [42536 2016-06-16] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24328 2008-07-31] (IVT Corporation.)
R3 CLMirrorDriver; C:\Windows\System32\DRIVERS\CLMirrorDriver.sys [21264 2018-05-11] (CyberLink)
R3 clwvd7; C:\Windows\System32\DRIVERS\clwvd7.sys [49944 2016-06-02] (CyberLink Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows (R) Win 7 DDK provider)
R3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2015-11-12] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2016-04-10] (DT Soft Ltd)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-22] (REALiX(tm))
S1 hwinterface; C:\Windows\SysWOW64\Drivers\hwinterface.sys [3026 2018-07-15] (Logix4u) [File not signed]
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [31624 2008-07-02] (IVT Corporation.)
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [158848 2016-04-13] (Zemana Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [73416 2018-12-12] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [123144 2018-12-12] (AO Kaspersky Lab)
R1 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [89168 2018-12-12] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [218720 2019-02-01] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1214752 2019-02-01] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1129256 2019-02-01] (AO Kaspersky Lab)
R1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [56520 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [58056 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [81632 2017-11-07] (AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [177472 2018-12-12] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-06-07] ()
R3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [57408 2012-08-29] (MusicLab, Inc.)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2012-01-05] ()
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2018-12-27] () [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [51808 2018-02-08] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-03-26] (Duplex Secure Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WiseHDInfo; C:\windows\WiseHDInfo64.dll [14800 2017-01-20] (wisecleaner.com) [File not signed]
S1 MpKsl577c14db; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5485FB1B-D983-417A-AF15-3307AE2F1C4E}\MpKsl577c14db.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-02 22:57 - 2019-02-02 22:58 - 000019749 _____ C:\Users\Vanhelsing\Desktop\FRST.txt
2019-02-02 01:52 - 2019-02-02 01:53 - 000000000 ____D C:\Users\Vanhelsing\AppData\Roaming\Screaming Bee
2019-02-02 01:52 - 2019-02-02 01:53 - 000000000 ____D C:\ProgramData\Screaming Bee
2019-02-02 01:52 - 2019-02-02 01:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2019-02-02 01:52 - 2019-02-02 01:52 - 000000000 ____D C:\Program Files (x86)\Screaming Bee
2019-02-02 01:50 - 2019-02-02 01:50 - 000000000 ____D C:\Users\Vanhelsing\Desktop\MorphVOX Pro Crack 2017
2019-02-02 01:50 - 2019-02-02 01:50 - 000000000 ____D C:\Users\Vanhelsing\Desktop\Cool Voices For MorphVOX Pro
2019-02-02 01:37 - 2019-02-02 01:38 - 001057152 _____ C:\Users\Vanhelsing\Desktop\e37a6f16-3da1-4ee7-973f-aff0791349b9.mp4
2019-02-02 00:12 - 2019-02-02 00:12 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Light Force
2019-02-01 23:56 - 2019-02-01 23:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2019-02-01 23:56 - 2019-02-01 23:52 - 000002091 _____ C:\Users\Vanhelsing\Documents\Safe Money.lnk
2019-02-01 23:56 - 2019-02-01 23:52 - 000002045 _____ C:\Users\Vanhelsing\Documents\Kaspersky Internet Security.lnk
2019-02-01 23:53 - 2019-02-01 23:53 - 000001174 _____ C:\Users\Vanhelsing\Documents\Kaspersky Secure Connection.lnk
2019-02-01 23:53 - 2019-02-01 23:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2019-02-01 23:52 - 2019-02-02 22:21 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-02-01 23:52 - 2019-02-01 23:53 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-02-01 23:52 - 2019-02-01 23:52 - 001214752 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2019-02-01 23:52 - 2019-02-01 23:52 - 001129256 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2019-02-01 23:52 - 2019-02-01 23:52 - 000218720 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2019-02-01 23:52 - 2019-02-01 23:52 - 000152960 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
2019-02-01 23:52 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2019-02-01 23:48 - 2019-02-01 23:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-02-01 23:22 - 2019-02-01 23:24 - 000000000 ____D C:\ProgramData\BullGuard
2019-02-01 00:35 - 2019-02-02 22:57 - 000000000 ____D C:\FRST
2019-02-01 00:35 - 2019-02-01 00:36 - 000016004 _____ C:\Users\Vanhelsing\Desktop\Fixlog.txt
2019-02-01 00:33 - 2019-02-01 00:33 - 002428928 _____ (Farbar) C:\Users\Vanhelsing\Desktop\FRST64.exe
2019-02-01 00:32 - 2019-02-01 00:32 - 000797760 _____ C:\Users\Vanhelsing\Desktop\delfix.exe
2019-02-01 00:28 - 2019-02-01 00:31 - 000000489 _____ C:\DelFix.txt
2019-01-31 12:39 - 2019-01-31 12:45 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Steel Engraved
2019-01-31 01:06 - 2019-01-31 01:06 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Within Temptation - Resist (2019)
2019-01-29 01:47 - 2019-01-29 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-01-26 23:32 - 2019-01-26 23:32 - 000000000 ____D C:\ProgramData\Ubisoft
2019-01-26 22:58 - 2019-01-26 22:58 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2019-01-25 00:06 - 2019-01-25 00:06 - 000000000 ____D C:\Users\Vanhelsing\Documents\FX Interactive
2019-01-24 23:55 - 2019-01-24 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FX Interactive
2019-01-24 23:55 - 2019-01-24 23:55 - 000000000 ____D C:\Program Files (x86)\FX Interactive
2019-01-24 23:31 - 2019-01-31 01:47 - 000000000 ____D C:\Program Files (x86)\System Ninja
2019-01-24 23:31 - 2019-01-24 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja
2019-01-22 23:23 - 2019-01-22 23:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2019-01-22 22:50 - 2019-01-22 22:50 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Skid Row - Skid Row (30th Anniversary Deluxe Edition) (2019)
2019-01-22 22:32 - 2019-01-22 23:23 - 000000000 ____D C:\Users\Vanhelsing\Documents\Nintendo 64+Pimball+Sega Genesis+Super Nintendo
2019-01-22 22:30 - 2019-01-23 11:15 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Van Halen - Essentials (2019)
2019-01-19 22:52 - 2019-01-19 22:54 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Kane Roberts - The New Normal (Japanese Edition) (2019)
2019-01-19 22:51 - 2019-01-19 23:37 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Metal Inquisitor - Panopticon
2019-01-19 22:51 - 2019-01-19 23:35 - 000000000 ____D C:\Users\Vanhelsing\Downloads\OOMPH! - Ritual (Limited Edition) (2019)
2019-01-19 22:51 - 2019-01-19 22:53 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Altitudes & Attitude - Get It Out
2019-01-19 22:51 - 2019-01-19 22:51 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Spellwitch - The Witching Hour (2018)
2019-01-19 22:51 - 2019-01-19 22:51 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Brutality - Antecedent Offerings (EP)(2018)
2019-01-19 22:50 - 2019-01-19 22:52 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Evergrey - The Atlantic (2019)
2019-01-19 22:50 - 2019-01-19 22:51 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Sister Rose - No Cause For Distraction (2019)
2019-01-18 23:02 - 2019-01-18 23:06 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Stranger - Pretty Angels (1990)
2019-01-18 23:00 - 2019-01-18 23:11 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Stranger 1985 The Bell (Remastered 2005)
2019-01-18 22:59 - 2019-01-21 20:34 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Arcánima - Cambia El Destino (2019)
2019-01-18 22:59 - 2019-01-18 23:02 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Stranger - Stranger (2013)
2019-01-18 22:59 - 2019-01-18 23:00 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Stranger - Sailing Out (1990)
2019-01-18 22:59 - 2019-01-18 23:00 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Ancient Bards - Origine (The Black Crystal Sword Saga Part 2) (2019)
2019-01-18 02:25 - 2019-01-18 02:31 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Toto
2019-01-18 02:25 - 2019-01-18 02:31 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Arch Enemy - Covered In Blood (Compilation) (2019)
2019-01-18 02:25 - 2019-01-18 02:28 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Overkill
2019-01-18 02:25 - 2019-01-18 02:26 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Flotsam and Jetsam - The End of Chaos (2019)all tracks
2019-01-18 02:25 - 2019-01-18 02:25 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Aphylon
2019-01-17 22:00 - 2019-01-17 22:07 - 000000000 ____D C:\Users\Vanhelsing\Documents\W7
2019-01-17 21:49 - 2019-01-17 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
2019-01-17 21:49 - 2019-01-17 21:49 - 000000000 ____D C:\Program Files (x86)\RocketDock
2019-01-16 22:48 - 2019-01-24 23:19 - 000000000 ____D C:\Program Files (x86)\VictorVal
2019-01-16 01:15 - 2019-01-16 21:12 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Arch Enemy (512 Kbps)
2019-01-15 01:06 - 2019-01-15 01:06 - 000000000 ____D C:\Users\Vanhelsing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\La Santa Biblia 3D para PC
2019-01-15 01:06 - 2019-01-15 01:06 - 000000000 ____D C:\Program Files (x86)\La Santa Biblia 3D para PC
2019-01-14 03:19 - 2019-01-14 03:19 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Dream Theater - Fall into the Light (Single) (2019)
2019-01-14 00:02 - 2019-01-14 00:02 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-01-13 23:19 - 2019-02-02 09:41 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-01-13 23:15 - 2019-01-13 23:15 - 000000000 ____D C:\Users\Vanhelsing\Documents\Xion
2019-01-13 23:11 - 2019-01-13 23:11 - 000001674 _____ C:\Users\Vanhelsing\Documents\DFX.lnk
2019-01-13 23:11 - 2019-01-13 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
2019-01-13 23:10 - 2019-01-13 23:12 - 000000000 ____D C:\Program Files (x86)\DFX
2019-01-13 23:10 - 2019-01-13 23:10 - 000000000 ____D C:\Users\Vanhelsing\AppData\Roaming\vlc
2019-01-13 23:06 - 2019-01-13 23:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\r2 Studios
2019-01-13 23:06 - 2019-01-13 23:06 - 000000000 ____D C:\Program Files (x86)\r2 Studios
2019-01-13 23:02 - 2019-01-13 23:02 - 000000000 ____D C:\Users\Vanhelsing\AppData\Roaming\CD Label Designer
2019-01-13 23:02 - 2019-01-13 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD Label Designer
2019-01-13 23:02 - 2019-01-13 23:02 - 000000000 ____D C:\Program Files (x86)\CD Label Designer
2019-01-13 22:23 - 2019-01-14 01:09 - 000000000 ____D C:\Users\Vanhelsing\Documents\Skins
2019-01-13 12:40 - 2019-01-13 12:46 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Steeler
2019-01-13 12:39 - 2019-01-13 12:47 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Axel Rudi Pell
2019-01-13 12:39 - 2019-01-13 12:41 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Axel Rudi Pell - Knights Call (2018)
2019-01-12 02:40 - 2019-01-22 11:35 - 000000000 ____D C:\Users\Vanhelsing\AppData\Roaming\TeamViewer
2019-01-11 02:43 - 2019-01-12 15:16 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Starbreaker - Dysphoria (Japanese Edition) (2019)
2019-01-11 02:42 - 2019-01-12 15:21 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Black Rain - Requiem for a Killer 2015
2019-01-11 02:42 - 2019-01-12 03:13 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Powerwolf
2019-01-11 02:42 - 2019-01-11 02:44 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Unmasked - Behind the Mask (2019)
2019-01-11 02:42 - 2019-01-11 02:44 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Powergame
2019-01-11 02:42 - 2019-01-11 02:44 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Black Rain - Totalitarian Order (2019)
2019-01-08 23:40 - 2019-01-08 23:41 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Warrant - Greatest & Latest (2016)
2019-01-08 23:37 - 2019-01-08 23:37 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Nitevigil - State Of Emergency (EP)1988
2019-01-08 00:51 - 2019-01-08 23:46 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Warrant - Cherry Pie (Rock Candy Remastered 2017)
2019-01-08 00:48 - 2019-01-08 23:36 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Shred Attack - Shred Attack 2018
2019-01-08 00:48 - 2019-01-08 00:51 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Spitfire
2019-01-08 00:48 - 2019-01-08 00:48 - 000000000 ____D C:\Users\Vanhelsing\Downloads\Warrant - Inside Out (Compilation)
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-02 21:56 - 2011-07-14 04:56 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-02-02 17:27 - 2018-05-20 01:53 - 000000000 ____D C:\Users\Vanhelsing\AppData\Roaming\uTorrent
2019-02-02 09:53 - 2009-07-14 01:45 - 000022624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-02 09:53 - 2009-07-14 01:45 - 000022624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-02 09:40 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-02 02:42 - 2018-12-16 21:36 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2019-02-02 02:01 - 2014-06-02 18:05 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-02 01:52 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2019-02-02 01:28 - 2016-07-17 02:13 - 000003864 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1468732425
2019-02-02 01:28 - 2016-07-17 02:12 - 000000000 ____D C:\Program Files (x86)\Opera
2019-02-01 23:56 - 2016-10-26 02:20 - 000000000 ____D C:\Program Files\Common Files\AV
2019-02-01 23:48 - 2014-10-02 21:04 - 000000000 ____D C:\Users\Vanhelsing\Documents\Cracks varios
2019-02-01 23:23 - 2009-07-14 00:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-02-01 23:23 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2019-02-01 23:01 - 2014-12-11 00:48 - 000000000 ____D C:\Users\Public\Documents\RonyaSoft
2019-02-01 00:38 - 2015-11-03 00:49 - 000000008 __RSH C:\ProgramData\ntuser.pol
2019-02-01 00:36 - 2018-10-30 00:37 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-02-01 00:36 - 2014-08-03 23:50 - 000000000 ____D C:\Windows\pss
2019-02-01 00:08 - 2018-03-13 23:51 - 000000000 ____D C:\Users\Vanhelsing\AppData\Local\CrashDumps
2019-01-29 01:47 - 2018-10-19 23:43 - 000000000 ____D C:\Program Files\iTunes
2019-01-29 01:47 - 2014-06-21 00:07 - 000000000 ____D C:\Program Files\iPod
2019-01-26 23:28 - 2009-07-14 02:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-01-26 22:58 - 2011-07-14 04:35 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-26 22:54 - 2013-12-05 22:13 - 000000000 ____D C:\Archivos de programa
2019-01-26 22:34 - 2013-12-06 18:25 - 000000000 ____D C:\Users\Vanhelsing\AppData\Roaming\AnvSoft
2019-01-24 23:56 - 2018-12-10 00:40 - 000000000 ____D C:\Users\Vanhelsing\Documents\SkidRow
2019-01-24 23:07 - 2016-04-10 22:35 - 000000000 ____D C:\Users\Vanhelsing\AppData\Roaming\DAEMON Tools Pro
2019-01-24 23:03 - 2018-09-08 12:39 - 000000000 ___HD C:\Windows\msdownld.tmp
2019-01-24 23:03 - 2013-12-06 00:32 - 000000000 ____D C:\Windows\SysWOW64\directx
2019-01-22 23:24 - 2018-09-11 21:03 - 000000000 ____D C:\Program Files (x86)\Project64 2.1
2019-01-22 22:37 - 2013-12-06 18:02 - 000000000 ____D C:\Games
2019-01-22 22:36 - 2013-12-06 00:31 - 000000000 ____D C:\Users\Vanhelsing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2019-01-22 21:47 - 2015-12-02 17:35 - 000000000 ____D C:\Users\Vanhelsing\Documents\Torrents para descargar
2019-01-22 14:13 - 2013-12-11 23:07 - 000000000 ____D C:\Users\Vanhelsing\Documents\Youcam
2019-01-22 01:45 - 2016-05-01 22:25 - 000000000 ____D C:\Users\Vanhelsing\Documents\Programas Portables
2019-01-22 00:18 - 2013-12-06 00:59 - 000000000 ____D C:\Users\Vanhelsing\AppData\Roaming\PhotoScape
2019-01-21 20:46 - 2017-02-27 23:14 - 000003156 _____ C:\Windows\SysWOW64\ealregsnapshot1.reg
2019-01-21 20:45 - 2015-11-27 03:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2019-01-21 20:45 - 2015-11-27 03:17 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2019-01-19 22:00 - 2014-01-11 02:17 - 000000000 ____D C:\Users\Vanhelsing\AppData\Local\ElevatedDiagnostics
2019-01-18 00:55 - 2018-12-10 00:55 - 000000451 _____ C:\Users\Vanhelsing\Documents\911.CT
2019-01-16 23:55 - 2018-03-11 01:13 - 000000000 ____D C:\Users\Vanhelsing\Documents\BioWare
2019-01-16 23:50 - 2014-08-02 21:44 - 000466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2019-01-16 23:50 - 2014-08-02 21:44 - 000444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2019-01-16 23:50 - 2014-08-02 21:44 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2019-01-16 23:50 - 2014-08-02 21:44 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2019-01-15 01:28 - 2013-12-11 23:07 - 000000000 ____D C:\Users\Public\CyberLink
2019-01-14 16:31 - 2016-09-20 00:59 - 000000000 ____D C:\Users\Vanhelsing\Documents\Camtasia Studio
2019-01-14 16:29 - 2018-11-09 22:58 - 005462032 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-14 00:06 - 2017-12-27 01:47 - 000222584 _____ C:\Users\Vanhelsing\AppData\Local\GDIPFONTCACHEV1.DAT
2019-01-13 23:15 - 2016-02-22 22:48 - 000000000 ____D C:\Users\Vanhelsing\AppData\Roaming\r2 Studios
2019-01-13 02:17 - 2016-06-09 01:59 - 000000000 ____D C:\Users\Vanhelsing\AppData\Roaming\AIMP
2019-01-09 01:27 - 2016-12-15 00:26 - 000004496 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-01-09 01:27 - 2016-12-14 22:48 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-01-09 01:27 - 2013-12-11 23:38 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-01-09 01:27 - 2013-12-11 23:38 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-09 01:27 - 2013-12-11 23:37 - 000000000 ____D C:\Windows\system32\Macromed
2019-01-09 00:26 - 2018-03-14 02:26 - 000004512 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-08 00:48 - 2018-12-17 01:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex
2019-01-08 00:34 - 2014-10-19 00:13 - 000000000 ____D C:\Users\Vanhelsing\AppData\Roaming\Audacity
==================== Files in the root of some directories =======
2014-08-12 01:16 - 2014-08-12 01:23 - 000016952 ____T (Un4seen Developments) C:\Users\Vanhelsing\AppData\Roaming\Microsoft\1eaadjc.dll
2014-08-12 01:16 - 2014-08-12 01:23 - 000018724 ____T () C:\Users\Vanhelsing\AppData\Roaming\Microsoft\bass.dll
2014-08-12 01:16 - 2014-08-12 01:23 - 000014392 ____T (Un4seen Developments) C:\Users\Vanhelsing\AppData\Roaming\Microsoft\kfgresk.dll
2014-08-12 01:16 - 2014-08-12 01:23 - 000013984 ____T () C:\Users\Vanhelsing\AppData\Roaming\Microsoft\mjcriu.dll
2014-08-12 01:16 - 2014-08-12 01:23 - 000010808 ____T (Un4seen Developments) C:\Users\Vanhelsing\AppData\Roaming\Microsoft\peaadje.dll
2014-08-12 01:16 - 2014-08-12 01:23 - 000026200 ____T ((: JOBnik! :) [Arthur Aminov, ISRAEL]) C:\Users\Vanhelsing\AppData\Roaming\Microsoft\qwadjb.dll
2014-08-12 01:16 - 2014-08-12 01:23 - 000015416 ____T (Un4seen Developments) C:\Users\Vanhelsing\AppData\Roaming\Microsoft\rsaadjd.dll
2018-07-04 23:56 - 2018-07-04 23:56 - 000000001 _____ () C:\Users\Vanhelsing\AppData\Local\llftool.4.40.agreement
2018-07-05 00:12 - 2018-07-05 00:12 - 000000019 _____ () C:\Users\Vanhelsing\AppData\Local\llftool.license
2018-09-29 11:28 - 2018-09-29 11:28 - 000000000 _____ () C:\Users\Vanhelsing\AppData\Local\oobelibMkey.log
2018-08-23 23:47 - 2018-08-23 23:47 - 000003384 _____ () C:\Users\Vanhelsing\AppData\Local\recently-used.xbel
2018-06-15 02:44 - 2018-06-15 02:44 - 000000017 _____ () C:\Users\Vanhelsing\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
2019-02-01 23:22 - 2019-02-01 23:23 - 069196560 _____ (BullGuard Ltd.) C:\Users\Vanhelsing\AppData\Local\Temp\BullGuard Internet Security Setup.exe
2019-02-02 02:05 - 2019-02-02 02:42 - 000192512 _____ () C:\Users\Vanhelsing\AppData\Local\Temp\sfamcc00001.dll
2019-02-02 02:05 - 2019-02-02 02:42 - 000158720 _____ () C:\Users\Vanhelsing\AppData\Local\Temp\sfareca00001.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-02-02 11:29
==================== End of FRST.txt ============================
Log II:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019
Ran by Vanhelsing (02-02-2019 22:59:14)
Running from C:\Users\Vanhelsing\Desktop
Windows 7 Home Basic Service Pack 1 (X64) (2013-12-05 14:05:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-3507022562-1330472618-3652623963-500 - Administrator - Disabled)
Invitado (S-1-5-21-3507022562-1330472618-3652623963-501 - Limited - Enabled)
Vanhelsing (S-1-5-21-3507022562-1330472618-3652623963-1000 - Administrator - Enabled) => C:\Users\Vanhelsing
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Disabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Disabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
FW: Kaspersky Internet Security (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\uTorrent) (Version: 3.5.3.44428 - BitTorrent Inc.)
4K Stogram 2.5 (HKLM-x32\...\{E138B7C5-04B0-4B06-8716-56772F85E524}) (Version: 2.5.1.1346 - Open Media LLC)
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
911 Operator - First Response version 1.0 (HKLM-x32\...\911 Operator - First Response_is1) (Version: 1.0 - PlayWay SA)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.89 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
AIMP (HKLM-x32\...\AIMP) (Version: v4.51.2084, 01.12.2018 - AIMP DevTeam)
AIMP2: Audio Tools (HKLM-x32\...\AIMP2at) (Version: - AIMP DevTeam)
Any DVD Converter Professional 6.3.0 (HKLM-x32\...\Any DVD Converter Professional_is1) (Version: - Any-DVD-Converter.com)
Any Video Converter Ultimate 6.3.0 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (32 bits) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.00 - Ubisoft)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
AVStoDVD 2.2.6 (HKLM-x32\...\AVStoDVD) (Version: 2.2.6 - MrC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Call of Duty Modern Warfare 2 (HKLM-x32\...\Call of Duty Modern Warfare 2_is1) (Version: - Activision)
Camtasia 9 (HKLM\...\{5B345FC0-9E6D-4D22-9718-682DB0CF2414}) (Version: 9.0.0.1306 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{357abfe9-0513-4326-9e53-3b7654e9819d}) (Version: 9.0.0.1306 - TechSmith Corporation)
CD Label Designer (HKLM-x32\...\CD Label Designer_is1) (Version: 5.4 - Dataland Software)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite 15 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 15.0 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DFX (HKLM-x32\...\DFX) (Version: 12.014.0.0 - Power Technology)
DJ_AIO_05_F4400_Software_Min (HKLM-x32\...\{A835C187-691C-4827-BCEA-1611179C96B9}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
EA Download Manager (HKLM-x32\...\{EF7E931D-DC84-471B-8DB6-A83358095474}) (Version: 4.0.0.455 - Electronic Arts) Hidden
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EAX Unified (HKLM-x32\...\EAX Unified) (Version: - )
F4400 (HKLM-x32\...\{08067AFD-4ECE-4454-80B4-31C859D4EDC1}) (Version: 140.0.696.000 - Hewlett-Packard) Hidden
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.1 - SAMSUNG)
Female Voices (HKLM-x32\...\{8339A1A4-765A-4B23-8950-86BD1382E37B}) (Version: 4.4.41 - Screaming Bee Inc.) Hidden
Female Voices for MorphVOX (HKLM-x32\...\{7deb85b1-333a-461a-9ae0-00b4b8a6e3e7}) (Version: 4.4.41 - Screaming Bee Inc.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Football Club Simulator (HKLM-x32\...\Football Club Simulator_is1) (Version: - )
Geosense for Windows (HKLM\...\{D617DF82-6046-44EB-AD4A-D3423319E12C}) (Version: 1.2.0.0 - Within Network, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Grand Theft Auto San Andreas versión 1.01 (HKLM-x32\...\Grand Theft Auto San Andreas_is1) (Version: 1.01 - Rockstar Games)
Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{A800FCC9-8E1E-4D84-9CED-47870701FDE1}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
iTunes (HKLM\...\{1E67C4CA-3AF5-4503-A65A-F52EAC07EEA6}) (Version: 12.9.3.3 - Apple Inc.)
Kaspersky Free (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
K-Lite Codec Pack 14.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.6.5 - KLCP)
La Santa Biblia 3D para PC v1.2 (HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\La Santa Biblia 3D para PC v1.2) (Version: - )
LibreOffice 6.1.3.2 (HKLM\...\{70F02214-8FF6-48DF-AF3E-7D1A5F7A6BAC}) (Version: 6.1.3.2 - The Document Foundation)
MAGIX Screenshare (HKLM-x32\...\{36B5C759-4243-48A4-A0C9-CAB0263DFF4C}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{8C37FCE0-C8BE-4EAC-82C1-809F1E6A0E8E}) (Version: 7.0.1.27 - MAGIX AG)
MAGIX Video deluxe 17 Premium Versión para descargar (HKLM-x32\...\{1BFA6275-B17A-41E8-87C3-6971D3EB214A}) (Version: 10.0.0.33 - MAGIX AG) Hidden
MAGIX Video deluxe 17 Premium Versión para descargar (HKLM-x32\...\MAGIX_MSI_Videodeluxe17_premium) (Version: 10.0.0.33 - MAGIX AG)
MAGIX Video deluxe 17 Premium Video Plugins (HKLM-x32\...\{F4457AF1-2B61-470A-AF28-77B9335E9E3C}) (Version: 1.0.0.0 - MAGIX AG)
Male Voices (HKLM-x32\...\{B199979A-29CC-4A0B-99FD-3F16E5BFC92E}) (Version: 4.4.41 - Screaming Bee Inc.) Hidden
Male Voices for MorphVOX (HKLM-x32\...\{4419f073-ac2b-4267-87d5-d31ec072be19}) (Version: 4.4.41 - Screaming Bee Inc.)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mass Effect 3 versión 1.5.5427.124 (HKLM-x32\...\Mass Effect 3_is1) (Version: 1.5.5427.124 - BioWare)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.7.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{57660847-B1F7-35BD-9118-F62EB863A598}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: - )
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MorphVOX Pro (HKLM-x32\...\{75B956F9-D72D-4929-B695-120D70E8AEE1}) (Version: 4.4.7 - Screaming Bee)
Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version: - )
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM-x32\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM-x32\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Ohm Force Hematohm VST2 v1.0 (HKLM-x32\...\Ohm Force Hematohm VST2 v1.0) (Version: - )
Ohm Force OhmBoyz DX v1.02 PRO (HKLM-x32\...\Ohm Force OhmBoyz DX v1.02 PRO) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 58.0.3135.53 (HKLM-x32\...\Opera 58.0.3135.53) (Version: 58.0.3135.53 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\{DDE3DECA-9139-4A39-9276-143ECA1DB75E}) (Version: 1.06.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.06 - Panda Security) Hidden
Paquete de controladores de Windows - Broadcom Corporation (bcbtums) Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\6A044848DB955BAB41313E7878DE4E2C68715F24) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Paquete de controladores de Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\524FB58AAB1C34915E5DAE6F9A7ABD1AA8C96614) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Paquete de controladores de Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\73EBF284DDB186EC3E526FEE77E2325097703596) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Paquete de controladores de Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\765E3A42F1EB7BB642F073A20918B588DC4D1193) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Personality Voices (HKLM-x32\...\{8CBE2745-56FD-40E6-94EE-6B46BDFF75B3}) (Version: 4.4.41 - Screaming Bee Inc.) Hidden
Personality Voices for MorphVOX (HKLM-x32\...\{348a7cdd-e826-4ccd-a00c-a9b0499a9fde}) (Version: 4.4.41 - Screaming Bee Inc.)
PhotoFiltre Studio X (HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\PhotoFiltre Studio X) (Version: - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixillion, convertidor de archivos de imagen (HKLM-x32\...\Pixillion) (Version: 2.91 - NCH Software)
Pro Evolution Soccer 2017 (HKLM-x32\...\{A3C10274-808C-4ADC-A13D-D94911180B58}_is1) (Version: - KONAMI)
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Quake 4(TM) 1.1 Patch (HKLM-x32\...\{7AF0B158-E0FF-463C-9828-948C21C409A7}) (Version: 1.0 - Nombre de su organización) Hidden
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.3.13.964 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Sniper Elite V2 (HKLM-x32\...\Sniper Elite V2_is1) (Version: - )
Sony Noise Reduction Plug-In 2.0h (HKLM-x32\...\{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}) (Version: 2.0.451 - Sony)
Special Effects Voices (HKLM-x32\...\{28D8A163-8142-45FE-8279-3FD50C84A0BC}) (Version: 4.4.41 - Screaming Bee Inc.) Hidden
Special Effects Voices for MorphVOX (HKLM-x32\...\{5b4f3c09-5434-4a26-9a45-e254c36aa51c}) (Version: 4.4.41 - Screaming Bee Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
StartHi uninstall (HKLM-x32\...\HStar) (Version: - )
Status (HKLM-x32\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Ninja versión 3.2.5 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.2.5 - SingularLabs)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.3399 - TeamViewer)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2014 (es-MX) (HKLM-x32\...\{460EA1C5-B71F-4DEA-99C1-A82016ADECD2}) (Version: 14.0.1000.340 - TuneUp Software)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{CFB5504F-BFBC-11E3-8794-F04DA23A5C58}) (Version: 13.0.290 - Sony)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Waves 4.0 (HKLM-x32\...\{4C4D25EB-6513-4702-8355-F4194DE2E1D9}) (Version: - )
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.6930 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinSnap (HKLM-x32\...\WinSnap) (Version: 4.0.3 - NTWind Software)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
Xion v1.5 (build 160) (HKLM-x32\...\Xion) (Version: 1.5 (build 160) - r2 Studios)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000_Classes\CLSID\{7539AD6A-2621-B2A7-2DFE-6F99A1700F41}\InprocServer32 -> C:\Windows\System32\ole32.dll (Microsoft Corporation)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2019-01-01] (AIMP DevTeam)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-02-01] (AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-02-01] (AO Kaspersky Lab)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2019-01-01] (AIMP DevTeam)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-02-01] (AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2016-04-22] (Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-02-01] (AO Kaspersky Lab)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {08D0DA00-9CCC-447F-9045-BCC542ED5F6A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\msoia.exe
Task: {3D973844-1CFB-444C-9093-AD5C8EF01428} - System32\Tasks\Opera scheduled Autoupdate 1468732425 => C:\Program Files (x86)\Opera\launcher.exe [2019-01-30] (Opera Software)
Task: {45F45D8B-827A-4A3E-B3EC-A6CECFD22822} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\msoia.exe
Task: {47BB6E05-0D4C-4C34-848E-8FF344F58EDB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-14] (Google Inc.)
Task: {4B46DF8D-CFEF-49A0-B924-4FB1F84B2F25} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {4E344D70-A62A-4E72-B73C-08D4115526B8} - System32\Tasks\AdobeGCInvoker-1.0-Vanhelsing-PC-Vanhelsing => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-12-21] (Adobe Systems, Incorporated)
Task: {5724C91B-A6C0-4C7C-B18E-2FF10D7A8A4F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-14] (Google Inc.)
Task: {75C9D7CB-7883-405F-960D-2570C0760719} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {8D22ED49-36A3-400C-A707-B9FBE26FB7C1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {91A47DFD-F60F-4493-9926-0B3F52AFABE9} - System32\Tasks\Driver Booster SkipUAC (Vanhelsing) => C:\Program Files (x86)\IObit\Driver Booster\5.5.1\DriverBooster.exe
Task: {9B550262-1B9F-4032-9CD6-AD929B609525} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {AFCE66B5-83AB-460F-B196-019817F7974A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {D87A7F39-CAEB-4130-B665-AF5DBA531D8F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2011-07-14 20:03 - 2008-06-04 20:53 - 000027648 _____ () C:\Windows\System32\spd__l.dll
2010-07-15 01:44 - 2010-07-15 01:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2019-01-17 21:49 - 2007-09-02 13:58 - 000495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2016-04-22 00:43 - 2016-04-22 00:43 - 000734720 _____ () C:\windows\system32\SnMinDrv.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-08-22 22:19 - 2018-08-22 22:19 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2019-01-17 21:49 - 2007-09-02 13:57 - 000069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2019-02-02 01:27 - 2019-02-02 01:27 - 000591960 _____ () C:\Program Files (x86)\Opera\58.0.3135.53\opera_elf.dll
2019-02-02 01:27 - 2019-02-02 01:27 - 092920920 _____ () C:\Program Files (x86)\Opera\58.0.3135.53\opera_browser.dll
2019-02-02 01:27 - 2019-02-02 01:26 - 004418136 _____ () C:\Program Files (x86)\Opera\58.0.3135.53\libglesv2.dll
2019-02-02 01:27 - 2019-02-02 01:26 - 000097880 _____ () C:\Program Files (x86)\Opera\58.0.3135.53\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7845 more sites.
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\1-2005-search.com -> www.1-2005-search.com
There are 12711 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-18 23:18 - 2019-02-01 00:36 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;
HKCU\Environment\\Path: %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;
HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Vanhelsing\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 186.130.128.111 - 200.63.155.64
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: a2AntiMalware => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AdvancedSystemCareService7 => 2
MSCONFIG\Services: AdvancedSystemCareService8 => 3
MSCONFIG\Services: AppProtectSvc => 2
MSCONFIG\Services: ASCAntivirusSrv => 2
MSCONFIG\Services: CleanMyPCService => 2
MSCONFIG\Services: cmcore => 2
MSCONFIG\Services: defragsvc => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: PCAppStoreSvc_{PCAppStore_4.10.1.7752} => 3
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: Samsung UPD Service => 2
MSCONFIG\Services: SDScannerService => 3
MSCONFIG\Services: SDUpdateService => 3
MSCONFIG\Services: SDWSCService => 3
MSCONFIG\Services: SensrSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WiseBootAssistant => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^IML.lnk => C:\windows\pss\IML.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Vanhelsing^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Enviar a OneNote.lnk => C:\windows\pss\Enviar a OneNote.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Vanhelsing^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IML.lnk => C:\windows\pss\IML.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Vanhelsing^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LibreOffice 6.1.lnk => C:\Windows\pss\LibreOffice 6.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud =>
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager =>
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AtomicAlarmClock6 =>
MSCONFIG\startupreg: Beautiful Christmas Tree =>
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} =>
MSCONFIG\startupreg: BtTray =>
MSCONFIG\startupreg: Christmas Garland Light =>
MSCONFIG\startupreg: Christmas Gift =>
MSCONFIG\startupreg: Christmas Globe =>
MSCONFIG\startupreg: Christmas snow globe =>
MSCONFIG\startupreg: ChristmasTree =>
MSCONFIG\startupreg: Chromium =>
MSCONFIG\startupreg: CLMLServer_For_P2G10 => "C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe"
MSCONFIG\startupreg: cmsc =>
MSCONFIG\startupreg: Cursor Snowflakes =>
MSCONFIG\startupreg: CursorXP =>
MSCONFIG\startupreg: D3DOverrider => "C:\Users\Vanhelsing\Desktop\D3DOverrider By Artutoriales\D3DOverriderWrapper.exe" /s
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: DelaypluginInstall =>
MSCONFIG\startupreg: deskTannenbaum =>
MSCONFIG\startupreg: Desktop Lighting Tree =>
MSCONFIG\startupreg: DesktopXmasTree =>
MSCONFIG\startupreg: DFX => C:\Program Files (x86)\DFX\DFX.exe -startup
MSCONFIG\startupreg: DivXUpdate =>
MSCONFIG\startupreg: EADM =>
MSCONFIG\startupreg: emsisoft anti-malware =>
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: eTree =>
MSCONFIG\startupreg: FAZ Start =>
MSCONFIG\startupreg: Funny Christmas Tree =>
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HEB Start =>
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: InstantBurn => C:\PROGRA~2\CyberLink\InstantBurn\Win2K\IBurn.exe
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Little Tree =>
MSCONFIG\startupreg: LiveChristmasTree =>
MSCONFIG\startupreg: Magic Tree =>
MSCONFIG\startupreg: Malwarebytes Anti-Exploit =>
MSCONFIG\startupreg: PCAppStore_AppStoreDeskTool =>
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: Plasticine Tree =>
MSCONFIG\startupreg: Power2GoExpress10 => "C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe" /Startup
MSCONFIG\startupreg: PowerDVD14Agent =>
MSCONFIG\startupreg: PowerDVD15Agent =>
MSCONFIG\startupreg: PowerDVD17Agent => "C:\Program Files (x86)\CyberLink\PowerDVD17\PowerDVD17Agent.exe"
MSCONFIG\startupreg: PWRISOVM.EXE =>
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RazerCortex => "C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe" -autorun
MSCONFIG\startupreg: Real Christmas Globe =>
MSCONFIG\startupreg: Red Christmas Tree =>
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray =>
MSCONFIG\startupreg: SFAUpdater =>
MSCONFIG\startupreg: Skype =>
MSCONFIG\startupreg: Smart File Advisor =>
MSCONFIG\startupreg: Snowman Garland =>
MSCONFIG\startupreg: Steam =>
MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MSCONFIG\startupreg: SUPERAntiSpyware =>
MSCONFIG\startupreg: SwitchBoard =>
MSCONFIG\startupreg: TrayServer => C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Version_para_descargar\TrayServer_es.exe
MSCONFIG\startupreg: TU Go =>
MSCONFIG\startupreg: TUT Start =>
MSCONFIG\startupreg: uTorrent => "C:\Users\Vanhelsing\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: Vivaldi Update Notifier => "C:\Users\Vanhelsing\AppData\Local\Vivaldi\Application\update_notifier.exe"
MSCONFIG\startupreg: Win Christmas Tree =>
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: XKQ Start =>
MSCONFIG\startupreg: YouCam Service7 => "C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe" /s
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1B6C23A7-AA30-45CF-A65D-A758D6EF7FE2}] => (Allow) C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
FirewallRules: [{0E7F8E68-55F6-4237-A12F-CD8984D2C88C}] => (Allow) C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
FirewallRules: [{0748DF4C-B837-49A9-A1F5-A6FE2FC49624}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe (Samsung Electronics Co., Ltd.)
FirewallRules: [{C60C3170-60F2-4E0E-9CC4-60C6A3DDF49A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe (Samsung Electronics Co., Ltd.)
FirewallRules: [{43BA01F2-1DB9-44B2-9674-D5CC229613B0}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe ()
FirewallRules: [{3534AFE8-D387-468F-8604-02B5BD9740B3}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe ()
FirewallRules: [TCP Query User{53296908-FF8C-449A-AFF1-60CF23D77CE1}C:\games\left4dead\left4dead.exe] => (Allow) C:\games\left4dead\left4dead.exe ()
FirewallRules: [UDP Query User{D589C904-8083-4667-B759-CFBE9AB6FE6A}C:\games\left4dead\left4dead.exe] => (Allow) C:\games\left4dead\left4dead.exe ()
FirewallRules: [{0BBB1EAF-A893-4044-B3C0-E5220E4818C3}] => (Allow) LPort=48113
FirewallRules: [{E731CCD2-AAE0-4FE9-8379-A3AF14B67E73}] => (Allow) LPort=48114
FirewallRules: [TCP Query User{1D789EA8-984E-473E-9FFF-576F4D608263}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation)
FirewallRules: [UDP Query User{50E9950B-7888-48CF-9F59-F48590C01B2D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation)
FirewallRules: [{F9826B03-5842-411D-BAC6-A4BCFD83E893}] => (Allow) LPort=8318
FirewallRules: [{08E862E1-464E-4257-A22D-657872C409E8}] => (Allow) C:\Users\Vanhelsing\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{E9522AAF-1190-480D-9B6A-2F00EEA431D5}] => (Allow) C:\Users\Vanhelsing\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [TCP Query User{A59D99ED-FBDE-47EC-B13D-38CCF86F189B}C:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) C:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe (BioWare)
FirewallRules: [UDP Query User{F3304FFB-CC6F-482A-A01C-C12FDD2E89E6}C:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) C:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe (BioWare)
FirewallRules: [TCP Query User{49D5146D-83AD-438D-A714-7FE54C9EA21B}C:\program files (x86)\ea games\need for speed most wanted 2012\nfs13.exe] => (Allow) C:\program files (x86)\ea games\need for speed most wanted 2012\nfs13.exe (Electronic Arts)
FirewallRules: [UDP Query User{ACDBA927-98FB-443D-871B-CF7C66E3A6AF}C:\program files (x86)\ea games\need for speed most wanted 2012\nfs13.exe] => (Allow) C:\program files (x86)\ea games\need for speed most wanted 2012\nfs13.exe (Electronic Arts)
FirewallRules: [{C03ED624-0A1C-4357-ACA2-C94C06035A17}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{B8B4FC8A-EC07-4F1C-A1FA-4914D2E9BE6D}C:\games\left4dead\left4dead.exe] => (Allow) C:\games\left4dead\left4dead.exe ()
FirewallRules: [UDP Query User{4DD147F0-0884-4F5C-B0E7-AF44931D7B2F}C:\games\left4dead\left4dead.exe] => (Allow) C:\games\left4dead\left4dead.exe ()
FirewallRules: [{FEA1BB96-B1E6-4DF4-9529-BA668FEC986A}] => (Allow) LPort=8370
FirewallRules: [{C74A87B6-8E65-44BA-ADC1-8386FBFC144C}] => (Allow) LPort=8370
FirewallRules: [{E1AADEC4-0248-4A0C-9F75-90D56B40533F}] => (Allow) LPort=8370
FirewallRules: [{F4942382-937B-4A59-AA7C-A7DEF96F156D}] => (Allow) LPort=8370
FirewallRules: [{0A0C68DD-58BB-4A5B-9A14-0E993803819F}] => (Allow) LPort=8393
FirewallRules: [{3126ED66-B411-442C-B9C8-109B552A65B2}] => (Allow) LPort=8393
FirewallRules: [{D76F2BD3-2769-4E3A-846E-B255E055BFCC}] => (Allow) LPort=8390
FirewallRules: [{56A2A065-C032-4865-BD7A-08312718E8E4}] => (Allow) LPort=8390
FirewallRules: [TCP Query User{5DAB2D75-568A-4F7A-AC38-25EFF423C4CC}C:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) C:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe (BioWare)
FirewallRules: [UDP Query User{AF91BFA0-1A49-4AB1-BC27-496AC2130C0F}C:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) C:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe (BioWare)
FirewallRules: [TCP Query User{7400E09A-9742-448D-921D-D875917FD59F}C:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) C:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe ()
FirewallRules: [UDP Query User{F0CC02F8-C4CF-4231-8CAA-CC7FC2881D51}C:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) C:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe ()
FirewallRules: [{B8292142-2E5F-4F8A-B0D5-4BB866D01DD3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
FirewallRules: [{417DB883-A82D-4210-95A1-9985D84E3F7D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{3B362D02-F88D-485D-89CC-FBE3AFDD8729}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{F93A91F1-B57F-4FBA-B319-6171C92DD5CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{3CFF95B3-73FC-492B-9B4D-9A9314CA3224}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{BCC65524-C9C4-4116-8490-0C1E09DF61E4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{2A7B553A-48AB-4ABE-9243-077E325F6816}] => (Allow) C:\Program Files (x86)\Opera\57.0.3098.116\opera.exe (Opera Software)
FirewallRules: [{5C1C5945-2622-4720-B8C7-AD2548CE099C}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe (Ubisoft)
FirewallRules: [{DDA10C5E-2E1F-4326-B258-60FB533158EE}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe (Ubisoft)
FirewallRules: [{F3288EC2-2568-4503-9293-511CE414AF9E}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe (Ubisoft)
FirewallRules: [{25CEBF48-736B-4496-AB7D-EB2C5F25F35F}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe (Ubisoft)
FirewallRules: [{70118E6A-F49F-4122-9B7C-15AB1A9DE827}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe (Ubisoft)
FirewallRules: [{647EA951-44DF-496C-9FB0-23AC31A9A097}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe (Ubisoft)
FirewallRules: [{0EF2E087-EF34-4581-92D2-432366D48273}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
FirewallRules: [{A9D77730-6C6E-4794-8E72-5BFAE8A9BAD6}] => (Allow) C:\Program Files (x86)\Opera\58.0.3135.53\opera.exe (Opera Software)
==================== Restore Points =========================
02-02-2019 01:12:00 Punto de control programado
02-02-2019 01:51:20 Installed MorphVOX Pro
02-02-2019 01:57:58 Female Voices for MorphVOX
02-02-2019 01:58:31 Male Voices for MorphVOX
02-02-2019 01:59:26 Personality Voices for MorphVOX
02-02-2019 02:00:31 Special Effects Voices for MorphVOX
==================== Faulty Device Manager Devices =============
Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: MpKsl577c14db
Description: MpKsl577c14db
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl577c14db
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/02/2019 10:30:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10030
Error: (02/02/2019 10:30:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10030
Error: (02/02/2019 10:30:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/02/2019 10:30:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9032
Error: (02/02/2019 10:30:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9032
Error: (02/02/2019 10:30:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/02/2019 10:30:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8018
Error: (02/02/2019 10:30:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8018
System errors:
=============
Error: (02/02/2019 10:34:55 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80070422" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.
Error: (02/02/2019 10:34:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio Netman.
Error: (02/02/2019 10:28:53 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80070422" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.
Error: (02/02/2019 10:27:53 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80070422" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.
Error: (02/02/2019 10:25:36 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80070422" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.
Error: (02/02/2019 10:24:36 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80070422" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.
Error: (02/02/2019 10:21:51 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80070422" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.
Error: (02/02/2019 10:20:51 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80070422" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.
Windows Defender:
===================================
Date: 2014-02-05 23:07:03.486
Description:
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=MonitoringTool:Win32/Ardamax&threatid=14849
Nombre:MonitoringTool:Win32/Ardamax
Id.:14849
Gravedad:Grave
Categoría:Software de supervisión
Ruta de acceso encontrada:containerfile:C:\Users\Vanhelsing\Desktop\Ardamax 4.0.1.rar;file:C:\Users\Vanhelsing\Desktop\Ardamax 4.0.1.rar->setup_akl.exe;filelocalcopy:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{248882FC-574D-48BD-9D36-E12CD9881257}-Ardamax 4.0.1.rar;filelocalcopy:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{7C5725D9-164C-46BD-BD68-5D450218BA08}-Ardamax 4.0.1.rar;webfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{248882FC-574D-48BD-9D36-E12CD9881257}-Ardamax 4.0.1.rar|http://download1215.mediafire.com/3zzt9sv9geqg/vrz9mx4zwls46x9/Ardamax+4.0.1.rar;webfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{7C5725D9-164C-46BD-BD68-5D450218BA08}-Ardamax 4.0.1.rar|http://download717.mediafire.com/7joncgvlf29g/vrz9mx4zwls46x9/Ardamax+4.0.1.rar;webfile:C:\Users\Vanhelsing\Desktop\Ardamax 4.0.1.rar|http://download1215.mediafire.com/3zzt9sv9geqg/vrz9mx4zwls46x9/Ardamax+4.0.1.rar;webfile:C:\Users\Vanhelsing\Desktop\Ardamax 4.0.1.rar|http://download717.mediafire.com/7joncgvlf29g/vrz9mx4zwls46x9/Ardam
Tipo de detección:Concreto
Origen de detección:Descargas y datos adjuntos
Estado:Desconocido
Usuario:Vanhelsing-PC\Vanhelsing
Nombre de proceso:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Date: 2014-02-05 23:04:47.579
Description:
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=MonitoringTool:Win32/Ardamax&threatid=14849
Nombre:MonitoringTool:Win32/Ardamax
Id.:14849
Gravedad:Grave
Categoría:Software de supervisión
Ruta de acceso encontrada:containerfile:C:\Users\Vanhelsing\Desktop\Ardamax 4.0.1.rar;file:C:\Users\Vanhelsing\Desktop\Ardamax 4.0.1.rar->setup_akl.exe;filelocalcopy:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{248882FC-574D-48BD-9D36-E12CD9881257}-Ardamax 4.0.1.rar;webfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{248882FC-574D-48BD-9D36-E12CD9881257}-Ardamax 4.0.1.rar|http://download1215.mediafire.com/3zzt9sv9geqg/vrz9mx4zwls46x9/Ardamax+4.0.1.rar;webfile:C:\Users\Vanhelsing\Desktop\Ardamax 4.0.1.rar|http://download1215.mediafire.com/3zzt9sv9geqg/vrz9mx4zwls46x9/Ardamax+4.0.1.rar
Tipo de detección:Concreto
Origen de detección:Descargas y datos adjuntos
Estado:Desconocido
Usuario:Vanhelsing-PC\Vanhelsing
Nombre de proceso:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Date: 2014-02-05 22:48:14.524
Description:
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=MonitoringTool:Win32/Ardamax&threatid=14849
Nombre:MonitoringTool:Win32/Ardamax
Id.:14849
Gravedad:Grave
Categoría:Software de supervisión
Ruta de acceso encontrada:file:C:\ProgramData\SUS\SUS.exe;process:pid:3188
Tipo de detección:Concreto
Origen de detección:Protección en tiempo real
Estado:Desconocido
Usuario:\
Nombre de proceso:
Date: 2014-02-05 22:58:14.381
Description:
Windows Defender encontró un error al tomar medidas ante spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=MonitoringTool:Win32/Ardamax&threatid=14849
Usuario:\
Nombre:MonitoringTool:Win32/Ardamax
Id.:14849
Gravedad:Grave
Categoría:Software de supervisión
Ruta de acceso:
Acción:Quitar
Código de error:0x80508023
Descripción de error:El programa no encontró spyware ni cualquier otro software potencialmente no deseado en este equipo.
Estado:
CodeIntegrity:
===================================
Date: 2018-12-28 00:56:39.779
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2018-12-28 00:56:39.715
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2018-12-28 00:56:39.556
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2018-12-28 00:53:08.641
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2018-12-28 00:53:08.594
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2018-12-28 00:53:08.516
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2016-01-18 10:41:38.116
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2016-01-18 10:41:38.053
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 82%
Total physical RAM: 2932.56 MB
Available physical RAM: 506.69 MB
Total Virtual: 5863.27 MB
Available Virtual: 3363.96 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:409.71 GB) (Free:124.4 GB) NTFS
Drive g: (MICROSD) (Removable) (Total:1.83 GB) (Free:0.01 GB) NTFS
\\?\Volume{2156f7c5-ae71-11e0-a584-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS
\\?\Volume{27c67b14-5d51-11e3-a631-806e6f6e6963}\ () (Fixed) (Total:0 GB) (Free:0 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0C4E138D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=409.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.8 GB) - (Type=27)
Partition 4: (Not Active) - (Size=34.2 GB) - (Type=05)
========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: 0B5EC6BC)
Partition 1: (Not Active) - (Size=1.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
SanMar
3 Febrero, 2019 03:45
#28
Hola:
Ejecutas nuevamente FRST pero esta vez será de diferente manera.
1.- Cuando la herramienta este lista para usar en Search
{460EA1C5-B71F-4DEA-99C1-A82016ADECD2}
Y esta vez presionas en Search Registry NO
Te dará un reporte, ya sabes lo traes.
2.- Luego vuelves a ejecutarla, en Search escribes:
Y pulsas en "Search Files"
Traes también ese reporte.
Salu2.
Hola…
Acá traigo los reportes:
Farbar Recovery Scan Tool (x64) Version: 4.02.2019
Ran by Vanhelsing (04-02-2019 00:52:18)
Running from C:\Users\Vanhelsing\Desktop
Boot Mode: Normal
================== Search Registry: "{460EA1C5-B71F-4DEA-99C1-A82016ADECD2}" ===========
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{460EA1C5-B71F-4DEA-99C1-A82016ADECD2}]
====== End of Search ======
SanMar
4 Febrero, 2019 05:38
#30
Hola:
Falta la del punto 2 “Search files” TunUp.
Salu2.
Hola, perdona, tardo un poco mas de lo necesario.
Farbar Recovery Scan Tool (x64) Version: 4.02.2019
Ran by Vanhelsing (04-02-2019 22:49:53)
Running from C:\Users\Vanhelsing\Desktop\FRST-OlderVersion
Boot Mode: Normal
================== Search Files: "TuneUp" =============
====== End of Search ======
SanMar
5 Febrero, 2019 05:10
#32
Hola:
Sigue estos pasos:
1.- Muy
Importante >>> Realizar una copia de Seguridad de su
Registro.
Descarga DelFix
Clic Derecho, “Ejecutar como Administrador” .
En la ventana principal, marca solamente la casilla “Create Registry Backup”.
Clic en Run
Al terminar se abrirá un reporte llamado DelFix.txt , guárdelo por si fuera necesario y cierre la herramienta…
2.- Desactiva Temporalmente tu antivirus.
3.- Abre un nuevo archivo Notepad y copia y pega este contenido:
Start
CloseProcesses:
CreateRestorePoint:
[-KEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{460EA1C5-B71F-4DEA-99C1-A82016ADECD2}]
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] C:\Windows\System32\0 [0 2016-05-15] ()
HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000 -> {DB5BFFD0-F555-4008-AFDE-DA0571CFDFFE} URL = hxxps://www.google.com/search?q={searchTerms}
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [158848 2016-04-13] (Zemana Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-06-07] ()
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2012-01-05] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S1 MpKsl577c14db; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5485FB1B-D983-417A-AF15-3307AE2F1C4E}\MpKsl577c14db.sys [X]
2019-02-01 23:22 - 2019-02-01 23:24 - 000000000 ____D C:\ProgramData\BullGuard
2019-02-01 00:36 - 2018-10-30 00:37 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-02-01 23:22 - 2019-02-01 23:23 - 069196560 _____ (BullGuard Ltd.) C:\Users\Vanhelsing\AppData\Local\Temp\BullGuard Internet Security Setup.exe
2019-02-02 02:05 - 2019-02-02 02:42 - 000192512 _____ () C:\Users\Vanhelsing\AppData\Local\Temp\sfamcc00001.dll
2019-02-02 02:05 - 2019-02-02 02:42 - 000158720 _____ () C:\Users\Vanhelsing\AppData\Local\Temp\sfareca00001.dll
Panda Devices Agent (HKLM-x32\...\{DDE3DECA-9139-4A39-9276-143ECA1DB75E}) (Version: 1.06.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.06 - Panda Security) Hidden
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
Lo guardas bajo el nombre de fixlist.txt Esto es muy importante.
Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.
Ejecutas Frst.exe.
Presionas el botón Fix
La Herramienta guardara el reporte en tu escritorio (Fixlog.txt ).
Lo pegas en tu próxima respuesta.
Nos comentas .
Salu2.
Hola.
Fix result of Farbar Recovery Scan Tool (x64) Version: 4.02.2019
Ran by Vanhelsing (05-02-2019 23:43:23) Run:2
Running from C:\Users\Vanhelsing\Desktop
Loaded Profiles: Vanhelsing (Available Profiles: Vanhelsing)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
[-KEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{460EA1C5-B71F-4DEA-99C1-A82016ADECD2}]
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] C:\Windows\System32\0 [0 2016-05-15] ()
HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3507022562-1330472618-3652623963-1000 -> {DB5BFFD0-F555-4008-AFDE-DA0571CFDFFE} URL = hxxps://www.google.com/search?q={searchTerms}
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [158848 2016-04-13] (Zemana Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-06-07] ()
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2012-01-05] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S1 MpKsl577c14db; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5485FB1B-D983-417A-AF15-3307AE2F1C4E}\MpKsl577c14db.sys [X]
2019-02-01 23:22 - 2019-02-01 23:24 - 000000000 ____D C:\ProgramData\BullGuard
2019-02-01 00:36 - 2018-10-30 00:37 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-02-01 23:22 - 2019-02-01 23:23 - 069196560 _____ (BullGuard Ltd.) C:\Users\Vanhelsing\AppData\Local\Temp\BullGuard Internet Security Setup.exe
2019-02-02 02:05 - 2019-02-02 02:42 - 000192512 _____ () C:\Users\Vanhelsing\AppData\Local\Temp\sfamcc00001.dll
2019-02-02 02:05 - 2019-02-02 02:42 - 000158720 _____ () C:\Users\Vanhelsing\AppData\Local\Temp\sfareca00001.dll
Panda Devices Agent (HKLM-x32\...\{DDE3DECA-9139-4A39-9276-143ECA1DB75E}) (Version: 1.06.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.06 - Panda Security) Hidden
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************
Processes closed successfully.
Restore point was successfully created.
[-KEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{460EA1C5-B71F-4DEA-99C1-A82016ADECD2}] => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ForceActiveDesktopOn" => removed successfully
"HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks" => removed successfully
HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DB5BFFD0-F555-4008-AFDE-DA0571CFDFFE} => removed successfully
HKLM\Software\Classes\CLSID\{DB5BFFD0-F555-4008-AFDE-DA0571CFDFFE} => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\amkpcclbbgegoafihnpgomddadjhcadd => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\amkpcclbbgegoafihnpgomddadjhcadd => removed successfully
HKLM\System\CurrentControlSet\Services\keycrypt => removed successfully
keycrypt => service removed successfully
lirsgt => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\lirsgt => removed successfully
lirsgt => service removed successfully
HKLM\System\CurrentControlSet\Services\pwdrvio => removed successfully
pwdrvio => service removed successfully
HKLM\System\CurrentControlSet\Services\pwdspio => removed successfully
pwdspio => service removed successfully
HKLM\System\CurrentControlSet\Services\REN2CAP_DRIVER => removed successfully
REN2CAP_DRIVER => service removed successfully
HKLM\System\CurrentControlSet\Services\UnlockerDriver5 => removed successfully
UnlockerDriver5 => service removed successfully
HKLM\System\CurrentControlSet\Services\MpKsl577c14db => removed successfully
MpKsl577c14db => service removed successfully
C:\ProgramData\BullGuard => moved successfully
C:\Windows\System32\Tasks\Avast Software => moved successfully
"C:\Users\Vanhelsing\AppData\Local\Temp\BullGuard Internet Security Setup.exe" => not found
"C:\Users\Vanhelsing\AppData\Local\Temp\sfamcc00001.dll" => not found
"C:\Users\Vanhelsing\AppData\Local\Temp\sfareca00001.dll" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DDE3DECA-9139-4A39-9276-143ECA1DB75E}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Panda Devices Agent\\SystemComponent" => removed successfully
========= ipconfig /flushdns =========
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
========= End of CMD: =========
========= ipconfig /renew =========
Configuraci¢n IP de Windows
No se puede realizar ninguna operaci¢n en Conexi¢n de rea local 2 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de red Bluetooth 3 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de red inal mbrica 2 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de rea local mientras los medios
est‚n desconectados.
Adaptador de Ethernet Conexi¢n de rea local 2:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de Ethernet Conexi¢n de red Bluetooth 3:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica 2:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica:
Sufijo DNS espec¡fico para la conexi¢n. . : domain.name
V¡nculo: direcci¢n IPv6 local. . . : fe80::b841:de3:1290:ab57%12
Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.33
M scara de subred . . . . . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada . . . . . : fe80::a264:8fff:fea3:f211%12
192.168.1.1
Adaptador de Ethernet Conexi¢n de rea local:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= netsh winsock reset =========
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Aceptar
========= End of CMD: =========
========= netsh int ipv4 reset =========
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= End of CMD: =========
========= netsh int ipv6 reset =========
No hay valores configurados por el usuario para restablecer.
========= End of CMD: =========
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3507022562-1330472618-3652623963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 73072239 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 161914 B
Edge => 0 B
Chrome => 44131 B
Firefox => 0 B
Opera => 82898372 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Vanhelsing => 6108861 B
RecycleBin => 0 B
EmptyTemp: => 162.8 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 23:45:44 ====
Actualmente todo se mantiene en orden, sin errores, ni nada parecido.
SanMar
6 Febrero, 2019 05:25
#35
Hola @Spyrobot_2079 :
Perfecto, para ir terminando y eliminar las herramientas utilizadas:
1.- Ejecutas >> Delfix a tu escritorio.
Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)
Marca las casilla Remove disinfection tools y Purgue Sistem Restore
Pulsar en Run
Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.
2.- La clave del registro relacionada a TuneUp aun no se elimina, has manipulado alguna vez el registro de Windows como para intentar eliminarla manualmente dándote el paso a paso.?
Salu2.
Buenas
La clave del registro relacionada a TuneUp aun no se elimina, has manipulado alguna vez el registro de Windows como para intentar eliminarla manualmente dándote el paso a paso.?
Si, borre desde editor de registro.
SanMar
7 Febrero, 2019 06:48
#37
Hola:
Perfecto, dinos si ya todo está en orden para dar por resuelto el tema.
Salu2.
Hola SanMar, si puedes dar el tema por resuelta. Gracias por dedicar tiempo y brindar una agradable ayuda a mi problema.
SanMar
8 Febrero, 2019 04:21
#39
Hola @Spyrobot_2079
Para otros problemas, ya sabes donde encontrarnos…!
Tema Solucionado
