Firefox no arranca y otros navegadores andan lentos


#1

El navegador Firefox no carga para nada, ninguna página. Intento navegar con otros programams como ser el Opera o el Chrome, pero estos en el proceso de descarga de una imágen o docuento son muy lentos, tarda como 5 minutos o más, el servicio de internet no anda lento, ya que las páginas cargan normalmente en estos otros navegadores.


#2

Buenas @Ariel1818

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos Javier.


#3

voy a enviar la respuesta en dos posts por favor, en uno solo no me deja por la cantidad de caracteres limitada

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 24/2/19
Hora del análisis: 20:12
Archivo de registro: 1995e5ce-3892-11e9-9d56-047d7b0c4ab8.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.538
Versión del paquete de actualización: 1.0.9406
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17134.590)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-U1GT86C\gp

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 382943
Amenazas detectadas: 15
Amenazas en cuarentena: 15
Tiempo transcurrido: 8 min, 17 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 1
Adware.SmartApplicationController.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A6AE177E-D46B-4463-AA69-B9F818E0DC4A}_is1, En cuarentena, [5499], [470279],1.0.9406

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 5
Adware.SmartApplicationController, C:\USERS\GP\APPDATA\ROAMING\SMART APPLICATION CONTROLLER, En cuarentena, [4276], [470282],1.0.9406
Adware.SmartApplicationController.TskLnk, C:\PROGRAM FILES (X86)\SMART APPLICATION CONTROLLER, En cuarentena, [5499], [470279],1.0.9406
Adware.SmartApplicationController, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SMART APPLICATION CONTROLLER, En cuarentena, [4276], [471427],1.0.9406
PUP.Optional.QuickStoresTB, C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\chrome, En cuarentena, [3171], [179110],1.0.9406
PUP.Optional.QuickStoresTB, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\[email protected], En cuarentena, [3171], [179110],1.0.9406

Archivo: 9
Adware.SmartApplicationController, C:\USERS\GP\APPDATA\ROAMING\SMART APPLICATION CONTROLLER\SETTINGS.INI, En cuarentena, [4276], [470282],1.0.9406
Adware.SmartApplicationController.TskLnk, C:\PROGRAM FILES (X86)\SMART APPLICATION CONTROLLER\SMAPPSCONTROLLER.EXE, En cuarentena, [5499], [470279],1.0.9406
Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\software_update.ico, En cuarentena, [5499], [470279],1.0.9406
Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\unins000.dat, En cuarentena, [5499], [470279],1.0.9406
Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\unins000.exe, En cuarentena, [5499], [470279],1.0.9406
Adware.SmartApplicationController, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SMART APPLICATION CONTROLLER\SMART APPLICATION CONTROLLER.LNK, En cuarentena, [4276], [471427],1.0.9406
PUP.Optional.QuickStoresTB, C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\chrome\quickstorestoolbar.jar, En cuarentena, [3171], [179110],1.0.9406
PUP.Optional.QuickStoresTB, C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\chrome.manifest, En cuarentena, [3171], [179110],1.0.9406
PUP.Optional.QuickStoresTB, C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\install.rdf, En cuarentena, [3171], [179110],1.0.9406

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-01-25.2 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-24-2019
# Duration: 00:00:07
# OS:       Windows 10 Pro
# Cleaned:  14
# Failed:   0


***** [ Services ] *****

Deleted       WCAssistantService

***** [ Folders ] *****

Deleted       C:\Users\gp\AppData\Roaming\QuickStoresToolbar
Deleted       C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar|{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted       SaveFrom.net helper

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2605 octets] - [24/02/2019 20:31:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4

el JRT no me generó ningun reporte

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019 02
Ran by gp (administrator) on DESKTOP-U1GT86C (24-02-2019 20:46:20)
Running from C:\Users\gp\Desktop
Loaded Profiles: gp & MSSQL$SQLEXPRESS (Available Profiles: gp & Administrador & MSSQL$SQLEXPRESS)
Platform: Windows 10 Pro Version 1803 17134.590 (X64) Language: Español (México)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Aspen Technology, Inc.) C:\Program Files (x86)\AspenTech\BPE\AfwSecCliSvc.exe
() C:\Program Files (x86)\AspenTech\Aspen OnLine V9.0\AOLService350.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(Rogue Wave Software) C:\Program Files (x86)\Common Files\AspenTech Shared\Portmapper\PORTSERV.EXE
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Macrovision Corporation) C:\Program Files (x86)\OriginLab\FLEXnet Server\Servers\lmgrd.exe
(Macrovision Corporation) C:\Program Files (x86)\OriginLab\FLEXnet Server\Servers\lmgrd.exe
() C:\Program Files (x86)\OriginLab\FLEXnet Server\Servers\orglab.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [570736 2011-03-31] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [193112 2017-03-09] (Intel(R) pGFX -> Intel Corporation)
HKLM...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [420960 2017-03-09] (Intel(R) pGFX -> Intel Corporation)
HKLM...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [463960 2017-03-09] (Intel(R) pGFX -> Intel Corporation)
HKLM-x32...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [669248 2018-07-27] (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre1.5.0_12\bin\jusched.exe [75520 2007-05-02] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-313754750-2512840211-1347934822-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATILUE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-313754750-2512840211-1347934822-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19646312 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-17] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2011-11-28] (CyberLink -> CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2011-11-28] (CyberLink -> CyberLink)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{2a1f3c1d-31c7-4449-92d8-1f512f87a810}: [NameServer] 200.58.72.77,200.58.72.78

Internet Explorer:
==================
HKU\S-1-5-21-313754750-2512840211-1347934822-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://kamisoft-full.blogspot.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-12-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.5.0_12\bin\ssv.dll [2007-05-02] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies SA -> Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\gp\AppData\Roaming\Mozilla\Firefox\Profiles\l8wl31a4.default [2019-02-24]
FF user.js: detected! => C:\Users\gp\AppData\Roaming\Mozilla\Firefox\Profiles\l8wl31a4.default\user.js [2016-08-02]
FF Homepage: Mozilla\Firefox\Profiles\l8wl31a4.default -> hxxp://www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\l8wl31a4.default -> is enabled.
FF Extension: (Video Downloader Pro) - C:\Users\gp\AppData\Roaming\Mozilla\Firefox\Profiles\l8wl31a4.default\Extensions\@video_downloader_pro.xpi [2018-05-31]
FF Extension: (Flash Video Downloader) - C:\Users\gp\AppData\Roaming\Mozilla\Firefox\Profiles\l8wl31a4.default\Extensions\[email protected] [2019-01-26]
FF Extension: (Video DownloadHelper) - C:\Users\gp\AppData\Roaming\Mozilla\Firefox\Profiles\l8wl31a4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: (360 Internet Protection) - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-08-21] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-18] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\gp\AppData\Local\Google\Chrome\User Data\Default [2019-02-24]
CHR Extension: (Documentos) - C:\Users\gp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-06]
CHR Extension: (Google Drive) - C:\Users\gp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-31]
CHR Extension: (YouTube) - C:\Users\gp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-31]
CHR Extension: (Búsqueda de Google) - C:\Users\gp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-08-02]
CHR Extension: (Video Downloader professional) - C:\Users\gp\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-11-06]
CHR Extension: (EditThisCookie) - C:\Users\gp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2019-01-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\gp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-16]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\gp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-16]
CHR Extension: (Video Downloader Pro - descarga videos) - C:\Users\gp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofcgiflmicieegobmapobiohjeokdbcd [2018-01-21]
CHR Extension: (Gmail) - C:\Users\gp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\gp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-21]
CHR HKLM-x32\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Video Downloader Pro) - C:\Users\gp\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibehiiilehaakkhkigckfjfknboalpbe [2017-07-10]
OPR Extension: (SaveFrom.net helper) - C:\Users\gp\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2019-02-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AfwSecCliSvc; C:\Program Files (x86)\AspenTech\BPE\AfwSecCliSvc.exe [431104 2016-03-22] (Aspen Technology, Inc.) [File not signed]
R2 AOLSvc350; C:\Program Files (x86)\AspenTech\Aspen OnLine V9.0\AOLService350.exe [34304 2016-03-30] () [File not signed]
S2 AutoStartCIMIO; C:\Program Files (x86)\AspenTech\CIM-IO\code\CimioManager.exe [275776 2016-04-20] (Aspen Technology, Inc. -> Aspen Technology, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6877224 2018-06-06] (BattlEye Innovations e.K. -> )
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-19] (CyberLink -> )
S3 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink -> CyberLink)
S3 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink -> CyberLink)
R2 Flexlm Service 1; C:\Program Files (x86)\OriginLab\FLEXnet Server\Servers\lmgrd.exe [1372160 2007-05-11] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [192192 2015-05-05] (Microsoft Corporation -> Microsoft Corporation)
R2 NobleNet Portmapper for TCP; C:\Program Files (x86)\Common Files\AspenTech Shared\Portmapper\PORTSERV.EXE [89408 2016-04-08] (Aspen Technology, Inc. -> Rogue Wave Software)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [960576 2018-07-25] (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-11-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-05-05] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-09] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120016 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [192600 2018-07-25] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [95232 2018-04-16] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [95232 2018-07-25] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360Box64; C:\WINDOWS\System32\DRIVERS\360Box64.sys [340568 2018-07-25] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360Camera; C:\WINDOWS\System32\Drivers\360Camera64.sys [57848 2017-05-17] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360FsFlt; C:\WINDOWS\System32\DRIVERS\360FsFlt.sys [443992 2018-07-25] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360netmon; C:\WINDOWS\System32\DRIVERS\360netmon.sys [96424 2018-01-12] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV64.sys [211160 2018-12-21] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
R3 clwvd; C:\WINDOWS\system32\DRIVERS\clwvd.sys [31216 2011-04-13] (CyberLink -> CyberLink Corporation)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [241368 2014-10-10] (ESET, spol. s r.o. -> ESET)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [5382856 2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [317440 2010-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S4 RsFx0201; C:\WINDOWS\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation -> Microsoft Corporation)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [213080 2018-08-14] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [222864 2018-08-14] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-04-12] (CyberLink -> CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-24 20:46 - 2019-02-24 20:48 - 000019082 _____ C:\Users\gp\Desktop\FRST.txt
2019-02-24 20:46 - 2019-02-24 20:46 - 000000000 ____D C:\FRST
2019-02-24 20:38 - 2019-02-24 20:39 - 000002531 _____ C:\Users\gp\Desktop\adware.txt
2019-02-24 20:30 - 2019-02-24 20:33 - 000000000 ____D C:\AdwCleaner
2019-02-24 20:11 - 2019-02-24 20:11 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-24 20:11 - 2019-02-24 20:11 - 000000000 ____D C:\Users\gp\AppData\Local\mbamtray
2019-02-24 20:11 - 2019-02-24 20:11 - 000000000 ____D C:\Users\gp\AppData\Local\mbam
2019-02-24 20:11 - 2019-02-24 20:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-24 20:11 - 2019-02-24 20:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-24 20:11 - 2019-02-24 20:11 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-24 20:11 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-02-24 20:11 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-24 20:00 - 2019-02-24 20:45 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-02-24 20:00 - 2019-02-24 20:00 - 000002882 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-02-24 20:00 - 2019-02-24 20:00 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-02-24 20:00 - 2019-02-24 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-02-24 20:00 - 2019-02-24 20:00 - 000000000 ____D C:\Program Files\CCleaner
2019-02-23 22:07 - 2019-02-23 22:07 - 002435072 _____ (Farbar) C:\Users\gp\Desktop\FRST64.exe
2019-02-23 22:05 - 2019-02-23 22:05 - 007316688 _____ (Malwarebytes) C:\Users\gp\Desktop\adwcleaner_7.2.7.0.exe
2019-02-23 22:05 - 2019-02-23 22:05 - 001790024 _____ (Malwarebytes) C:\Users\gp\Desktop\JRT.exe
2019-02-23 22:02 - 2019-02-23 22:04 - 062131408 _____ (Malwarebytes ) C:\Users\gp\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9406.exe
2019-02-23 22:01 - 2019-02-23 22:01 - 019384632 _____ (Piriform Software Ltd) C:\Users\gp\Desktop\ccsetup553.exe
2019-02-20 21:58 - 2019-02-20 22:38 - 960654478 _____ C:\Users\gp\Downloads\Nekane born to fuck.mp4
2019-02-20 16:30 - 2019-02-20 16:33 - 001740585 _____ C:\Users\gp\Downloads\El Hombre que Calculaba - Malba Tahan_2.pdf
2019-02-20 16:05 - 2019-02-20 16:11 - 014381087 _____ C:\Users\gp\Downloads\10000000_329633837675502_1092192335673263455_n.mp4
2019-02-20 05:56 - 2019-02-20 05:57 - 051997308 _____ C:\Users\gp\Downloads\25 TRUCOS PARA DIBUJAR COMO UN PROFESIONAL.mp4
2019-02-18 13:27 - 2019-01-11 22:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-18 13:27 - 2019-01-09 01:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-18 13:27 - 2019-01-09 01:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-18 13:27 - 2019-01-09 01:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-18 13:27 - 2019-01-09 01:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-18 13:26 - 2019-02-06 03:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-18 13:26 - 2019-02-06 03:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-18 13:26 - 2019-02-06 03:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-18 13:26 - 2019-02-06 03:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-18 13:26 - 2019-02-06 03:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-18 13:26 - 2019-02-06 02:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-18 13:26 - 2019-02-06 02:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-18 13:26 - 2019-02-05 23:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-18 13:26 - 2019-02-05 23:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-18 13:26 - 2019-02-05 23:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-18 13:26 - 2019-02-05 23:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-18 13:26 - 2019-02-05 23:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-18 13:26 - 2019-02-05 23:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-18 13:26 - 2019-02-05 23:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-18 13:26 - 2019-02-05 23:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-18 13:26 - 2019-02-05 23:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-18 13:26 - 2019-02-05 23:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-18 13:26 - 2019-02-05 23:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-18 13:26 - 2019-02-05 23:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-18 13:26 - 2019-02-05 23:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-18 13:26 - 2019-02-05 23:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-18 13:26 - 2019-02-05 23:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-18 13:26 - 2019-02-05 23:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-18 13:26 - 2019-02-05 23:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-18 13:26 - 2019-02-05 22:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-18 13:26 - 2019-02-05 22:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-18 13:26 - 2019-02-05 22:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-18 13:26 - 2019-02-05 22:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-18 13:26 - 2019-02-05 22:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-18 13:26 - 2019-02-05 22:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-18 13:26 - 2019-02-05 22:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-18 13:26 - 2019-02-05 22:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-18 13:26 - 2019-02-05 22:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-18 13:26 - 2019-02-05 22:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-18 13:26 - 2019-02-05 22:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-18 13:26 - 2019-02-05 22:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-18 13:26 - 2019-02-05 22:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-18 13:26 - 2019-02-05 22:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-18 13:26 - 2019-02-05 22:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-18 13:26 - 2019-02-05 22:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-18 13:26 - 2019-02-05 22:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-18 13:26 - 2019-02-05 22:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-18 13:26 - 2019-02-05 22:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-18 13:26 - 2019-02-05 22:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-18 13:26 - 2019-02-05 22:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-18 13:26 - 2019-02-05 22:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-18 13:26 - 2019-02-05 22:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-18 13:26 - 2019-02-05 22:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-18 13:26 - 2019-02-05 22:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-18 13:26 - 2019-02-05 22:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-18 13:26 - 2019-02-05 22:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-18 13:26 - 2019-02-05 22:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-18 13:26 - 2019-01-09 13:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-18 13:26 - 2019-01-09 13:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-18 13:26 - 2019-01-09 13:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-18 13:26 - 2019-01-09 13:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-18 13:26 - 2019-01-09 05:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-18 13:26 - 2019-01-09 05:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-18 13:26 - 2019-01-09 04:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-18 13:26 - 2019-01-09 04:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-18 13:26 - 2019-01-09 01:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-18 13:26 - 2019-01-09 01:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-18 13:26 - 2019-01-09 01:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-18 13:26 - 2019-01-09 01:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-18 13:26 - 2019-01-09 01:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-18 13:26 - 2019-01-09 01:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-18 13:26 - 2019-01-09 01:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-18 13:26 - 2019-01-09 01:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-18 13:26 - 2019-01-09 01:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-18 13:26 - 2019-01-09 01:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-18 13:26 - 2019-01-09 01:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-18 13:26 - 2019-01-09 01:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-18 13:26 - 2019-01-09 01:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-18 13:26 - 2019-01-09 01:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-18 13:26 - 2019-01-09 01:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-18 13:26 - 2019-01-09 01:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-18 13:26 - 2019-01-09 01:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-18 13:26 - 2019-01-09 01:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-18 13:26 - 2019-01-09 01:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-18 13:26 - 2019-01-09 01:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-18 13:26 - 2019-01-09 01:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-18 13:26 - 2019-01-09 01:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-18 13:26 - 2019-01-09 01:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-18 13:26 - 2019-01-09 01:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-18 13:26 - 2019-01-09 01:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-18 13:26 - 2019-01-09 01:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-18 13:26 - 2019-01-09 01:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-18 13:26 - 2019-01-09 01:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-18 13:26 - 2019-01-09 01:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-18 13:26 - 2019-01-09 01:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-18 13:26 - 2019-01-09 01:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-18 13:26 - 2019-01-09 01:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-18 13:26 - 2019-01-09 01:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-18 13:26 - 2019-01-09 01:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-18 13:26 - 2019-01-09 01:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-18 13:26 - 2019-01-09 01:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-18 13:26 - 2019-01-09 01:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-18 13:26 - 2019-01-09 01:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-18 13:26 - 2019-01-09 01:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-18 13:26 - 2019-01-09 01:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-18 13:26 - 2019-01-09 01:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-18 13:26 - 2019-01-09 01:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-18 13:26 - 2019-01-09 01:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-18 13:26 - 2019-01-09 01:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-18 13:26 - 2019-01-09 01:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-18 13:26 - 2019-01-09 01:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-18 13:26 - 2019-01-07 23:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-18 13:25 - 2019-02-06 03:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-18 13:25 - 2019-02-06 03:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-18 13:25 - 2019-02-06 03:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-18 13:25 - 2019-02-06 02:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-18 13:25 - 2019-02-06 02:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-18 13:25 - 2019-02-05 23:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-18 13:25 - 2019-02-05 23:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-18 13:25 - 2019-02-05 23:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-18 13:25 - 2019-02-05 23:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-18 13:25 - 2019-02-05 23:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-18 13:25 - 2019-02-05 23:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-18 13:25 - 2019-02-05 23:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-18 13:25 - 2019-02-05 22:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-18 13:25 - 2019-02-05 22:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-18 13:25 - 2019-02-05 22:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-18 13:25 - 2019-02-05 22:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-18 13:25 - 2019-02-05 22:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-18 13:25 - 2019-02-05 22:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-18 13:25 - 2019-02-05 22:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-18 13:25 - 2019-02-05 22:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-18 13:25 - 2019-02-05 21:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-18 13:25 - 2019-01-12 04:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-18 13:25 - 2019-01-09 14:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-18 13:25 - 2019-01-09 13:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-18 13:25 - 2019-01-09 13:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-18 13:25 - 2019-01-09 13:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-18 13:25 - 2019-01-09 06:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-18 13:25 - 2019-01-09 01:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-18 13:25 - 2019-01-09 01:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-18 13:25 - 2019-01-09 01:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-18 13:25 - 2019-01-09 01:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-18 13:25 - 2019-01-09 01:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-18 13:25 - 2019-01-09 01:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-18 13:25 - 2019-01-09 01:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-18 13:25 - 2019-01-09 01:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-18 13:25 - 2019-01-09 01:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-18 13:25 - 2019-01-09 01:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-18 13:25 - 2019-01-09 01:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-18 13:25 - 2019-01-09 01:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-18 13:25 - 2019-01-09 01:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-18 13:25 - 2019-01-09 01:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-18 13:25 - 2019-01-09 01:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-18 13:25 - 2019-01-09 01:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-18 13:25 - 2019-01-09 01:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-18 13:25 - 2019-01-09 01:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-18 13:25 - 2019-01-09 01:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-18 13:25 - 2019-01-09 01:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-18 13:25 - 2019-01-09 01:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-18 13:25 - 2019-01-09 01:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-18 13:25 - 2019-01-09 01:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-18 13:25 - 2019-01-09 01:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-18 13:25 - 2019-01-09 00:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-18 13:25 - 2019-01-09 00:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-18 13:25 - 2019-01-08 05:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-18 13:25 - 2019-01-07 23:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-18 13:25 - 2019-01-07 23:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-01-27 18:34 - 2018-09-20 00:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-24 20:44 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-24 20:41 - 2017-06-22 19:05 - 000000000 ____D C:\Program Files\Opera
2019-02-24 20:36 - 2016-10-14 13:08 - 000000219 _____ C:\WINDOWS\SysWOW64\lsprst7.tgz
2019-02-24 20:36 - 2016-10-14 13:08 - 000000205 _____ C:\WINDOWS\SysWOW64\lsprst7.dll
2019-02-24 20:36 - 2016-10-14 13:08 - 000000017 ____H C:\WINDOWS\SysWOW64\servdat.slm
2019-02-24 20:35 - 2018-06-03 09:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-24 20:34 - 2018-05-23 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-02-24 20:34 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-24 20:11 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-24 20:08 - 2016-09-06 06:40 - 000000000 ____D C:\Users\gp\AppData\Roaming\MPC-HC
2019-02-24 20:08 - 2016-08-02 23:45 - 000000000 ____D C:\Users\gp\AppData\Roaming\BitTorrent
2019-02-24 20:07 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-24 20:05 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-24 19:39 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-02-24 19:22 - 2016-08-21 13:11 - 000000000 ____D C:\Users\gp\AppData\LocalLow\360WD
2019-02-24 19:13 - 2018-06-03 09:31 - 001762872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-24 19:13 - 2018-04-12 12:21 - 000782506 _____ C:\WINDOWS\system32\perfh00A.dat
2019-02-24 19:13 - 2018-04-12 12:21 - 000152282 _____ C:\WINDOWS\system32\perfc00A.dat
2019-02-24 14:01 - 2018-06-03 09:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-24 06:42 - 2018-01-21 08:23 - 000000000 ____D C:\Users\gp\AppData\Roaming\360DrvMgr
2019-02-24 05:39 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-23 19:41 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-22 21:33 - 2018-06-03 09:13 - 000000000 ____D C:\Users\MSSQL$SQLEXPRESS
2019-02-22 21:33 - 2016-08-21 13:10 - 000000000 _RSHD C:\360SANDBOX
2019-02-22 12:21 - 2016-11-17 05:23 - 000000000 ____D C:\Users\gp\AppData\LocalLow\Mozilla
2019-02-22 12:17 - 2018-06-03 09:44 - 000003966 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1498172970
2019-02-22 12:17 - 2017-06-30 19:13 - 000001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-02-20 21:44 - 2018-06-03 09:44 - 000003542 _____ C:\WINDOWS\System32\Tasks\adobe acrobat update task
2019-02-20 21:43 - 2016-08-29 23:10 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-19 13:58 - 2017-11-06 21:02 - 000000000 ____D C:\Users\gp\dwhelper
2019-02-18 15:54 - 2018-06-03 09:13 - 000000000 ____D C:\Users\gp
2019-02-18 14:56 - 2018-06-03 09:13 - 000000000 ____D C:\Users\Administrador
2019-02-18 14:54 - 2018-06-03 09:07 - 000531456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-18 14:49 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-18 14:49 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-18 14:49 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-18 14:49 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-18 14:48 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-18 14:48 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-18 13:45 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-18 13:24 - 2016-08-11 01:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-18 13:13 - 2016-08-11 01:24 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-18 13:06 - 2016-08-02 17:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-02-18 12:13 - 2017-09-29 07:18 - 000000000 ____D C:\Program Files\rempl
2019-02-18 04:56 - 2018-09-14 07:46 - 000004612 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-18 04:56 - 2016-08-02 16:51 - 000000000 ____D C:\Users\gp\AppData\Local\Adobe
2019-02-18 04:55 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-02-18 04:55 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-02-18 04:45 - 2016-11-16 19:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-02-18 04:45 - 2016-08-02 18:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-17 14:53 - 2016-08-02 18:13 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-17 09:46 - 2016-08-02 18:10 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-17 09:21 - 2015-10-30 03:24 - 000000167 _____ C:\WINDOWS\win.ini
2019-02-17 09:12 - 2018-12-20 15:37 - 000002354 _____ C:\Users\gp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-17 09:12 - 2018-06-03 09:44 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-313754750-2512840211-1347934822-1001
2019-02-17 09:12 - 2016-08-02 15:32 - 000000000 ___RD C:\Users\gp\OneDrive
2019-02-09 13:33 - 2018-07-10 16:52 - 000000000 ____D C:\ProgramData\Packages
2019-02-05 23:01 - 2015-10-30 04:13 - 000407542 __RSH C:\bootmgr
2019-02-02 18:53 - 2018-09-12 17:46 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-02 18:53 - 2018-09-12 17:46 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-30 11:50 - 2016-08-02 18:13 - 000000000 ____D C:\ProgramData\Mozilla

==================== Files in the root of some directories =======

2017-03-29 16:04 - 2017-03-29 16:06 - 000001598 _____ () C:\Users\gp\AppData\Local\Cracklock.settings

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-03 09:07

==================== End of FRST.txt ============================

#5

tercer post… no me permite solo en dos

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by gp (24-02-2019 20:49:35)
Running from C:\Users\gp\Desktop
Windows 10 Pro Version 1803 17134.590 (X64) (2018-06-03 13:46:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-313754750-2512840211-1347934822-500 - Administrator - Enabled) => C:\Users\Administrador
DefaultAccount (S-1-5-21-313754750-2512840211-1347934822-503 - Limited - Disabled)
gp (S-1-5-21-313754750-2512840211-1347934822-1001 - Administrator - Enabled) => C:\Users\gp
Invitado (S-1-5-21-313754750-2512840211-1347934822-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-313754750-2512840211-1347934822-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 10.0.0.1167 - 360 Security Center)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20091 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{0E3C52E0-B4F1-4D1E-B172-E390813BD9FE}) (Version: 12.1.8.158 - Adobe Systems, Inc)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.50.1277, 19.06.2013 - AIMP DevTeam)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.109.1611.203 - Alps Electric)
Aspen Batch Process Developer V9 (HKLM-x32\...\{B67B69C7-7B00-4514-ADD1-53E531B4F1A8}) (Version: 35.0.0 - AspenTech)
Aspen Energy Analyzer V9 (HKLM-x32\...\{E5B228D7-A8CA-4815-8FBF-7AAC1E518307}) (Version: 35.0.0 - AspenTech)
Aspen Exchanger Design & Rating V9 (HKLM-x32\...\{A6D340A7-4151-41BB-A10D-C727352E1DD9}) (Version: 35.0.0 - AspenTech)
Aspen Flare System Analyzer V9 (HKLM-x32\...\{D0ACB4E1-3632-4B90-A093-1ECDC0C1A73B}) (Version: 35.0.0 - AspenTech)
Aspen OnLine V9 (HKLM-x32\...\{1D55324D-22EC-4E13-ACA4-414830E73A62}) (Version: 35.0.0 - AspenTech)
Aspen OTS Framework V9 (HKLM-x32\...\{D27C3A1D-B550-475D-AD21-6C523EDF03B0}) (Version: 35.0.0 - AspenTech)
Aspen Properties V9 (HKLM-x32\...\{5B0F5E87-0839-4D63-8B26-25067A0975C3}) (Version: 35.0.0 - AspenTech)
Aspen Simulation Workbook V9 (HKLM-x32\...\{EB8E0A94-F05B-44C6-AC20-1A7D933054C3}) (Version: 35.0.0 - AspenTech)
Aspen Utilities Planner V9 (HKLM-x32\...\{FF617BB4-593A-45E9-AABB-FD9CC82AFE1E}) (Version: 35.0.0 - AspenTech)
Aspen Version Comparison Assistant V9 (HKLM-x32\...\{CB2A860F-1C0D-41AE-8BC5-4E7B6D270D5B}) (Version: 35.0.0.12 - AspenTech)
BitTorrent (HKU\S-1-5-21-313754750-2512840211-1347934822-1001\...\BitTorrent) (Version: 7.10.5.44995 - BitTorrent Inc.)
Camtasia 9 (HKLM\...\{B8A4CB7E-7F5B-484F-A127-E4431000EDCE}) (Version: 9.0.4.1948 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{5957dd25-bb4e-4234-9dc0-b3e10a70f636}) (Version: 9.0.4.1948 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.53 - Piriform)
ClassWiz Emulator Subscription for fx-570/991EX (HKLM-x32\...\{16B76483-F8EB-4A08-9E48-517CFAF39B83}) (Version: 2.00.0000 - CASIO COMPUTER CO., LTD.)
Cracklock 3.9.45 (HKLM-x32\...\Cracklock_is1) (Version: 3.9.45 - William Blum)
CyberLink PowerDVD 11 (HKLM-x32\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.1620.51 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1129 - CyberLink Corp.)
dr.fone (Version 9.6.2) (HKLM-x32\...\{E8F86DA8-B8E4-42C7-AFD4-EBB692AC43FD}_is1) (Version: 9.6.2.23 - Wondershare Technology Co.,Ltd.)
Economic Evaluation V9 (HKLM-x32\...\{EA67A0EC-B055-4ED0-A171-CED348F0F8B5}) (Version: 35.1.0 - AspenTech)
Eines de correcció del Microsoft Office 2013: català (HKLM-x32\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
EPSON L120 Series Printer Uninstall (HKLM\...\EPSON L120 Series) (Version:  - SEIKO EPSON Corporation)
Epson Software Updater (HKLM-x32\...\{6DBD132B-7F42-4594-BBE7-0BB677EB2926}) (Version: 4.4.2 - SEIKO EPSON CORPORATION)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM-x32\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
FLEXnet Server for OriginLab (HKLM-x32\...\{8BCAC8C7-0F4F-4AC0-98C9-D766D8B64B30}) (Version: 11.40.0000 - Originlab)
GDR 3156 para SQL Server 2012 (KB3045318) (64-bit) (HKLM\...\KB3045318) (Version: 11.1.3156.0 - Microsoft Corporation)
GeoGebra Classic (HKU\S-1-5-21-313754750-2512840211-1347934822-1001\...\GeoGebra_6) (Version: 6.0.487 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\{6A21C1E8-DAC1-3C18-BCDC-2DBB4B352AD8}) (Version: 72.0.3626.109 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
J2SE Runtime Environment 5.0 Update 12 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150120}) (Version: 1.5.0.120 - Sun Microsystems, Inc.)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MATLAB R2016a (HKLM\...\Matlab R2016a) (Version: 9.0 - MathWorks)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Access Runtime 2010 (HKLM-x32\...\Office14.AccessRT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-313754750-2512840211-1347934822-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{4F640A82-635E-431A-856A-F43E5EAAC130}) (Version: 11.1.3156.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8AC82589-7217-48FE-9051-AE6D3B211B14}) (Version: 11.1.3156.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.1.3000.0 - Microsoft Corporation)
mikroC PRO for PIC (remove only) (HKLM-x32\...\mikroC PRO for PIC) (Version: 7.1.0.0 - mikroElektronika)
mikroProg Suite For PIC (remove only) (HKLM-x32\...\mikroProg Suite For PIC) (Version: 2.5.1.0 - mikroElektronika)
Mollier Demo 4.70 (HKLM-x32\...\{E666D503-4929-49D1-B85B-E0776D1C3773}) (Version: 4.7.0 - Tadema Hvac Software)
Mozilla Firefox 65.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0.1 (x64 en-US)) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 65.0.1.6981 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
Nero 8 Lite 8.1.1.3 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.1.1.3 - Updatepack.nl)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OPC Core Components Redistributable (x86) 105.1 (HKLM-x32\...\{40656A0A-4B04-43D7-8F68-32B55B2A156D}) (Version: 3.00.10501 - OPC Foundation)
Opera Stable 58.0.3135.68 (HKLM-x32\...\Opera 58.0.3135.68) (Version: 58.0.3135.68 - Opera Software)
Oracle VM VirtualBox 5.2.18 (HKLM\...\{F96A4E32-02CB-40E9-91C1-EE679237E107}) (Version: 5.2.18 - Oracle Corporation)
Origin8 (HKLM-x32\...\{E55E016B-8254-4A3F-ACEB-FE9988CD880F}) (Version: 8.00.000 - OriginLab) Hidden
OriginPro 8 (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.00.000 - OriginLab Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
Paquete de controladores de Windows - mikroElektronika (USB18PRG) ClassName  (04/15/2008 6.0.6001.18000) (HKLM\...\2DAA947A8FC48F6556BE7C6D950B82F5394E0A17) (Version: 04/15/2008 6.0.6001.18000 - mikroElektronika)
PCWHD (HKLM-x32\...\PCWHD) (Version: 4 - Custom Computer Services, Inc.)
Prezi (HKLM-x32\...\{63B8F931-2BF3-4D5D-9C28-E2EF88D83DFD}) (Version: 5.2.8 - Nombre de su organización)
Process Modeling (Aspen Plus) V9 (HKLM-x32\...\{77CB18C6-58AD-44F9-901A-8F88C3B0B890}) (Version: 35.0.0 - AspenTech)
Process Modeling (HYSYS) V9 (HKLM-x32\...\{93D0D6C6-9459-4F61-910C-1826AA158200}) (Version: 35.0.0 - AspenTech)
Proteus 8 Professional (HKLM-x32\...\Proteus 8 Professional_is1) (Version: 8.6.23525.0 - Labcenter Electronics)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6285 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10007 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM-x32\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
SAS Drivers for ODBC (HKLM-x32\...\{D85900D5-6E2F-45BE-944D-DFF7010A50B5}) (Version: 9.2 - SAS Institute Inc.)
SAS OnlineDoc 9.2 for Windows (HKLM-x32\...\{1D7BEDED-455C-4029-85EC-433D4C5EAAE1}) (Version: 9.2 - SAS Institute Inc.)
SAS Universal Viewer 1.0 (HKLM-x32\...\{7F110DE3-59ED-4F90-BC36-D8C96CB4BFCF}) (Version: 1.0 - SAS)
SAS VJR (HKLM-x32\...\febb569a337f725f5f8607711f665d3b) (Version:  - )
SAS/GRAPH NV Workshop 2.1 (HKLM-x32\...\{139EC523-67BF-4593-BB79-DD48B8C70769}) (Version: 9.2 - SAS)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{54846D1D-E5D5-4A28-AA6D-7208259007EA}) (Version:  - Microsoft)
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.1.3000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.96 - CipSoft GmbH)
Tibia (HKU\S-1-5-21-313754750-2512840211-1347934822-1001\...\Tibia) (Version:  - CipSoft GmbH)
UltraISO Premium V9.61 (HKLM-x32\...\UltraISO_is1) (Version:  - )
UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.8.3.3 - ) <==== ATTENTION
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.13 - Samsung Electronics CO., LTD.)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Skype for Business 2015 (KB4462135) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{84A498A6-4C4D-4B31-8537-11E2ACA3C0A1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462135) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{84A498A6-4C4D-4B31-8537-11E2ACA3C0A1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462135) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0C0A-0000-0000000FF1CE}_Office15.PROPLUS_{84A498A6-4C4D-4B31-8537-11E2ACA3C0A1}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
UsbFix (HKLM-x32\...\Usbfix) (Version: 9.001 - www.SOSVirus.Net)
VdhCoApp 1.2.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Web Companion (HKLM-x32\...\{31782b10-9d27-4f8c-9d2d-9614cb5f19e1}) (Version: 4.2.1846.3481 - Lavasoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
WinRAR 4.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-313754750-2512840211-1347934822-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\gp\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\gp\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\gp\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\gp\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\gp\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\gp\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll [2016-08-02] (AIMP DevTeam)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\gp\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers1: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-07-25] (QIHU 360 SOFTWARE CO. LIMITED -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-01-09] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-01-09] ()
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\gp\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll [2016-08-02] (AIMP DevTeam)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\gp\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers4: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-07-25] (QIHU 360 SOFTWARE CO. LIMITED -> )
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-01-09] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-01-09] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-07-25] (QIHU 360 SOFTWARE CO. LIMITED -> )
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-01-09] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-01-09] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0256BF93-61E0-48D5-A624-CCABF636B064} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {106E03B7-D284-416B-8B7F-9678008AD8CA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3A8F652C-B830-4415-BBC9-035248692D09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {4D304025-9954-48DB-97D3-73A8854602C3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {51D207E3-757A-4466-9656-EB2B7A3343A2} - System32\Tasks\adobe acrobat update task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {561F7F01-DAF7-4DFF-817E-A67C41621159} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6E94E8B1-B071-4A12-8A90-0EC166FB7C21} - System32\Tasks\EPSON L120 Series Update {0A18B087-1FCB-4453-AD86-DF35B093BD03} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {6EFF84E8-1B27-4E90-AB56-77E477B8BD2F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8FBDF2CD-2643-44B0-80DB-AA8277049831} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A87991FE-45FB-4451-AAD2-30F0F1D1E8D3} - System32\Tasks\Opera scheduled Autoupdate 1498172970 => C:\Program Files\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {B2B2DF88-5D86-448F-A335-DDE41DE67BED} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B60FE2D9-F706-4158-8D1D-8A374E89C8BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C1CCB6A7-0E87-4F41-B821-EF4669111205} - System32\Tasks\EPSON L120 Series Invitation {3B4A2385-A32E-4D70-82A1-C18F9E0E66ED} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {D80BEC82-2C17-4FB4-83CD-9E57281C4776} - System32\Tasks\EPSON L120 Series Invitation {0A18B087-1FCB-4453-AD86-DF35B093BD03} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {DD5A72F5-B435-48DE-B760-C29E3D88DD4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {EEB9AFFB-2A81-4A60-BBBB-38437D4D75BF} - System32\Tasks\EPSON L120 Series Update {3B4A2385-A32E-4D70-82A1-C18F9E0E66ED} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {FC68A6B3-1343-447A-889A-805F14CA6437} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON L120 Series Invitation {0A18B087-1FCB-4453-AD86-DF35B093BD03}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\WINDOWS\Tasks\EPSON L120 Series Invitation {3B4A2385-A32E-4D70-82A1-C18F9E0E66ED}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\WINDOWS\Tasks\EPSON L120 Series Update {0A18B087-1FCB-4453-AD86-DF35B093BD03}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE:/EXE:{0A18B087-1FCB-4453-AD86-DF35B093BD03} /F:UpdateWORKGROUP\DESKTOP-U1GT86C$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON L120 Series Update {3B4A2385-A32E-4D70-82A1-C18F9E0E66ED}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE:/EXE:{3B4A2385-A32E-4D70-82A1-C18F9E0E66ED} /F:UpdateWORKGROUP\DESKTOP-U1GT86C$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\gp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader\Help\русский.lnk -> C:\Users\gp\AppData\Local\UmmyVideoDownloader\1.8.3.3\help\Ummy_rus.pdf () <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2016-08-08 23:30 - 2015-03-11 22:43 - 000022528 _____ () C:\WINDOWS\System32\us003lm.dll
2016-03-30 18:39 - 2016-03-30 18:39 - 000034304 _____ () C:\Program Files (x86)\AspenTech\Aspen OnLine V9.0\AOLService350.exe
2016-08-02 18:08 - 2011-04-19 23:56 - 000083240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
2017-06-20 09:10 - 2007-06-14 18:53 - 001564672 _____ () C:\Program Files (x86)\OriginLab\FLEXnet Server\Servers\orglab.exe
2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2016-10-31 15:45 - 2016-10-31 15:45 - 000592384 _____ () C:\Users\gp\AppData\Local\MEGAsync\ShellExtX64.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 13:39 - 2018-11-08 22:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2010-07-15 00:44 - 2010-07-15 00:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-08-02 16:48 - 2012-01-09 20:44 - 000193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-08-21 13:09 - 2018-07-25 07:40 - 000818784 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2019-02-18 13:26 - 2019-02-05 22:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-02-22 05:02 - 2019-02-22 05:03 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-01-31 21:21 - 2019-01-31 21:25 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-31 21:21 - 2019-01-31 21:25 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2019-01-31 21:21 - 2019-01-31 21:25 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-12-29 02:40 - 2017-12-29 02:54 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-16 21:10 - 2019-01-16 21:13 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-01-31 21:21 - 2019-01-31 21:25 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-01-31 21:21 - 2019-01-31 21:25 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-30 15:53 - 2018-08-30 15:57 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-27 09:26 - 2018-07-27 09:29 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-313754750-2512840211-1347934822-1001\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2017-07-12 20:08 - 000001059 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 65.52.240.48
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 rosettastone.com
127.0.0.1 launch.rosettastone.com
127.0.0.1 amp.rosettastone.com
127.0.0.1 resources.rosettastone.com
127.0.0.1 updates.rosettastone.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-313754750-2512840211-1347934822-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\gp\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\B88.jpg
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "RemoteControl11"
HKU\S-1-5-21-313754750-2512840211-1347934822-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-313754750-2512840211-1347934822-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{22479B89-F17F-4F0C-AAE1-C2675C877BFA}] => (Allow) C:\Users\gp\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7CC2589F-E698-4BC7-8AB3-0E4DD6E6E8BD}] => (Allow) C:\Users\gp\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{FE2E665E-D6D8-4E2B-B97A-EEF561C66A6D}] => (Allow) LPort=8318
FirewallRules: [UDP Query User{3D8E28D8-A85B-4FE4-9CD8-26A773B39DEB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{B62FA440-1D4E-4410-B647-4C96A4D395F9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{2974DB43-77E8-4FDD-A879-A7D55B30A8AA}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [TCP Query User{A0DBE830-1077-430F-9222-5A99AC9B2F1F}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{E679E634-C0BB-48BB-B5BD-0DE1AE6636A3}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe (QIHU 360 SOFTWARE CO. LIMITED -> QIHU 360 SOFTWARE CO. LIMITED)
FirewallRules: [{444C3B9A-1B52-4D8D-BBCD-3FB283C2FDEB}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe (QIHU 360 SOFTWARE CO. LIMITED -> QIHU 360 SOFTWARE CO. LIMITED)
FirewallRules: [{6FEEC7A9-740D-48D1-99F2-1B7166876ED9}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (QIHU 360 SOFTWARE CO. LIMITED -> )
FirewallRules: [{6521DF86-D73D-46D5-8C85-199E13579EF8}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (QIHU 360 SOFTWARE CO. LIMITED -> )
FirewallRules: [{B01D5BEC-4BC2-4DDA-86AB-084F3B6E25F9}] => (Allow) C:\Users\gp\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0F88E9D8-0502-4FBE-A750-037C92F6FEA2}] => (Allow) C:\Users\gp\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{69841470-993A-4FB2-BC51-C0E72ACEC70A}] => (Allow) C:\Users\gp\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{EC4F0828-9036-4DFE-8C33-F8E165CD35AA}] => (Allow) C:\Users\gp\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{337EA8C8-7A55-4855-8507-8239E5886BBC}] => (Allow) C:\Users\gp\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7A1990FF-56AD-4592-AF08-6834FC2B2B0F}] => (Allow) C:\Users\gp\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{292B5719-43C1-4100-8C87-01CA93D202C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{832BF3EE-5590-43B7-B2D1-7F408FAC4892}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B0AA1A29-AE31-4D12-B06F-70A741EEF80A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\PowerDVDCinema11.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{703B42CE-31AF-4662-B89E-E72D51D3F837}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe (CyberLink -> CyberLink)
FirewallRules: [{ABC43BFA-B533-46F8-8934-3415E97BD206}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{E0533CD3-0104-4C21-9CCB-C53AF7AA5CD3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{8779D06B-26E3-4190-9A29-800A90FC907E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies SA -> Skype Technologies S.A.)
FirewallRules: [{C8F8F215-0232-4B13-B70C-46E4C6D99145}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4DB4388F-19DF-4982-A815-9DB7EF3EA24F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{257A6A83-F2D1-4D87-9E5F-696E436CF4AC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A75D7074-6C75-45B1-96E5-0B4241B456AE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1BA34AB-1867-4D4F-A966-4943DC805D3A}] => (Allow) C:\Program Files (x86)\AspenTech\AMSystem V9.0\Bin\AspenModeler.exe (Aspen Technology, Inc.)
FirewallRules: [{E63BE0BE-1CD4-4E08-B259-B4122F2298BB}] => (Allow) C:\Program Files (x86)\AspenTech\AMSystem V9.0\Bin\AspenModeler.exe (Aspen Technology, Inc.)
FirewallRules: [{DD2CDFA8-8FA6-458C-A6AB-E34584BD3A72}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe (Rosetta Stone Ltd -> Rosetta Stone Ltd.)
FirewallRules: [{532B8B69-596D-40E4-8947-F42B69AB4FB4}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe (Rosetta Stone Ltd -> Rosetta Stone Ltd.)
FirewallRules: [{DE6026D1-B145-46B0-B700-13BD3C40E079}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd -> Rosetta Stone Ltd.)
FirewallRules: [{A7E910CE-615B-4E7C-A2BB-49D2D7560E5C}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd -> Rosetta Stone Ltd.)
FirewallRules: [TCP Query User{03A8AD4F-F759-43C7-BB0D-EE6B0F50C23B}C:\program files\matlab\r2016a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2016a\bin\win64\matlab.exe (The MathWorks, Inc. -> The MathWorks Inc.)
FirewallRules: [UDP Query User{B9AAD34B-2FCF-4AFE-A953-692907FD0A8A}C:\program files\matlab\r2016a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2016a\bin\win64\matlab.exe (The MathWorks, Inc. -> The MathWorks Inc.)
FirewallRules: [{90EDFD72-6662-4999-8747-BC19AF2E0349}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{161E1CE2-E461-42C8-A621-0052F4CE8C43}] => (Allow) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{F87FFF6F-B9BF-4923-9657-9DDA9DAF19EC}] => (Allow) C:\Program Files\Opera\58.0.3135.68\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B4840546-6892-40EB-9AD1-4BEB634F0423}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{DC55073B-3B10-44CC-A896-33F4374066F7}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)

==================== Restore Points =========================

24-02-2019 20:40:01 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2019 08:38:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/24/2019 08:35:34 PM) (Source: CIMIOManager) (EventID: 5) (User: )
Description: Event-ID 5

Error: (02/24/2019 08:35:27 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 8317) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'. SQL Server performance counters are disabled.

Error: (02/24/2019 08:28:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/24/2019 08:25:50 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 8317) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'. SQL Server performance counters are disabled.

Error: (02/24/2019 08:25:50 PM) (Source: CIMIOManager) (EventID: 5) (User: )
Description: Event-ID 5

Error: (02/24/2019 07:58:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa ccsetup553.exe, versión 5.53.0.7034, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 1528

Hora de inicio: 01d4cc9cb8d32774

Hora de finalización: 17

Ruta de la aplicación: C:\Users\gp\Desktop\ccsetup553.exe

Identificador de informe: 1eb47d48-d29f-464c-b4d2-bc2008818367

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (02/24/2019 07:11:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (02/24/2019 08:38:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (02/24/2019 08:35:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Aspen CIM-IO Manager se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (02/24/2019 08:33:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio SQL Server (SQLEXPRESS) se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (02/24/2019 08:33:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Aspen OnLine V9.0 se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (02/24/2019 08:33:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel(R) Management and Security Application User Notification Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (02/24/2019 08:33:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Remediation Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (02/24/2019 08:33:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio AFW Security Client Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (02/24/2019 08:33:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Flexlm Service 1 se terminó de manera inesperada. Esto ha sucedido 1 veces.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 50%
Total physical RAM: 3936.57 MB
Available physical RAM: 1965.3 MB
Total Virtual: 7776.57 MB
Available Virtual: 5866.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:145.56 GB) (Free:13.07 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:151.6 GB) (Free:18.21 GB) NTFS

\\?\Volume{aa7f958a-0000-0000-0000-e08224000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: AA7F958A)
Partition 1: (Active) - (Size=145.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=151.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

todo esta perfecto ahora. Muchas gracias


#6

Perfecto :+1: excelente, nos alegra ver que ya está el problema inicial completamente arreglado, ahora solo queda eliminar las herramientas usadas.

Para hacerlo descarga :arrow_forward: DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.


Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos. :+1:

Tema Solucionado.

Saludos, Javier.


cerrado #7