Firefox lento y se congela muy fastidioso

Hola a toods, mi problema es que el firefox no esta agil, esta actualizado y solo le agregue el ublock origin con el que nunca tuve problemas, abro 3 o 4 ventanas y ya se congela x varios segundos y en modo privado es aun peor, algo que hice es reiniciarlo tal como viene al instalarse, despues hice limpieza con ccleaner y advanced system care 10.4. Los videos del face tambien se traban funcionan 10 seg y se congelan

PC de escrritorio con win 8.1 4 gb de RAM Baidu antivirus

saludos

Hola @anibalbarca, bienvenido.

Hasta donde se Baidu ya no se actualiza, ya intentaste hacer lo mismo con otro navegador?

Puede que tengas alguna infección.

Saludos.

sera eso? la ultima actualizacion figura el 21 de agosto de este año, hoy firefox ya se enlentecia al abrir una segunda pestaña

Ya intentaste con otro navegador?

Eso solo lo sabremos si se analiza la pc, si gustas podemos pedir a alguien del @staff que nos apoye en el análisis.

Saludos…

creo que me convendria hacer eso, tal vez si el Baidus no corre mas, que me aconsejen otro antivirus y analizar la pc, gracias.

Entendido.

Creo que la mejor opción gratuita sería Kaspersky free o si dispones para poder comprar una licencia también podríamos recomendarte alguna solución.

Ahora pediremos a alguien del @staff que nos ayude o algún compañero duro en el tema en los análisis y/o desinfección en caso se encuentre alguna infección.

Saludos y quedas en buenas manos.

Hola chicos y permiso:

@anibalbarca

Desinstala con Revo Uninstaller en su Modo Avanzado:

  • Baidu y Advanced System Care.

Manual de Revo Uninstaller.

No reinstales aun ningún Antivirus hasta que finalicemos.


Luego realiza lo siguiente:

1.- Descarga, instala y/o actualiza a las siguientes herramientas:

2.- Ejecutas respetando el orden los pasos con todos los programas cerrados incluido los navegadores

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
  • Cuando lo instales destilda las casillas para no permitir la instalación de CcleanerBrowser.
  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado marcando todas las unidades
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

3.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: ¿Como Pegar reportes en el Foro?

Nos comentas.

Salu2

1 me gusta

Hola gracias por responder, hice todos los pasos sugeridos aunque anteriormente x mi cuenta habia escaneado la pc con algunas de esas herramientas. Ahora estoy sin antivirus y sin Advanced System Care, paso a pegar los informes finales. Un comentario siempre que paso el CCleaner me quedan cuatro archivos de IE que no se eliminan

Este es el primero de Malwarebytes

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 24/10/19
Hora del análisis: 21:05
Archivo de registro: 2d33552a-f6bb-11e9-8093-f079596d682c.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.629
Versión del paquete de actualización: 1.0.13057
Licencia: Gratis

-Información del sistema-
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: JuanPC\Juan

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 278252
Amenazas detectadas: 34
Amenazas en cuarentena: 34
Tiempo transcurrido: 9 min, 6 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 4
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, En cuarentena, [3817], [398206],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, En cuarentena, [3817], [380353],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, En cuarentena, [3817], [380352],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, En cuarentena, [3817], [396386],1.0.13057

Módulo: 5
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, En cuarentena, [3817], [398206],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, En cuarentena, [3817], [380353],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, En cuarentena, [3817], [380352],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, En cuarentena, [3817], [396386],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, En cuarentena, [3817], [396386],1.0.13057

Clave del registro: 8
PUP.Optional.DriverToolkit, HKU\S-1-5-21-2367333327-3174498308-918219143-1001\SOFTWARE\DriverToolkit, En cuarentena, [1058], [512874],1.0.13057
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC10_PerformanceMonitor, En cuarentena, [3817], [380341],1.0.13057
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9391B069-A45E-44B5-B3CA-5574A71201E0}, En cuarentena, [3817], [380341],1.0.13057
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{9391B069-A45E-44B5-B3CA-5574A71201E0}, En cuarentena, [3817], [380341],1.0.13057
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC10_SkipUac_Juan, En cuarentena, [3817], [380341],1.0.13057
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{31C24EB3-B2D0-4458-B76E-594A1D910BCD}, En cuarentena, [3817], [380341],1.0.13057
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{31C24EB3-B2D0-4458-B76E-594A1D910BCD}, En cuarentena, [3817], [380341],1.0.13057
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService10, En cuarentena, [3817], [380352],1.0.13057

Valor del registro: 1
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-2367333327-3174498308-918219143-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 10, En cuarentena, [3817], [380353],1.0.13057

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 3
PUP.Optional.DriverToolkit, C:\Program Files (x86)\DriverToolkit\Download, En cuarentena, [1058], [512876],1.0.13057
PUP.Optional.DriverToolkit, C:\Program Files (x86)\DriverToolkit\Backup, En cuarentena, [1058], [512876],1.0.13057
PUP.Optional.DriverToolkit, C:\PROGRAM FILES (X86)\DRIVERTOOLKIT, En cuarentena, [1058], [512876],1.0.13057

Archivo: 13
PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 10.lnk, En cuarentena, [3817], [380338],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC10_PerformanceMonitor, En cuarentena, [3817], [380341],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, En cuarentena, [3817], [398206],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC10_SkipUac_Juan, En cuarentena, [3817], [380341],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, En cuarentena, [3817], [380353],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, En cuarentena, [3817], [380352],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, En cuarentena, [3817], [396386],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Advanced SystemCare 10.lnk, En cuarentena, [3817], [396386],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, En cuarentena, [3817], [396386],1.0.13057
HackTool.FilePatch, C:\PROGRAM FILES\DAEMON TOOLS PRO\2.EXE, En cuarentena, [7620], [281135],1.0.13057
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\REGISTRYDEFRAGBOOTTIME.EXE, En cuarentena, [3817], [396386],1.0.13057
HackTool.Patcher, C:\USERS\JUAN\DOWNLOADS\ADOBE.SNR.PATCH.V2.0-PAINTER.ZIP, En cuarentena, [7645], [473286],1.0.13057
PUP.Optional.DriverToolkit, C:\USERS\JUAN\DOWNLOADS\DRIVERTOOLKITINSTALLER.EXE, En cuarentena, [1058], [512879],1.0.13057

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Este es el final realizado ayer:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 29/10/19
Hora del análisis: 20:58
Archivo de registro: 0fff81ea-faa8-11e9-9873-f079596d682c.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.629
Versión del paquete de actualización: 1.0.13111
Licencia: Gratis

-Información del sistema-
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: JuanPC\Juan

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 297195
Amenazas detectadas: 3
Amenazas en cuarentena: 3
Tiempo transcurrido: 3 hr, 48 min, 28 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 3
RiskWare.GameHack, C:\MAGO NICO\TALES\STEAM_API.DLL, En cuarentena, [7451], [305544],1.0.13111
Generic.Malware/Suspicious, E:\PC2\GUITAR PRO 6 GOLDESCARGAS O FIUXY.NET\GUITAR.PRO.V6.1.1 R10791.WINDOWS.KEYMAKER-EMBRACE\KEYGEN ACTIVAR\KEYGEN.EXE, En cuarentena, [0], [392686],1.0.13111
HackTool.FilePatch, E:\PROGRAMAS\DM82708-SFT\CRACK\2.EXE, En cuarentena, [7609], [281135],1.0.13111

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

AdwCleaner:

# -------------------------------
# Malwarebytes AdwCleaner 7.4.2.0
# -------------------------------
# Build:    10-21-2019
# Database: 2019-10-21.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-30-2019
# Duration: 00:00:01
# OS:       Windows 8.1 Pro
# Cleaned:  2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 10
Deleted       HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [15697 octets] - [30/10/2019 15:31:32]
AdwCleaner[S00].txt - [2536 octets] - [30/10/2019 15:35:36]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 7.4.2.0
# -------------------------------
# Build:    10-21-2019
# Database: 2019-10-21.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-30-2019
# Duration: 00:00:14
# OS:       Windows 8.1 Pro
# Scanned:  35182
# Detected: 10


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 10

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS 
Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\Juan\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8EF98706-3C4B-4C5B-B035-01187E17D0E6} 
Preinstalled.SamsungSmartSwitch   Folder   C:\Users\Juan\AppData\Roaming\SAMSUNG\SMART SWITCH PC 


AdwCleaner_Debug.log - [11300 octets] - [30/10/2019 15:31:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Luego queda el debug log pero no se si es necesario.

ZHPCleaner:

~ ZHPCleaner v2019.10.29.155 by Nicolas Coolman (2019/10/29)
~ Run by Juan (Administrator)  (30/10/2019 15:46:55)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\Juan\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\Juan\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1 Pro, 64-bit  (Build 9600)

---\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados. (ADS)

Luego queda el debug log pero no se si es necesario

---\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados. (Servicio)

---\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados. (Navegador)

---\  Hosts carpeta (1)
~ El archivo hosts es legítimo (26)

---\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados. (Tarea)

---\  Explorador ( Archivos, Carpetas ) (0)
~ No malintencionados o innecesarios artículos encontrados. (Explorer)

---\  Registro ( Claves, Valores, Datos) (0)
~ No malintencionados o innecesarios artículos encontrados. (Register)

---\ Resultado de la reparación.
~ ninguna reparación hecha
~ Mozilla Firefox OK
~ Internet Explorer OK

---\ STATISTIQUES
~ Items escaneado : 97523
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0
~ End of search in 00h08mn55s

Hola @anibalbarca

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

Gracias por responder tan rapido, se nota mejora en el navegador, ahi van los reportes:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2019 01
Ran by Juan (administrator) on JUANPC (30-10-2019 21:12:57)
Running from C:\Users\Juan\Downloads
Loaded Profiles: Juan (Available Profiles: Juan)
Platform: Windows 8.1 Pro (X64) Language: Español (España, internacional)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2367333327-3174498308-918219143-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2367333327-3174498308-918219143-1001\...\MountPoints2: {9b0281c3-ee57-11e5-824d-806e6f6e6963} - "D:\autorun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-03-26]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17519055-9E2A-47D1-856E-5DA9B1291879} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Juan => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
Task: {349BFB00-E21B-48CE-A730-5C9F2D2EAB65} - System32\Tasks\{9F471158-74AA-49DC-B30E-4FCEA71AB9BE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\EA SPORTS\F1 2002\F1_2002_Uninst.exe" -d "C:\Program Files (x86)\EA SPORTS\F1 2002"
Task: {65927725-DC6A-47A3-8657-4FEF915AD083} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_Plugin.exe [1457720 2019-10-09] (Adobe Inc. -> Adobe)
Task: {78621C35-CB72-464C-97F8-C863247B2931} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-27] (Google Inc -> Google LLC)
Task: {7F1EA09D-803F-4A2C-8E06-AFC65066332A} - System32\Tasks\{74173D8B-F6C4-4CD5-95C0-75B2EA939DC3} => C:\Windows\system32\pcalua.exe -a E:\BACKUP\ESCRITORIO\Heritage\Heritage.exe -d E:\BACKUP\ESCRITORIO\Heritage
Task: {84AA43D5-8B31-482D-87AD-D8DCA4E1411C} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => C:\Windows\system32\CScript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {8BA6705A-FEF2-4672-A772-E5B588AA22B1} - System32\Tasks\{B9660070-C5BE-4815-9CAE-9B9FDE07491F} => C:\Windows\system32\pcalua.exe -a "C:\MAGO NICO\Finders\Finders.exe" -d "C:\MAGO NICO\Finders\"
Task: {AAFE732F-F6AE-41B8-A466-F91DA34734DD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BE1EDF87-E54D-4E25-9296-7EAD64848E9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [144248 2019-10-10] (HP Inc. -> HP Inc.)
Task: {CD86C7E9-4EDA-4E1F-BAE4-1D0178B3CB05} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-27] (Google Inc -> Google LLC)
Task: {CDE0B91B-09C9-406B-8C76-DE9B84231D19} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {CEBE2049-58D5-4290-8484-34BB85E62925} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {CFF6A83A-BC8A-40D6-BD89-EB35F1767E2C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {D6B81E87-B782-4FD4-AA30-DFBBB93775C7} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {D6BAC22A-B783-4FBD-B728-280E23C1D08D} - System32\Tasks\{1C1D03E9-8426-47EC-919C-0445C9F64816} => C:\Windows\system32\pcalua.exe -a "D:\sims expansiones 1\The sims house party\The Sims House Party\RegSetup.exe" -d "D:\sims expansiones 1\The sims house party\The Sims House Party"
Task: {E8960B10-D751-42AE-9AFE-91B430501290} - \Baidu Antivirus Update -> No File <==== ATTENTION
Task: {EA3C8980-606C-474B-8227-806C85B7544D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-10-09] (Adobe Inc. -> Adobe)
Task: {F020C1D5-6F0F-4C96-BD03-6BE6511056DD} - System32\Tasks\AdobeGCInvoker-1.0-JuanPC-Juan => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 186.130.128.250 186.130.129.250
Tcpip\..\Interfaces\{0B2807ED-4295-4A6D-AD67-5E24D9D1610C}: [DhcpNameServer] 186.130.128.250 186.130.129.250

Internet Explorer:
==================
HKU\S-1-5-21-2367333327-3174498308-918219143-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF DefaultProfile: hi10i433.default-1571870437584
FF ProfilePath: C:\Users\Juan\AppData\Roaming\Mozilla\Firefox\Profiles\hi10i433.default-1571870437584 [2019-10-30]
FF Homepage: Mozilla\Firefox\Profiles\hi10i433.default-1571870437584 -> hxxps://www.infobae.com/
FF Extension: (uBlock Origin) - C:\Users\Juan\AppData\Roaming\Mozilla\Firefox\Profiles\hi10i433.default-1571870437584\Extensions\[email protected] [2019-10-24]
FF Extension: (NoScript) - C:\Users\Juan\AppData\Roaming\Mozilla\Firefox\Profiles\hi10i433.default-1571870437584\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-10-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_270.dll [2019-10-09] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_270.dll [2019-10-09] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30401.0.dll [2008-03-31] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default [2019-10-30]
CHR Extension: (Presentaciones) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-05]
CHR Extension: (Docs) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-05]
CHR Extension: (Google Drive) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-05]
CHR Extension: (YouTube) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-05]
CHR Extension: (Hojas de cálculo) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-05]
CHR Extension: (Gmail) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-05]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [246784 2015-08-03] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [360312 2019-10-14] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation -> Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation -> Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation -> Microsoft Corporation)
S2 BavSvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavSvc.exe" [X]
S2 BHipsSvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BHipsSvc.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [21622784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [665088 2015-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [81608 2014-03-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [23752 2014-03-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 athur; C:\Windows\system32\DRIVERS\athuw8x.sys [3744256 2012-11-21] (Qualcomm Atheros Communications, Inc.) [File not signed]
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [304296 2018-04-28] (Disc Soft Ltd -> Alcohol Soft Development Team)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
S3 bdark64; C:\Windows\system32\drivers\bdark64.sys [78792 2015-05-27] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> )
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [236920 2015-03-05] (Baidu Online Network Technology (Beijing)Co., Ltd -> Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [62920 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [62792 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [485672 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [169416 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 dot4usb; C:\Windows\system32\DRIVERS\dot4usb.sys [49056 2012-09-25] (Hewlett-Packard Company -> Microsoft Corporation)
S3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30264 2018-04-21] (Disc Soft Ltd -> Disc Soft Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2018-04-28] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 usbfilter; C:\Windows\system32\DRIVERS\usbfilter.sys [58536 2013-03-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BdCameraProtect64.sys [X]
S3 Bnmon; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\Bnmon64.sys [X]
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-30 21:12 - 2019-10-30 21:14 - 000020693 _____ C:\Users\Juan\Downloads\FRST.txt
2019-10-30 21:11 - 2019-10-30 21:13 - 000000000 ____D C:\FRST
2019-10-30 21:11 - 2019-10-30 21:11 - 001619456 _____ (Farbar) C:\Users\Juan\Downloads\FRST64.exe
2019-10-30 16:07 - 2019-10-30 16:07 - 000000262 _____ C:\Users\Juan\Documents\cc_20191030_160709.reg
2019-10-30 16:06 - 2019-10-30 16:06 - 000019346 _____ C:\Users\Juan\Documents\cc_20191030_160646.reg
2019-10-30 16:03 - 2019-10-30 16:03 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2019-10-30 15:55 - 2019-10-30 15:55 - 000001675 _____ C:\Users\Juan\Desktop\ZHPCleaner (S).txt
2019-10-30 15:41 - 2019-10-30 15:41 - 003321216 _____ (Nicolas Coolman) C:\Users\Juan\ZHPCleaner.exe
2019-10-30 15:31 - 2019-10-30 15:37 - 000000000 ____D C:\AdwCleaner
2019-10-29 20:43 - 2019-10-30 16:26 - 000002400 _____ C:\Users\Juan\Desktop\infosp.txt
2019-10-29 20:20 - 2019-10-29 20:20 - 007411912 _____ (VS Revo Group ) C:\Users\Juan\Downloads\revosetup.exe
2019-10-29 20:20 - 2019-10-29 20:20 - 000001062 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-10-29 20:20 - 2019-10-29 20:20 - 000001062 _____ C:\ProgramData\Desktop\Revo Uninstaller.lnk
2019-10-29 20:20 - 2019-10-29 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-10-29 20:20 - 2019-10-29 20:20 - 000000000 ____D C:\Program Files\VS Revo Group
2019-10-24 22:55 - 2019-10-24 22:55 - 000002352 _____ C:\Users\Juan\Documents\ZHPCleaner (R).txt
2019-10-24 22:34 - 2019-10-24 22:34 - 000002181 _____ C:\Users\Juan\Documents\ZHPCleaner (S).txt
2019-10-24 21:47 - 2019-10-30 15:55 - 000000000 ____D C:\Users\Juan\AppData\Roaming\ZHP
2019-10-24 21:47 - 2019-10-30 15:41 - 000000670 _____ C:\Users\Juan\Desktop\ZHPCleaner.lnk
2019-10-24 21:47 - 2019-10-24 22:18 - 000000000 ____D C:\Users\Juan\AppData\Local\ZHP
2019-10-24 21:47 - 2019-10-24 21:47 - 003342720 _____ (Nicolas Coolman) C:\Users\Juan\Downloads\ZHPCleaner.exe
2019-10-24 20:59 - 2019-10-25 14:45 - 000001935 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-10-24 20:59 - 2019-10-25 14:45 - 000001935 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-10-24 20:59 - 2019-10-24 20:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-10-24 20:59 - 2019-09-30 06:25 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-10-23 23:54 - 2019-10-30 15:37 - 081788928 _____ C:\Windows\system32\config\SOFTWARE
2019-10-23 23:54 - 2019-10-30 15:37 - 001523712 _____ C:\Windows\system32\config\DEFAULT
2019-10-23 23:54 - 2019-10-30 15:37 - 000040960 _____ C:\Windows\system32\config\SAM
2019-10-23 23:54 - 2019-10-30 15:37 - 000028672 _____ C:\Windows\system32\config\SECURITY
2019-10-23 23:54 - 2019-10-23 23:54 - 000000000 ____H C:\asc_rdflag
2019-10-23 20:26 - 2019-10-23 20:26 - 000001294 _____ C:\Users\Juan\Documents\cc_20191023_202614.reg
2019-10-23 19:40 - 2019-10-23 19:40 - 000000000 ____D C:\Users\Juan\Desktop\Datos viejos de Firefox
2019-10-23 07:10 - 2019-10-23 18:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-07 20:13 - 2019-10-07 20:13 - 000001160 _____ C:\Users\Juan\Documents\cc_20191007_201311.reg
2019-10-03 17:52 - 2019-10-03 17:52 - 000047490 _____ C:\Users\Juan\Downloads\tp5.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-30 21:13 - 2016-11-18 16:01 - 000000000 ____D C:\Users\Juan\AppData\LocalLow\Mozilla
2019-10-30 18:15 - 2013-08-22 10:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2019-10-30 17:31 - 2018-07-07 17:09 - 000000000 ____D C:\Users\Juan\AppData\Local\CrashDumps
2019-10-30 16:52 - 2016-03-20 01:35 - 000000000 ____D C:\Users\Juan
2019-10-30 16:39 - 2018-04-29 16:54 - 000000000 ____D C:\Program Files (x86)\Voobly
2019-10-30 16:08 - 2016-03-20 01:41 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2367333327-3174498308-918219143-1001
2019-10-30 15:38 - 2013-08-22 11:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-30 15:37 - 2016-03-20 02:13 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-10-30 15:37 - 2013-08-22 10:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2019-10-25 20:03 - 2016-04-02 19:30 - 000000000 ____D C:\ProgramData\BavSvc_exe
2019-10-24 22:13 - 2017-06-16 16:14 - 000000000 ____D C:\ProgramData\IObit
2019-10-24 22:12 - 2017-06-16 16:15 - 000000000 ____D C:\Users\Juan\AppData\Roaming\IObit
2019-10-24 22:12 - 2017-06-16 16:15 - 000000000 ____D C:\Users\Juan\AppData\LocalLow\IObit
2019-10-24 22:12 - 2017-06-16 16:15 - 000000000 ____D C:\Program Files (x86)\IObit
2019-10-24 21:24 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\Inf
2019-10-24 21:01 - 2016-08-13 13:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-23 23:54 - 2018-10-09 05:58 - 081686528 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2019-10-23 23:54 - 2018-10-09 05:58 - 001523712 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2019-10-23 23:54 - 2018-10-09 05:58 - 000040960 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2019-10-23 23:54 - 2018-10-09 05:58 - 000028672 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2019-10-23 18:49 - 2017-11-04 21:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-10-23 12:09 - 2017-11-04 21:45 - 000000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-10-21 11:20 - 2017-06-16 16:15 - 000000000 ____D C:\ProgramData\ProductData
2019-10-19 22:13 - 2019-09-11 21:46 - 000000376 _____ C:\Users\Juan\Desktop\vacaciones.txt
2019-10-16 21:16 - 2018-07-03 13:23 - 000000000 ____D C:\Program Files\CCleaner
2019-10-12 16:46 - 2019-08-22 18:26 - 000000000 ____D C:\GOG Games
2019-10-09 17:29 - 2018-03-13 15:29 - 000004486 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-10-09 17:29 - 2017-03-21 17:10 - 000004332 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-10-09 17:29 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-10-09 17:29 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\system32\Macromed
2019-10-07 20:11 - 2019-06-27 17:05 - 000003472 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-07 20:11 - 2019-06-27 17:05 - 000003344 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-07 20:11 - 2016-03-20 01:56 - 000000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories ========

2019-10-30 15:41 - 2019-10-30 15:41 - 003321216 _____ (Nicolas Coolman) C:\Users\Juan\ZHPCleaner.exe
2018-10-23 08:31 - 2018-10-23 08:31 - 000000000 _____ () C:\Users\Juan\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-10-30 14:48
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2019 01
Ran by Juan (30-10-2019 21:14:40)
Running from C:\Users\Juan\Downloads
Windows 8.1 Pro (X64) (2016-03-20 04:35:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2367333327-3174498308-918219143-500 - Administrator - Disabled)
Invitado (S-1-5-21-2367333327-3174498308-918219143-501 - Limited - Disabled)
Juan (S-1-5-21-2367333327-3174498308-918219143-1001 - Administrator - Enabled) => C:\Users\Juan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.270 - Adobe)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Archivos auxiliares de instalación de SQL Server 2008 (español) (HKLM-x32\...\{E63DA847-F2E3-4C9C-8A7C-FCEEF8CD10AB}) (Version: 10.0.1600.22 - Microsoft Corporation)
Argente - Registry Cleaner 3.1.1.0 (HKLM-x32\...\Argente - Registry Cleaner_is1) (Version: 3.1.1.0 - Raúl Argente)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Barrow Hill - Curse of the Ancient Circle 1.00 (HKLM-x32\...\Barrow Hill - Curse of the Ancient Circle 1.00) (Version: 1.00 - Los Juegos del Mago Nico)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
C5200 (HKLM-x32\...\{E9E9903D-E69D-4004-B9E2-DFB29D1934D7}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
C5200_Help (HKLM-x32\...\{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}) (Version: 100.0.206.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0C0A-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Day of the Zombie (HKLM-x32\...\{F0DC4EFF-AD8D-4C1C-926D-74217AD52D4C}) (Version: 1.0.0.3 - Groove Games)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Escritor de VSS de Microsoft SQL Server (HKLM\...\{DE63A8FE-80A6-4CA3-ACEA-F954B6370596}) (Version: 10.0.1600.22 - Microsoft Corporation)
F1 2002 (HKLM-x32\...\{C64121E9-B741-4177-00BD-7B228D3F6723}) (Version:  - )
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Herramientas de diseño de SQL Server Compact 3.5 SP1 - Español (HKLM-x32\...\{8C854C18-C873-4084-819F-A6752EFD288F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Hidden on the Trail of the Ancients (HKLM-x32\...\Hidden on the Trail of the Ancients_is1) (Version:  - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{8EF98706-3C4B-4C5B-B035-01187E17D0E6}) (Version: 12.13.42.1 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
IGdm 2.5.1 (only current user) (HKU\S-1-5-21-2367333327-3174498308-918219143-1001\...\1ead4f81-c61a-5fa6-9e81-7a8c0c868952) (Version: 2.5.1 - ifedapo olarewaju)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Los Sims Más vivos que nunca (HKLM-x32\...\{2727FBEF-3155-11D4-8F73-0050DA0F6297}) (Version:  - )
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.30401.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{10E05081-646C-4130-A166-83283A3A0A45}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{817F6299-F17F-4652-9809-7E3DF81A98CC}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 - Español (HKLM-x32\...\{DF931A79-09E9-4B03-9A04-48FAEA665538}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express con SP1 - ESN (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition with SP1 - ESN) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger, versión Light (x64) - ESN (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ESN) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger, versión Light (x64) - ESN Service Pack 1 (KB945140) (HKLM-x32\...\{B9311968-F2F5-3B36-A3B0-D576FA48C9CF}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - esn (HKLM\...\{969DC08A-728A-35FC-9244-E1E11DE4C2B6}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Mozilla Firefox 70.0 (x64 es-AR) (HKLM\...\Mozilla Firefox 70.0 (x64 es-AR)) (Version: 70.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla)
Nero 8.3.2.1 (HKLM-x32\...\Nero8WinuE_is1) (Version: 8.3.2.1 - Bj @ WinuE)
Network Play System (Patching) (HKLM-x32\...\Network Play System (Patching)) (Version:  - )
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PS_AIO_02_ProductContext (HKLM-x32\...\{720C16FC-5423-47B3-A249-5C05FB376E9A}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (HKLM-x32\...\{97AD3490-480B-42B2-8001-326621AF34AC}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (HKLM-x32\...\{7AB63BFD-91C6-4C21-B2C6-D33A1FC8DE8F}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
Rapture3D 2.5.1 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7255 - Realtek Semiconductor Corp.)
Revisión para Microsoft Visual Basic 2008 Express con SP1 - ESN (KB945282) (HKLM-x32\...\{25E950B1-5194-3706-BDE5-B81E87597068}.KB945282) (Version: 1 - Microsoft Corporation)
Revisión para Microsoft Visual Basic 2008 Express con SP1 - ESN (KB946040) (HKLM-x32\...\{25E950B1-5194-3706-BDE5-B81E87597068}.KB946040) (Version: 1 - Microsoft Corporation)
Revisión para Microsoft Visual Basic 2008 Express con SP1 - ESN (KB946308) (HKLM-x32\...\{25E950B1-5194-3706-BDE5-B81E87597068}.KB946308) (Version: 1 - Microsoft Corporation)
Revisión para Microsoft Visual Basic 2008 Express con SP1 - ESN (KB946344) (HKLM-x32\...\{25E950B1-5194-3706-BDE5-B81E87597068}.KB946344) (Version: 1 - Microsoft Corporation)
Revisión para Microsoft Visual Basic 2008 Express con SP1 - ESN (KB947540) (HKLM-x32\...\{25E950B1-5194-3706-BDE5-B81E87597068}.KB947540) (Version: 1 - Microsoft Corporation)
Revisión para Microsoft Visual Basic 2008 Express con SP1 - ESN (KB947789) (HKLM-x32\...\{25E950B1-5194-3706-BDE5-B81E87597068}.KB947789) (Version: 1 - Microsoft Corporation)
Revisión para Microsoft Visual Basic 2008 Express con SP1 - ESN (KB948127) (HKLM-x32\...\{25E950B1-5194-3706-BDE5-B81E87597068}.KB948127) (Version: 1 - Microsoft Corporation)
Revisión para Microsoft Visual Basic 2008 Express con SP1 - ESN (KB951708) (HKLM-x32\...\{25E950B1-5194-3706-BDE5-B81E87597068}.KB951708) (Version: 1 - Microsoft Corporation)
Revisión para Microsoft Visual Studio 2008 Remote Debugger, versión Light (x64) - ESN (KB944899) (HKLM-x32\...\{B9311968-F2F5-3B36-A3B0-D576FA48C9CF}.KB944899) (Version: 1 - Microsoft Corporation)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
ScummVM 1.8.1 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Tales 1.00 (HKLM-x32\...\Tales 1.00) (Version: 1.00 - Los Juegos del Mago Nico)
The Keep 1.00 (HKLM-x32\...\The Keep 1.00) (Version: 1.00 - Los Juegos del Mago Nico)
TL-WN821N Wireless Utility (HKLM-x32\...\{E8CFA6A1-2FBE-4062-B40D-9E15E2443EC4}) (Version: 7.0 - TP-LINK)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TP-LINK Wireless Client Utility (HKLM-x32\...\{AFC39E22-39C8-4C3E-895D-B9D2B3144E74}) (Version: 7.0 - TP-LINK) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
USB Vibration Joystick (HKLM-x32\...\{BA12FD6C-169A-11D7-A6A9-00C026281E5A}) (Version: 2002.10.8 - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Voobly (HKLM-x32\...\Voobly_is1) (Version: Voobly - Voobly)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Wick 1.00 (HKLM-x32\...\Wick 1.00) (Version: 1.00 - Los Juegos del Mago Nico)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

Packages:
=========
Deportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.1.174_x64__8wekyb3d8bbwe [2017-07-09] (Microsoft Corporation) [MS Ad]
El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbwe [2017-07-09] (Microsoft Corporation) [MS Ad]
Finanzas -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.1.174_x64__8wekyb3d8bbwe [2017-07-09] (Microsoft Corporation) [MS Ad]
Juegos -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.20.0_x64__8wekyb3d8bbwe [2017-07-09] (Microsoft Corporation) [MS Ad]
Música -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.2.41.0_x64__8wekyb3d8bbwe [2017-07-09] (Microsoft Corporation) [MS Ad]
Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.1.174_x64__8wekyb3d8bbwe [2017-07-09] (Microsoft Corporation) [MS Ad]
Recetas de Bing -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.1.177_x64__8wekyb3d8bbwe [2017-07-09] (Microsoft Corporation) [MS Ad]
Salud y Bienestar de Bing -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe [2017-07-09] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_2.0.0.5011_x86__kzf8qxf38zg5c [2017-07-09] (Skype) [MS Ad]
Viajes -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.1.174_x64__8wekyb3d8bbwe [2017-07-09] (Microsoft Corporation) [MS Ad]
Vídeo -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.2.41.0_x64__8wekyb3d8bbwe [2017-07-09] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  -> No File
ContextMenuHandlers1: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32original.dll [746496 2013-08-21] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2013-08-21] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [VIDC.IV41] => C:\Windows\SysWOW64\IR41_32.AX [9216 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2015-08-04 00:25 - 2015-08-04 00:25 - 000102400 _____ () [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-08-04 00:20 - 2015-08-04 00:20 - 000014336 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Runtime.dll
2015-08-04 00:20 - 2015-08-04 00:20 - 000040960 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2015-08-04 00:20 - 2015-08-04 00:20 - 000015872 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2015-08-04 00:20 - 2015-08-04 00:20 - 000045568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.Audio.Graphics.Dashboard.dll
2015-08-04 00:20 - 2015-08-04 00:20 - 000037888 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Dashboard.dll
2015-08-04 00:20 - 2015-08-04 00:20 - 000019456 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Runtime.dll
2015-08-04 00:20 - 2015-08-04 00:20 - 000019456 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2015-08-04 00:17 - 2015-08-04 00:17 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
2015-08-04 00:17 - 2015-08-04 00:17 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
2015-08-04 00:19 - 2015-08-04 00:19 - 000860160 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
2015-08-04 00:20 - 2015-08-04 00:20 - 000896000 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.EDID.Graphics.Dashboard.dll
2015-08-04 00:20 - 2015-08-04 00:20 - 000041984 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.EDID.Graphics.Shared.dll
2015-08-04 00:17 - 2015-08-04 00:17 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2015-08-04 00:17 - 2015-08-04 00:17 - 000094208 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Runtime.dll
2015-08-04 00:17 - 2015-08-04 00:17 - 000114688 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2017-06-22 10:36 - 2017-06-22 10:36 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\A4.Foundation\f0bf8cdd130d46cfee6c6dd7f739ea7c\A4.Foundation.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000022016 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Actions5dc83b46#\30356f374f31ea06707fbb96f457951f\AEM.Actions.CCAA.Shared.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.0a1309f7#\3be2ca8ade458b483ea038434f3dfcb6\AEM.Plugin.EEU.Shared.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.2b6a6775#\cc8ac5fa2cc46e99ed37cc76cd691b66\AEM.Plugin.Hotkeys.Shared.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000016896 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.54d8abe3#\16a5d79dbae7e2b5b472c73772ff84d2\AEM.Plugin.DPPE.Shared.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000287744 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.5d945b6b#\eb536719bb469355abe4a6b54a3d46bc\AEM.Plugin.Source.Kit.Server.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000015872 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.674d2b8a#\ae54ee2d1f69a459c463f3ae0b8bb73c\AEM.Plugin.WinMessages.Shared.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.88aba5d2#\fc53fde5c98145c5d01662f34bcd7560\AEM.Plugin.REG.Shared.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.GD.Shared\e6775bf4b94d0004b4bdaa97ce4cfceb\AEM.Plugin.GD.Shared.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000013824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server.Shared\372faffac26f4bcc4b6095687a9c2080\AEM.Server.Shared.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000277504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server\064e317dc5f22d81411a91d9fba70617\AEM.Server.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000057344 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Foundation\8b75ea6dbf96536ac14295f765a46073\APM.Foundation.ni.dll
2017-06-22 10:40 - 2017-06-22 10:40 - 000126976 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ATICCCom\c3b955c5d6510336fce263c675ace25e\ATICCCom.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000218624 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CCC.Implementation\a657a474aae10f644818f98d14011e7e\CCC.Implementation.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000145408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.2042675f#\233ee1878d81740fe9084b75b6591a7c\CLI.Aspect.CPUPStates.Fuel.Dashboard.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000139776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3399d0ec#\b4024f1fb379c11f2c9ee72460ffc4a9\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000039424 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.37d3d968#\3666d3f1e6c5aabd9d3ca9985edcfc09\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000046592 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.382a3def#\e6d55b75d08d1e3d4a02cd4c413945cd\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000120320 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3a6f1658#\521f03108005f9f8b7ade68f43d1c54d\CLI.Aspect.TransCode.Graphics.Shared.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000232448 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4542c692#\26a7457e2c0c56a6b52dc3fcf0e694c5\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000140800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.46819220#\f909b88a293d90b802bee2d341c909a9\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000066048 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4bbb0755#\caf5da3349491edb3ae80445bbd35137\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000148992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4ede500c#\48869442ca7bf631fc10bf864e11ab23\CLI.Aspect.DPPE.Fuel.Dashboard.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000038912 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.52c6dbaa#\78d48c2d23721f04984e90b111c2b27f\CLI.Aspect.FPS.Graphics.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000084992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.59a12d95#\ec6de598ae1bd84ca0696b48856ae41b\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000095744 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.5a772e69#\2d154e5d39bcfdc345552b25b1781442\CLI.Aspect.Fets.Fuel.Dashboard.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000060928 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.648b65fc#\b8b8dbd51706854eb64043f4f1577414\CLI.Aspect.WiFi.Fuel.Dashboard.ni.dll
2017-06-22 10:40 - 2017-06-22 10:40 - 000280576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.73911eb5#\c4b401e05d3d3772b8a1405af5387d5b\CLI.Aspect.WirelessDisplay.Graphics.Shared.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000376320 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.7ec2db45#\8bb652f6ec79bd7eb095fcb0d1a71276\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000066048 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8350f5c6#\489146b58d0112adab20523c3c1f8976\CLI.Aspect.UpdateNotification.Graphics.Runtime.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000681984 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.846fa813#\53ac6363c4c75e188e51be839d1b6f2c\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000797184 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8d333b6b#\68d7036231d02a8e7157000973a3a269\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000451584 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8e996306#\8269f9853f63f79962de5f70c2322003\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000074240 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9cd1e9e7#\65936e5c0e0d47f55ec2d926a7dbce33\CLI.Aspect.FPS.Graphics.Dashboard.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000164864 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a0ae52bc#\59e38abf57f74cd0a6e9dc0cc7b062ae\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000060928 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a6cd7fff#\17cf349a49f25894b86bd4689efd8855\CLI.Aspect.FPS.Graphics.Runtime.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000083968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a765109e#\77b4c3c22b4fa4f7784d6ecf625896a5\CLI.Aspect.UpdateNotification.Graphics.Dashboard.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000479744 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.acb9d930#\0ef0880ef68c9f2c2dcff1eb5c3537e0\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000108032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ae5e117c#\72e133e817a4261066760c0932f7e325\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000068096 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.b0a7c1fb#\3dac1b8d061b0662c4a4553d925cb32f\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000036864 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c2a2b491#\7af03f15d0267fb340f2264a8450a0c5\CLI.Aspect.WiFi.Fuel.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000378368 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c7aaa0f8#\0e15f73aaf1e348295919b61b783b254\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000017920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c854b457#\9e4592d646a2fa12851a1ee426127d5d\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000085504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.caa5cc64#\6d6cfbb78e73513f6908651613c60b96\CLI.Aspect.Fets.Fuel.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 001315840 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.d7e090dc#\ccb0409b67a541a96c2c296b378a8e6a\CLI.Aspect.User.Fuel.Dashboard.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000275968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e8635fc7#\de1da158adf616526b085373fc210c45\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 003310592 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e9fd7406#\83ce82008263a8e36253e293ad2eb4ac\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000252928 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.eda8935e#\3758b85a7f8148e50c45a71fa79df825\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000048640 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ef3eaa4d#\018389d58252dede3fb3f74d0d55ec58\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000081920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.efd83192#\77352a97491c39a5a63f778621c8759d\CLI.Aspect.CPUPStates.Fuel.Shared.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000059904 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f45bd021#\99f4d3dbd0d578fb20848a8898e9cdfe\CLI.Aspect.DPPE.Fuel.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000052736 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f480a2f3#\f6baf816a86640cfb63a9baa70bd54b8\CLI.Aspect.UpdateNotification.Graphics.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000067584 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Runtime\750d2676f44a208725be281958c4ba64\CLI.Caste.A4.Runtime.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000047616 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Shared\600c888f0ff5cf29db2092ec4c0cacc7\CLI.Caste.A4.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000028160 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Af820fedc#\492b41459624bfc8d659505e1008c808\CLI.Caste.A4.Dashboard.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000047616 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F24de14fe#\ec6c6392c8390a07ae5c20b543585572\CLI.Caste.Fuel.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000337920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F36b07a2b#\d031f71c8172cc3b1733e839cdc71dbf\CLI.Caste.Fuel.Runtime.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000028672 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Ff3085433#\856c15cd6ce1a160438b5cbdaabc687e\CLI.Caste.Fuel.Dashboard.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000037888 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60338cc0#\5796079bcba87266f99a3b1e9b0e6f5c\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 001591296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gd9d9b43b#\b7f845ffb48f24daaa2eafa38b661fc0\CLI.Caste.Graphics.Dashboard.Shared.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000581632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gee7d2dbc#\85be578c0aca7749d6c55d968d062216\CLI.Caste.Graphics.Dashboard.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H18c99613#\a6242ed02d1360f186dcd8b33e8b9704\CLI.Caste.HydraVision.Runtime.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000043008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H92ba4e46#\8d1e02dccedfa7024f349e81226e055a\CLI.Caste.HydraVision.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000026624 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Hbb906c0b#\199b4c4501e98abb5f1824d652daad3b\CLI.Caste.HydraVision.Dashboard.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000043008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\8c919b12483577c9a41221abc58de2bf\CLI.Caste.Platform.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000047104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\86229979073100ad814d8ad73e50e0d5\CLI.Caste.Platform.Runtime.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pfeefa2b6#\e48540df5702dd26dab3b4ee961e9d25\CLI.Caste.Platform.Dashboard.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000374784 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combinee84f0351#\d5fda4c799a1bc0ecb379a30a8285ea7\CLI.Combined.Fusion.Aspects.Runtime.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone1b4a8c97#\228d1669d9958433ec5d60684fe3c33d\CLI.Component.Runtime.Shared.ni.dll
2017-06-22 10:40 - 2017-06-22 10:40 - 000928256 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone26c9c557#\e2840ff4e9b25b45a5f29a65b8ac53fc\CLI.Component.Systemtray.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000171008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\0de116136c4e06f1febc4eb0863ddf15\CLI.Component.Dashboard.ProfileManager2.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000160768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone59f353b4#\4a41dd7a23bf2700df14419f6c1a7710\CLI.Component.Runtime.Shared.Private.ni.dll
2017-06-22 10:40 - 2017-06-22 10:40 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componeb4d0485c#\c8c5932ae265de1c524a3b94764c5f66\CLI.Component.Runtime.Extension.EEU.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 001610752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componec89c3bec#\7d1989631c8d29f7bdbe4125b3b6b5be\CLI.Component.Dashboard.Shared.Private.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000019456 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef1fd67b2#\efe98978c2f8480ccab9dc43a2eed374\CLI.Component.Client.Shared.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000088576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\6ad4fff50de77a7a7166367085f3bc3b\CLI.Component.Dashboard.Shared.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000094720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat3d5d3945#\e6227d5146595e3daaa3df040b8739e6\CLI.Foundation.Private.ni.dll
2017-06-22 10:40 - 2017-06-22 10:40 - 000066048 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat60cdf5df#\1fe54a2b84274abb5bb5933c0257c228\CLI.Foundation.XManifest.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000097280 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat619559bd#\f70064ca51a97df5c25755414fcf3bde\CLI.Foundation.CoreAudioAPI.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 001052672 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundatd3771151#\1ba1b0120337f79017bc785034231466\CLI.Foundation.Client.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000306176 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundation\139e44ffa3234ad30ab5d886f78a9a79\CLI.Foundation.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000025088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Foundation\1424c726e6435b188a916a32b0255bdc\DEM.Foundation.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000119296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0601\3b525c9dbb949569be70a09063378cf2\DEM.Graphics.I0601.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000016384 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics\267aa5e22c02b713593a5719149d1265\DEM.Graphics.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000038912 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Fuel.Foundation\af7be9cda94059baec2b755fecb5d4e7\Fuel.Foundation.ni.dll
2017-06-22 10:40 - 2017-06-22 10:40 - 000316416 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat03490438#\ec0982a099d41ff183e78c9876d2c7e8\LOG.Foundation.Implementation.ni.dll
2017-06-22 10:36 - 2017-06-22 10:36 - 000153600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat5023f8e7#\126402ad1702dadae521becc8ebf6bdf\LOG.Foundation.Private.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000086528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundatcaafa75b#\afbaf07496aaf18def1abe9d2d60bda9\LOG.Foundation.Implementation.Private.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000140288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundation\8a2044bd593b593fe42b0f7dead76ae6\LOG.Foundation.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Foundation\b834a416ae7085d8fcc1a87738b3eb56\MOM.Foundation.ni.dll
2017-06-22 10:40 - 2017-06-22 10:40 - 000398848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Implementation\f54b53dc3cabe3b0fb0ec2f85d0a35c7\MOM.Implementation.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000057856 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\NEWAEM.Foundation\aad5cbc900be2781d58a04425ff0e25a\NEWAEM.Foundation.ni.dll
2015-08-04 00:14 - 2015-08-04 00:14 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiamesp.dll
2015-08-04 00:17 - 2015-08-04 00:17 - 000073728 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
2015-02-12 09:04 - 2015-02-12 09:04 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\DEM.Graphics.I1011.dll
2015-08-04 00:16 - 2015-08-04 00:16 - 000440832 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\Localization.Foundation.Implementation.es_Localization.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000960000 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ADL.Foundation\e466537446f7d80fe394de0132d78b21\ADL.Foundation.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 000278528 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Server\2294d4f4e16dc742d503b353f8e27f73\APM.Server.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000314880 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9b707b25#\59a1c7d1f8812206f9cb1ef08d4ab2d9\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 001660928 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.aa59351a#\323efa159791f83a5ffd1bc5ca1e2870\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 006349824 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e6d9f3a8#\61119a3e301ac67eb768fdab41cb8a41\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 008122880 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine0616f305#\32aeb7e21f820a0c93465c9dfb631d3c\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 001181696 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine7332395e#\d5fb33a7b930dea2835ffb926279d0e4\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000139776 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone168638d1#\d4f35e75c7638d60d80994d3b986ae9f\CLI.Component.Client.Shared.Private.ni.dll
2017-06-22 10:40 - 2017-06-22 10:40 - 000237056 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6692ca50#\d8206bf4906ad71587ef5d61fa33bb19\CLI.Component.Runtime.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000936448 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6bf88b08#\d374adc4bdca96ce27ba0479c5844a7b\CLI.Component.Dashboard.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000015360 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0706\2649c7258d6ff6af3b4da1ac40dc0eb5\DEM.Graphics.I0706.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000084992 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0709\b75f677c276c9b1d02964946e462d3d2\DEM.Graphics.I0709.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0712\e80e7bd0cb16696086fd30e44a511a76\DEM.Graphics.I0712.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000018432 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0804\962dc6eec0a3c8c47d7fb66c8d992d5f\DEM.Graphics.I0804.ni.dll
2017-06-22 10:40 - 2017-06-22 10:40 - 000011264 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0805\b99077ca9b32f67cbadfddceffeaf55c\DEM.Graphics.I0805.ni.dll
2017-06-22 10:40 - 2017-06-22 10:40 - 000011776 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0812\5d50d4f8d494c14fb1d7c19b825f731b\DEM.Graphics.I0812.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0906\caab5521e3e97bd99a03e5514b8c8fb9\DEM.Graphics.I0906.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000015360 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0912\a0f15278477bf1c661da12740758221c\DEM.Graphics.I0912.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 000038912 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I1010\a0e364df1c71c34406ea5e39c56481df\DEM.Graphics.I1010.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 001137152 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Localizatio01dbc1c0#\fcdb3b07b7055a6320d350399586fa26\Localization.Foundation.Private.ni.dll
2017-06-22 10:40 - 2017-06-22 10:40 - 000247296 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceMan446ca0e5#\41ffc99909c4ab6a1490503afaefa0be\ResourceManagement.Foundation.Implementation.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000023552 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceManf163905a#\a07b283118bcaa086cdcbe643ed24f5d\ResourceManagement.Foundation.Private.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000082944 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ec8786e5#\556169feaa5e67ec876f2b91b1da8a15\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll
2017-06-22 10:37 - 2017-06-22 10:37 - 003169280 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60a7b4d1#\242e7376d6785517775f8c6cc856ece8\CLI.Caste.Graphics.Shared.ni.dll
2017-06-22 10:39 - 2017-06-22 10:39 - 003577344 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G962aa464#\20f7f1f33b81180e211c0ed81f2c67e3\CLI.Caste.Graphics.Runtime.ni.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 000037888 _____ (AMD) [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\FUEL.ImplementationNet4.dll
2012-05-27 19:46 - 2012-05-27 19:46 - 000032256 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2011-04-29 19:08 - 2011-04-29 19:08 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2011-08-18 01:29 - 2011-08-18 01:29 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 000351232 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W8090224c#\9feca7cd111c5e56b34f4de0bb0d7329\Microsoft.WindowsAPICodePack.ni.dll
2017-06-22 10:38 - 2017-06-22 10:38 - 002922496 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wfbf9373c#\d40ef9282e782b0aaf459e73649c739c\Microsoft.WindowsAPICodePack.Shell.ni.dll
==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:E4BC4A41 [125]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2016-12-30 00:33 - 000000834 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\
HKU\S-1-5-21-2367333327-3174498308-918219143-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Juan\AppData\Roaming\Mozilla\Firefox\Fondo de escritorio.bmp
DNS Servers: 186.130.128.250 - 186.130.129.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKU\S-1-5-21-2367333327-3174498308-918219143-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{D66FBDC1-55B1-4941-A500-98397DAC99D0}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.icd] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.icd (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{1CEEB8D2-AD54-4A0A-9178-1854B8B8FA49}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.icd] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.icd (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{ABD3B49C-3824-4621-8327-8668A303AA14}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{4CE8DDFF-4173-488F-B847-57C3C2925392}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{008A801E-046C-4B8A-B3F2-6A61ED0E133E}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{3CDCC4FB-46EB-4D35-B65A-87E7710A8514}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{399A627A-D3D6-4518-A14E-AC690C5BAB50}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{A8B7831F-011E-4948-B988-231E5DD21F72}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{B65A2121-7E61-41E6-A330-9D79D1226AF6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{98DA5FA6-5444-436C-96F1-20420DE83608}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{7953175B-47B5-49CB-AA5E-26239DA1F8C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{4936B962-343A-4CB2-ABE1-2A420B4DA189}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9316217D-0ADF-46D3-9579-F85A8973236B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{630654F1-AA88-45E9-936E-31F941AAA15C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{B73F3C7A-1860-4A1A-A350-94F181F5DBB9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{B8DCF506-3A90-49E7-94FF-48BB26AF4061}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{24247F75-0DB4-4B82-B222-1826D94E8AB6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{00B17767-1207-4B71-8CFC-853CA799C321}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{707F0437-393D-486D-8B27-5A4565CC3610}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{8DAC53C4-6083-4536-9839-91B061CDADAF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{18758EFE-EDB4-4160-A61D-B96022F31DE1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{5DBFA2D2-5F98-47DE-A777-C22459442171}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard)
FirewallRules: [{4929F795-FF75-48D2-9F7A-B73BDEA4783E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{5679EA02-4B87-4B2C-AA99-E3D111CF9E5F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{59AEB280-E60E-45E4-8CBE-A60D6264C21C}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{0FE3A9FA-3FF6-4650-B9E0-861AD41173F4}] => (Allow) LPort=1689
FirewallRules: [TCP Query User{AE80B9D7-F054-4CFD-8B15-DE638F25834E}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{08EDAAF7-FF9D-4EED-ADBF-BAAC4DEE4053}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{F0BB4605-C895-484C-B2EA-AC4E955840B3}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{F40E3D6E-7ED9-4098-B231-CFB890D442ED}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7656FC33-877B-41CE-B596-4E1EA5110461}] => (Allow) LPort=1689
FirewallRules: [{CF0249A6-B441-442F-97B1-ED3C7F8B7FC5}] => (Allow) LPort=1688
FirewallRules: [{4B4860E6-B604-4713-81E8-4ACEEF780138}] => (Block) LPort=445
FirewallRules: [{4434CAD5-9598-40C1-AABD-9FF6BCA68AA0}] => (Block) LPort=445
FirewallRules: [{3FC00685-17E5-462B-99E8-171FE7AD5E75}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AE3A765D-034D-487C-89D8-775D0A3E75FD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1ED3F0E5-CC9B-4F8E-A4F4-142865DB4E04}C:\mago nico\the keep\thekeep.exe] => (Allow) C:\mago nico\the keep\thekeep.exe () [File not signed]
FirewallRules: [UDP Query User{48F6C35F-4A3C-4839-B042-DB13FA08E4B2}C:\mago nico\the keep\thekeep.exe] => (Allow) C:\mago nico\the keep\thekeep.exe () [File not signed]
FirewallRules: [TCP Query User{CBAC4FC0-30C6-438F-A925-BF8322668DF2}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe (Voobly) [File not signed]
FirewallRules: [UDP Query User{D50A7D55-773E-47C5-869A-D7F284A9CE5F}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe (Voobly) [File not signed]
FirewallRules: [{68DA5ED7-129F-4A69-B783-BAF38A9DDAF7}] => (Block) C:\program files (x86)\voobly\voobly.exe (Voobly) [File not signed]
FirewallRules: [{EB55AADC-CB01-47AE-B80E-F3349FDC33BB}] => (Block) C:\program files (x86)\voobly\voobly.exe (Voobly) [File not signed]
FirewallRules: [{DFB3E76B-B90F-4178-80A0-67E0AEDE1808}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{4BF17FA8-918A-41A3-99B8-07D01E92280C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

==================== Restore Points =========================

27-10-2019 19:27:14 antes de infospyware
29-10-2019 20:25:36 Revo Uninstaller's restore point - Baidu Antivirus
29-10-2019 20:40:04 Revo Uninstaller's restore point - Baidu Antivirus
29-10-2019 20:45:18 Revo Uninstaller's restore point - Baidu Antivirus

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/30/2019 05:31:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: age2_x1.Exe, versión: 0.7.26.809, marca de tiempo: 0x3b7433ec
Nombre del módulo con errores: anticheat2.dll, versión: 0.0.0.0, marca de tiempo: 0x5cdad709
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00028a26
Identificador del proceso con errores: 0x17c0
Hora de inicio de la aplicación con errores: 0x01d58f610fde22ce
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\anticheat2.dll
Identificador del informe: 4f900aef-fb54-11e9-8629-f079596d682c
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:


System errors:
=============

Windows Defender:
===================================
Date: 2019-10-30 18:14:30.074
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.155.266.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.9700.0
Código de error: 0x80070422
Descripción del error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él. 

CodeIntegrity:
===================================

Date: 2017-06-21 15:27:40.113
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-21 13:51:20.988
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-21 07:03:38.332
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 0403 10/09/2014
Motherboard: ASUSTeK COMPUTER INC. A68HM-K
Processor: AMD A4-7300 APU with Radeon HD Graphics 
Percentage of memory in use: 43%
Total physical RAM: 3272.88 MB
Available physical RAM: 1846.05 MB
Total Virtual: 4193.82 MB
Available Virtual: 2311.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:60.82 GB) (Free:5.76 GB) NTFS
Drive e: (Mi disco 2) (Fixed) (Total:87.89 GB) (Free:5.1 GB) NTFS

\\?\Volume{693be2c3-ee54-11e5-824b-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 2A222A22)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=87.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Hola @anibalbarca

Ejecutaste FRST desde un lugar incorrecto:

  • Running from C:\Users\Juan\Downloads

Corta el ejecutable y pegalo en tu escritorio <<< Esto es Muy Importante.


Hay muchisimos restos de Baidu, incluso de Avast.

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2367333327-3174498308-918219143-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2367333327-3174498308-918219143-1001\...\MountPoints2: {9b0281c3-ee57-11e5-824d-806e6f6e6963} - "D:\autorun.exe" 
Task: {17519055-9E2A-47D1-856E-5DA9B1291879} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Juan => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
Task: {349BFB00-E21B-48CE-A730-5C9F2D2EAB65} - System32\Tasks\{9F471158-74AA-49DC-B30E-4FCEA71AB9BE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\EA SPORTS\F1 2002\F1_2002_Uninst.exe" -d "C:\Program Files (x86)\EA SPORTS\F1 2002"
Task: {7F1EA09D-803F-4A2C-8E06-AFC65066332A} - System32\Tasks\{74173D8B-F6C4-4CD5-95C0-75B2EA939DC3} => C:\Windows\system32\pcalua.exe -a E:\BACKUP\ESCRITORIO\Heritage\Heritage.exe -d E:\BACKUP\ESCRITORIO\Heritage
Task: {84AA43D5-8B31-482D-87AD-D8DCA4E1411C} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => C:\Windows\system32\CScript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {8BA6705A-FEF2-4672-A772-E5B588AA22B1} - System32\Tasks\{B9660070-C5BE-4815-9CAE-9B9FDE07491F} => C:\Windows\system32\pcalua.exe -a "C:\MAGO NICO\Finders\Finders.exe" -d "C:\MAGO NICO\Finders\"
Task: {CEBE2049-58D5-4290-8484-34BB85E62925} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
C:\Program Files\Common Files\AVAST Software
Task: {D6BAC22A-B783-4FBD-B728-280E23C1D08D} - System32\Tasks\{1C1D03E9-8426-47EC-919C-0445C9F64816} => C:\Windows\system32\pcalua.exe -a "D:\sims expansiones 1\The sims house party\The Sims House Party\RegSetup.exe" -d "D:\sims expansiones 1\The sims house party\The Sims House Party"
Task: {E8960B10-D751-42AE-9AFE-91B430501290} - \Baidu Antivirus Update -> No File <==== ATTENTION
HKU\S-1-5-21-2367333327-3174498308-918219143-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
S2 BavSvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavSvc.exe" [X]
S2 BHipsSvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BHipsSvc.exe" [X]
C:\Program Files (x86)\Baidu Security
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [236920 2015-03-05] (Baidu Online Network Technology (Beijing)Co., Ltd -> Baidu, Inc.)
C:\Windows\System32\drivers\BdSandbox.sys
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [62920 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
C:\Windows\System32\drivers\Bfilter.sys
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
C:\Windows\System32\drivers\Bfmon.sys
R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [62792 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
C:\Windows\System32\drivers\bnbasex64.sys
R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [485672 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
C:\Windows\System32\drivers\bndef64.sys
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [169416 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
C:\Windows\System32\drivers\Bprotect.sys
U3 aswbdisk; no ImagePath
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BdCameraProtect64.sys [X]
S3 Bnmon; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\Bnmon64.sys [X]
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]
C:\ProgramData\Baidu Security
2019-10-25 20:03 - 2016-04-02 19:30 - 000000000 ____D C:\ProgramData\BavSvc_exe
2019-10-24 22:13 - 2017-06-16 16:14 - 000000000 ____D C:\ProgramData\IObit
2019-10-24 22:12 - 2017-06-16 16:15 - 000000000 ____D C:\Users\Juan\AppData\Roaming\IObit
2019-10-24 22:12 - 2017-06-16 16:15 - 000000000 ____D C:\Users\Juan\AppData\LocalLow\IObit
2019-10-24 22:12 - 2017-06-16 16:15 - 000000000 ____D C:\Program Files (x86)\IObit
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  -> No File
ContextMenuHandlers1: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =>  -> No File
ContextMenuHandlers2: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =>  -> No File
ContextMenuHandlers6: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =>  -> No File
HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32original.dll [746496 2013-08-21] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2013-08-21] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [VIDC.IV41] => C:\Windows\SysWOW64\IR41_32.AX [9216 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
AlternateDataStreams: C:\ProgramData\TEMP:E4BC4A41 [125]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Actualiza Java a su ultima versión en tus navegadores.

Nos comentas luego de reiniciar que tal sientes el equipo y tu navegador.

Salu2.

Hola, espero haberlo hecho bien, lo que si esta vez no volvi a scanear con el Frst, como dice arriba despues de ejecutarlo hice el fix. Tengo el navegador firefox 70.0.1 64 bits, puede ser que no sea necesario java?

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-10-2019 01
Ran by Juan (31-10-2019 20:15:23) Run:1
Running from C:\Users\Juan\Desktop
Loaded Profiles: Juan (Available Profiles: Juan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2367333327-3174498308-918219143-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2367333327-3174498308-918219143-1001\...\MountPoints2: {9b0281c3-ee57-11e5-824d-806e6f6e6963} - "D:\autorun.exe" 
Task: {17519055-9E2A-47D1-856E-5DA9B1291879} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Juan => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
Task: {349BFB00-E21B-48CE-A730-5C9F2D2EAB65} - System32\Tasks\{9F471158-74AA-49DC-B30E-4FCEA71AB9BE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\EA SPORTS\F1 2002\F1_2002_Uninst.exe" -d "C:\Program Files (x86)\EA SPORTS\F1 2002"
Task: {7F1EA09D-803F-4A2C-8E06-AFC65066332A} - System32\Tasks\{74173D8B-F6C4-4CD5-95C0-75B2EA939DC3} => C:\Windows\system32\pcalua.exe -a E:\BACKUP\ESCRITORIO\Heritage\Heritage.exe -d E:\BACKUP\ESCRITORIO\Heritage
Task: {84AA43D5-8B31-482D-87AD-D8DCA4E1411C} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => C:\Windows\system32\CScript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {8BA6705A-FEF2-4672-A772-E5B588AA22B1} - System32\Tasks\{B9660070-C5BE-4815-9CAE-9B9FDE07491F} => C:\Windows\system32\pcalua.exe -a "C:\MAGO NICO\Finders\Finders.exe" -d "C:\MAGO NICO\Finders\"
Task: {CEBE2049-58D5-4290-8484-34BB85E62925} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
C:\Program Files\Common Files\AVAST Software
Task: {D6BAC22A-B783-4FBD-B728-280E23C1D08D} - System32\Tasks\{1C1D03E9-8426-47EC-919C-0445C9F64816} => C:\Windows\system32\pcalua.exe -a "D:\sims expansiones 1\The sims house party\The Sims House Party\RegSetup.exe" -d "D:\sims expansiones 1\The sims house party\The Sims House Party"
Task: {E8960B10-D751-42AE-9AFE-91B430501290} - \Baidu Antivirus Update -> No File <==== ATTENTION
HKU\S-1-5-21-2367333327-3174498308-918219143-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-18] (Oracle America, Inc. -> Oracle Corporation)
S2 BavSvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavSvc.exe" [X]
S2 BHipsSvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BHipsSvc.exe" [X]
C:\Program Files (x86)\Baidu Security
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [236920 2015-03-05] (Baidu Online Network Technology (Beijing)Co., Ltd -> Baidu, Inc.)
C:\Windows\System32\drivers\BdSandbox.sys
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [62920 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
C:\Windows\System32\drivers\Bfilter.sys
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
C:\Windows\System32\drivers\Bfmon.sys
R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [62792 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
C:\Windows\System32\drivers\bnbasex64.sys
R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [485672 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
C:\Windows\System32\drivers\bndef64.sys
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [169416 2016-03-20] (Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.)
C:\Windows\System32\drivers\Bprotect.sys
U3 aswbdisk; no ImagePath
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BdCameraProtect64.sys [X]
S3 Bnmon; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\Bnmon64.sys [X]
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]
C:\ProgramData\Baidu Security
2019-10-25 20:03 - 2016-04-02 19:30 - 000000000 ____D C:\ProgramData\BavSvc_exe
2019-10-24 22:13 - 2017-06-16 16:14 - 000000000 ____D C:\ProgramData\IObit
2019-10-24 22:12 - 2017-06-16 16:15 - 000000000 ____D C:\Users\Juan\AppData\Roaming\IObit
2019-10-24 22:12 - 2017-06-16 16:15 - 000000000 ____D C:\Users\Juan\AppData\LocalLow\IObit
2019-10-24 22:12 - 2017-06-16 16:15 - 000000000 ____D C:\Program Files (x86)\IObit
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  -> No File
ContextMenuHandlers1: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =>  -> No File
ContextMenuHandlers2: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =>  -> No File
ContextMenuHandlers6: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =>  -> No File
HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32original.dll [746496 2013-08-21] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2013-08-21] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [VIDC.IV41] => C:\Windows\SysWOW64\IR41_32.AX [9216 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
AlternateDataStreams: C:\ProgramData\TEMP:E4BC4A41 [125]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-2367333327-3174498308-918219143-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks" => removed successfully
HKU\S-1-5-21-2367333327-3174498308-918219143-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b0281c3-ee57-11e5-824d-806e6f6e6963} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{17519055-9E2A-47D1-856E-5DA9B1291879}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17519055-9E2A-47D1-856E-5DA9B1291879}" => removed successfully
C:\Windows\System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Juan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HardDiskSentinel\Hard Disk Sentinel_Juan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{349BFB00-E21B-48CE-A730-5C9F2D2EAB65}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{349BFB00-E21B-48CE-A730-5C9F2D2EAB65}" => removed successfully
C:\Windows\System32\Tasks\{9F471158-74AA-49DC-B30E-4FCEA71AB9BE} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9F471158-74AA-49DC-B30E-4FCEA71AB9BE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F1EA09D-803F-4A2C-8E06-AFC65066332A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F1EA09D-803F-4A2C-8E06-AFC65066332A}" => removed successfully
C:\Windows\System32\Tasks\{74173D8B-F6C4-4CD5-95C0-75B2EA939DC3} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{74173D8B-F6C4-4CD5-95C0-75B2EA939DC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84AA43D5-8B31-482D-87AD-D8DCA4E1411C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84AA43D5-8B31-482D-87AD-D8DCA4E1411C}" => removed successfully
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BA6705A-FEF2-4672-A772-E5B588AA22B1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BA6705A-FEF2-4672-A772-E5B588AA22B1}" => removed successfully
C:\Windows\System32\Tasks\{B9660070-C5BE-4815-9CAE-9B9FDE07491F} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B9660070-C5BE-4815-9CAE-9B9FDE07491F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{CEBE2049-58D5-4290-8484-34BB85E62925}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEBE2049-58D5-4290-8484-34BB85E62925}" => removed successfully
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
C:\Program Files\Common Files\AVAST Software => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6BAC22A-B783-4FBD-B728-280E23C1D08D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6BAC22A-B783-4FBD-B728-280E23C1D08D}" => removed successfully
C:\Windows\System32\Tasks\{1C1D03E9-8426-47EC-919C-0445C9F64816} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C1D03E9-8426-47EC-919C-0445C9F64816}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8960B10-D751-42AE-9AFE-91B430501290}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8960B10-D751-42AE-9AFE-91B430501290}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update" => removed successfully
"HKU\S-1-5-21-2367333327-3174498308-918219143-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-18] (Oracle America, Inc." => not found
C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-18] (Oracle America, Inc." => not found
C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-18] (Oracle America, Inc." => not found
C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-18] (Oracle America, Inc." => not found
C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll => moved successfully
HKLM\System\CurrentControlSet\Services\BavSvc => removed successfully
BavSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\BHipsSvc => removed successfully
BHipsSvc => service removed successfully
C:\Program Files (x86)\Baidu Security => moved successfully
HKLM\System\CurrentControlSet\Services\BdSandbox => removed successfully
BdSandbox => service removed successfully
C:\Windows\System32\drivers\BdSandbox.sys => moved successfully
Bfilter => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Bfilter => removed successfully
Bfilter => service removed successfully
C:\Windows\System32\drivers\Bfilter.sys => moved successfully
Bfmon => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Bfmon => removed successfully
Bfmon => service removed successfully
C:\Windows\System32\drivers\Bfmon.sys => moved successfully
Bnbase => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Bnbase => removed successfully
Bnbase => service removed successfully
C:\Windows\System32\drivers\bnbasex64.sys => moved successfully
Bndef => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Bndef => removed successfully
Bndef => service removed successfully
C:\Windows\System32\drivers\bndef64.sys => moved successfully
Bprotect => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Bprotect => removed successfully
Bprotect => service removed successfully
C:\Windows\System32\drivers\Bprotect.sys => moved successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\BdApiUtil => removed successfully
BdApiUtil => service removed successfully
HKLM\System\CurrentControlSet\Services\BdCameraProtect => removed successfully
BdCameraProtect => service removed successfully
HKLM\System\CurrentControlSet\Services\Bnmon => removed successfully
Bnmon => service removed successfully
HKLM\System\CurrentControlSet\Services\WinDivert1.1 => removed successfully
WinDivert1.1 => service removed successfully
C:\ProgramData\Baidu Security => moved successfully
C:\ProgramData\BavSvc_exe => moved successfully
C:\ProgramData\IObit => moved successfully
C:\Users\Juan\AppData\Roaming\IObit => moved successfully
C:\Users\Juan\AppData\LocalLow\IObit => moved successfully
C:\Program Files (x86)\IObit => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Baidu_Scan => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Baidu_Scan => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.iv50" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.iac2" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.IV41" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FMVC" => not found
C:\ProgramData\TEMP => ":E4BC4A41" ADS removed successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Ethernet:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.35
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de t£nel isatap.{0B2807ED-4295-4A6D-AD67-5E24D9D1610C}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2367333327-3174498308-918219143-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2367333327-3174498308-918219143-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14805162 B
Java, Flash, Steam htmlcache => 1171 B
Windows/system/drivers => 2051552 B
Edge => 0 B
Chrome => 142022 B
Firefox => 607467868 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 256 B
LocalService => 2593 B
NetworkService => 28047 B
Juan => 13926660 B

RecycleBin => 139024081 B
EmptyTemp: => 749.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:17:22 ====

Hola @anibalbarca

Si ya puede no requerirlo, te lo comente por que tenias versiones viejas instaladas que eliminamos.

El Fix perfecto, solo resta que comentes como sientes el equipo y tu navegador.

Salu2

Hola SanMar, el problema ha mejorado muchisimo, ya puedo abrir varias pestañas al mismo tiempo y tambien en el modo ventana privada, espero que se mantenga asi, muchas gracias, solo dos preguntas:

1 de todos los programas descargados e instalados cuales debo dejar? 2 como proteccion tengo el windows defender y ahora malwarebytes, con eso es suficiente?

Nuevamente gracias por la ayuda

Hola @anibalbarca

Para eliminar las herramientas utilizadas:

Descargas/Ejecutas >> Delfix, desde tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)
  • Marca las casilla Remove disinfection tools y Purgue Sistem Restore
  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Nos comentas si todo esta en orden para dar por Solucionado el tema.


Malwarebytes podrás utilizarlo para escaneos periódicos, la versión gratuita no tiene protección en tiempo real.

En cuanto a antivirus yo te recomiendo instales Kaspersky Free.

Para protección en tu navegador es recomendable que le instales la extensión Malwarebytes Browser Guard.

Nos comentas.

Salu2.

1 me gusta

Muy bien estuve testeando estos dias y todo parece funcionar bien, asi que muchas gracias.

Hola @anibalbarca

Que bueno que hayamos podido resolver tu consulta…:+1:

Para otros problemas, ya sabes donde encontrarnos. :wink:

Tema Solucionado

Salu2.

1 me gusta