Https://foto2019.com/actualiza.php es algun spyware?

ultimamente esto me sale cuando quiero entrar a fb desde mi computadora, coloco facebook.com y me direcciona a esta pagina https://foto2019.com/actualiza.php la cual me dice debo actualizar. Alguien me diga como puedo quitar esto gracias

Hola @Ricarmy2k bienvenido al foro!!!

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis personalizado, actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Historial de detecciones encontrarás el reporte de MBAM, clic en Exportar >> Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine >> clic en ejecutar limpiador
  • Clic en la pestaña Registro >> clic en buscar problemas esperas que termine >> clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

¿Cómo pegar reportes en el foro?

Un saludo

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 11/5/20
Hora del análisis: 9:43
Archivo de registro: 3499d2aa-939e-11ea-be82-7085c240164f.json

-Información del software-
Versión: 4.1.0.56
Versión de los componentes: 1.0.896
Versión del paquete de actualización: 1.0.23670
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 18362.778)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-5HKBV0U\Usuario

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 140473
Amenazas detectadas: 7
Amenazas en cuarentena: 7
Tiempo transcurrido: 0 min, 41 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Desactivado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 4
PUP.Optional.ChinAd, HKU\S-1-5-21-498946065-1840606481-2339772968-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F72C8153-7140-4FEE-8F69-CA4579D71195}, En cuarentena, 1697, 367183, 1.0.23670, , ame, 
Malware.Generic.4079798163, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AutoKMS, En cuarentena, 1000000, 0, , , , 
Malware.Generic.4079798163, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1A74B8CA-D825-416A-8AF6-CD8FFC93F1BF}, En cuarentena, 1000000, 0, , , , 
Malware.Generic.4079798163, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{1A74B8CA-D825-416A-8AF6-CD8FFC93F1BF}, En cuarentena, 1000000, 0, , , , 

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 3
Malware.Generic.4079798163, C:\WINDOWS\TASKS\AutoKMS.job, En cuarentena, 1000000, 0, , , , 
Malware.Generic.4079798163, C:\WINDOWS\SYSTEM32\TASKS\AutoKMS, En cuarentena, 1000000, 0, , , , 
Malware.Generic.4079798163, C:\WINDOWS\AUTOKMS\AUTOKMS.EXE, En cuarentena, 1000000, 0, 1.0.23670, 30D1255AC0E66A0EF32CC793, dds, 00715027

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support:  //https//wwwmalwarebytescom/support//
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-11-2020
# Duration: 00:00:03
# OS:       Windows 10 Pro
# Cleaned:  6
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\duba.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\wwwdubacom
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\xinwendubacom
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\duba.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\wwwdubacom
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\xinwendubacom

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3899 octets] - [11/04/2020 19:05:28]
AdwCleaner[C00].txt - [3723 octets] - [11/04/2020 19:07:37]
AdwCleaner[S01].txt - [2852 octets] - [09/05/2020 16:44:28]
AdwCleaner[C01].txt - [2932 octets] - [09/05/2020 16:45:03]
AdwCleaner[S02].txt - [2974 octets] - [11/05/2020 09:59:44]
indows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\.pcb]
@="PCBFile"

[HKEY_CLASSES_ROOT\.wll]
@="Word.Addin.8"

[HKEY_CLASSES_ROOT\apkfile]

[HKEY_CLASSES_ROOT\apkfile\shell]

[HKEY_CLASSES_ROOT\ldmnq.apk]

[HKEY_CLASSES_ROOT\ldmnq.apk\Shell]

[HKEY_CLASSES_ROOT\ldmnq.ldbk]

[HKEY_CLASSES_ROOT\ldmnq.ldbk\Shell]

[HKEY_CLASSES_ROOT\MemuHyperv.MemuHyperv]
@="MemuHyperv Class"

[HKEY_CLASSES_ROOT\MemuHyperv.MemuHyperv\CLSID]
@="{b1a7a4f2-47b9-4a1e-82b2-07ccd5323c3a}"

[HKEY_CLASSES_ROOT\MemuHyperv.MemuHyperv\CurVer]
@="MemuHyperv.MemuHyperv.1"

[HKEY_CLASSES_ROOT\MemuHyperv.MemuHyperv.1]
@="MemuHyperv Class"

[HKEY_CLASSES_ROOT\MemuHyperv.MemuHyperv.1\CLSID]
@="{b1a7a4f2-47b9-4a1e-82b2-07ccd5323c3a}"

[HKEY_CLASSES_ROOT\MemuHyperv.MemuHypervClient]
@="MemuHypervClient Class"

[HKEY_CLASSES_ROOT\MemuHyperv.MemuHypervClient\CLSID]
@="{dd3fc71d-26c0-4fe1-bf6f-67f633265bb1}"

Hola

Como sigue el problema.

Un saludo

aun me sigue direccionando a esa pagina. alguna otra herramienta ?

Hola

Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus

Descarga Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura (32 o 64bits) de tu equipo. :arrow_right: Como saber si Mi Windows es de 32 o 64 Bits ?.

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-05-2020
Ran by Usuario (administrator) on DESKTOP-5HKBV0U (11-05-2020 22:04:12)
Running from C:\Users\Usuario\Downloads
Loaded Profiles: Usuario
Platform: Windows 10 Pro Version 1903 18362.778 (X64) Language: Inglés (Estados Unidos)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(ABBYY PRODUCTION LLC -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BlueStack Systems, Inc. -> BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Cole Williams Software Limited -> ) C:\Windows\SysWOW64\Codecs\TrayMenu.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mega Limited -> Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Usuario\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Usuario\AppData\Local\Microsoft\Teams\current\Teams.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12624.20368.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12624.20368.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12005.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mixbyte Inc -> Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <9>
(OOO "XMAC" -> ) C:\Users\Usuario\AppData\Roaming\Honeygain\Honeygain.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\ProgramData\Wondershare\Service\InstallAssistService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-09-17] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302392 2020-03-28] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Share-to-Web Namespace Daemon] => C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard) [File not signed]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [1348176 2012-09-20] (ABBYY PRODUCTION LLC -> ABBYY)
HKU\S-1-5-21-498946065-1840606481-2339772968-1001\...\Run: [Window Hide Tool] => C:\Program Files (x86)\Window Hide Tool\Window Hide Tool.exe [307200 2008-01-18] (FOMINE SOFTWARE) [File not signed]
HKU\S-1-5-21-498946065-1840606481-2339772968-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-03-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-498946065-1840606481-2339772968-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2020-03-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-498946065-1840606481-2339772968-1001\...\Run: [GoogleChromeAutoLaunch_CF0D12F859BF15DAB73FDD0B7E1E013D] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-498946065-1840606481-2339772968-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Usuario\AppData\Local\Microsoft\Teams\Update.exe [2339472 2020-05-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-498946065-1840606481-2339772968-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [27775672 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-498946065-1840606481-2339772968-1001\...\MountPoints2: {02666420-e515-11e8-8ad8-7085c240164f} - "F:\win32/Launcher.exe" 
HKU\S-1-5-21-498946065-1840606481-2339772968-1001\...\MountPoints2: {5f468811-0fb4-11ea-8b4d-20e71701fc5e} - "E:\KODAK_Camera_Setup_App.exe" 
HKU\S-1-5-21-498946065-1840606481-2339772968-1001\...\MountPoints2: {6aa62564-3ec8-11e9-8afa-20e71701fc5e} - "E:\HiSuiteDownLoader.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-21] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2019-09-15]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe (Cole Williams Software Limited -> )
Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HoneygainUpdater.lnk [2020-03-29]
ShortcutTarget: HoneygainUpdater.lnk -> C:\Users\Usuario\AppData\Roaming\Honeygain\HoneygainUpdater.exe (OOO "XMAC" -> Honeygain)
Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-08-22]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {051506AD-83E2-4BE0-BE0F-AEEA2F156ABA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [171344 2020-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {10E846BC-31CA-4658-B42A-9DC9C55FAF0A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [23571128 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {13C05F05-4599-4D5F-B175-176B2F9E6EBA} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-498946065-1840606481-2339772968-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [615160 2020-03-18] (Mega Limited -> Mega Limited)
Task: {194A31FB-3C61-47FD-B79E-42216D4B5E4A} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {19E2640A-56C7-4503-9A31-A4C3F9D29AB5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [127176 2020-05-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {1C140D8A-796F-4E1F-B36E-433E3EFB25D2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_Plugin.exe [1458232 2020-04-14] (Adobe Inc. -> Adobe)
Task: {1E33C08C-7F79-4EAD-A378-99124A0EDC53} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {37E844CC-49B9-4AFB-A829-1255D1400271} - System32\Tasks\ESET Windows 10 upgrade – Perform upgrade => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 6.0\upgrade.exe [585608 2020-02-26] (ESET, spol. s r.o. -> ESET)
Task: {3C581029-3E00-465B-B2D5-670EFC2CF4FF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {444112FC-6175-40D1-86BE-844613372442} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [68280 2019-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {4AFE586E-8791-4E69-B27B-4B16E75CDB4C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1723392 2019-08-27] () [File not signed]
Task: {6BE13367-EFD9-49E0-8FDE-7BB3C0DFBA5E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [171344 2020-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {9AA8D35D-9A65-4315-A890-2B21EAD32DCB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23772528 2020-04-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9A4FC57-2F04-4A33-B299-0B4D3F699CE2} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 6.0\upgrade.exe [585608 2020-02-26] (ESET, spol. s r.o. -> ESET)
Task: {C90E4E41-6B30-4A7B-B384-B694D0D6A8C0} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61112 2019-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {C9ACEF97-1E9B-4995-BBCE-246E0E7EA2EC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6122400 2020-05-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {C9FEC3CC-2E8A-4616-A31B-61D7A62A092E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-19] (Adobe Inc. -> Adobe)
Task: {CB68BFE0-A4E5-40DB-B966-5B4969DEF83B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-03-22] (Apple Inc. -> Apple Inc.)
Task: {D46A2EF8-255F-4420-8510-208E844FB5ED} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-19] (Adobe Inc. -> Adobe)
Task: {E0C875B9-42F7-48E7-B4D8-1B7718CE0DC8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23772528 2020-04-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {E8A904DD-C2AD-43A5-B5CB-64E7E7C0362C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6122400 2020-05-01] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1         app.drivereasy.com
Tcpip\..\Interfaces\{3aa6748a-47fc-4620-9836-f0bc6f4c960f}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ba1df194-c069-43bb-88bb-b8820e717247}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{eeb52c5c-7bcb-482c-ba23-c6513f941c01}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-498946065-1840606481-2339772968-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-498946065-1840606481-2339772968-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-498946065-1840606481-2339772968-1001 -> {44177982-996D-4b79-B29F-5B60E13A5169} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=98012088_4_dg&ch=2&ie=utf-8
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2020-05-01] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-05-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-05-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-05-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-05-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-05-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-05-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-05-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-05-01] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: trr6gwnt.default
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\trr6gwnt.default [2020-05-11]
FF NewTab: Mozilla\Firefox\Profiles\trr6gwnt.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10092__191122
FF Notifications: Mozilla\Firefox\Profiles\trr6gwnt.default -> hxxps://mail.yahoo.com; hxxps://www.instagram.com
FF Extension: (Video DownloadHelper) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\trr6gwnt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-03-30]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2019-11-29] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_363.dll [2020-04-14] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_363.dll [2020-04-14] (Adobe Inc. -> )
FF Plugin-x32: @kingsfot.com/npkws -> c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-498946065-1840606481-2339772968-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Usuario\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-09] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2020-05-11]
CHR DownloadDir: C:\Users\Usuario\Downloads
CHR Notifications: Default -> hxxps://adbull.co; hxxps://adshort.club; hxxps://adshort.tech; hxxps://depositfiles.org; hxxps://keepvid.pro; hxxps://maranhesduve.club; hxxps://nomada.gt; hxxps://openload.co; hxxps://propu.sh; hxxps://py0u.edchargina.pro; hxxps://twitter.com; hxxps://ww1.ouo.today; hxxps://www.animehdl.net; hxxps://www.crehana.com; hxxps://www.instagram.com; hxxps://www.y2mate.com; hxxps://www1.bethanyharrell.pro; hxxps://www1.debrahinton.pro; hxxps://www1.ecleneue.com; hxxps://www1.sherwoodsutton.pro; hxxps://www1a.debrahinton.pro; hxxps://www1a.sherwoodsutton.pro; hxxps://www1p.ramirocampos.pro
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com.gt/"
CHR DefaultSearchURL: Default -> hxxps://www.facebook.com/search/top/?q={searchTerms}&opensearch=1
CHR DefaultSearchKeyword: Default -> facebook.com
CHR DefaultSuggestURL: Default -> hxxps://www.facebook.com/search/opensearch/suggestions/?q={searchTerms}
CHR Extension: (Presentaciones) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-28]
CHR Extension: (Duolingo en la web) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2020-05-02]
CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-28]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-28]
CHR Extension: (DownAlbum) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2020-04-12]
CHR Extension: (Swap My Cookies) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\dffhipnliikkblkhpjapbecpmoilcama [2020-05-02]
CHR Extension: (Daum Equation Editor) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinfmiceliiomokeofbocegmacmagjhe [2020-05-02]
CHR Extension: (PocketSmith - Personal Cashflow Forecasting) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpacaoamfanlmkfcalnbbcdbmfcmclf [2020-05-02]
CHR Extension: (Video Downloader professional) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2019-12-25]
CHR Extension: (Hojas de cálculo) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-28]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (Unblock any site - Hola Free VPN) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2020-05-10]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2020-05-02]
CHR Extension: (Redirect) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokpkalabgohhkgejegabmcacleccdgi [2020-05-02]
CHR Extension: (DotVPN — a Better way to VPN) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2020-05-02]
CHR Extension: (Video DownloadHelper) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2020-04-02]
CHR Extension: (SessionBox - Free multi login to any website) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\megbklhjamjbcafknkgmokldgolkdfig [2020-01-19]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (Cacoo - Diagramación & Colaboración en tiempo real) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcflmbddgcmomcfngehfhlajjapabojh [2020-05-02]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-22]
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-05-11]
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-05-11]
CHR Extension: (Presentaciones) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-22]
CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-22]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-02-22]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-22]
CHR Extension: (Tampermonkey) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-02-22]
CHR Extension: (Hojas de cálculo) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-22]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-02-22]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-02-22]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-22]
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-11]
CHR HKU\S-1-5-21-498946065-1840606481-2339772968-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [821840 2012-07-19] (ABBYY PRODUCTION LLC -> ABBYY)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atiesrxx.exe [508008 2019-09-18] (Advanced Micro Devices, Inc. -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-03-12] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10610544 2020-04-30] (Microsoft Corporation -> Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1329304 2012-11-26] (ESET, spol. s r.o. -> ESET)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-09-05] (Mixbyte Inc -> Freemake)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-11] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5930136 2020-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [230176 2020-01-16] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atikmdag.sys [55249512 2019-09-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atikmpag.sys [595048 2019-09-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [107496 2018-05-27] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-03-26] (Bluestack Systems, Inc -> Bluestack System Inc. )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-24] (Microsoft Corporation) [File not signed]
S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [211344 2012-10-08] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [149592 2012-10-08] (ESET, spol. s r.o. -> ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [138744 2012-10-08] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-05-11] (Malwarebytes Corporation -> Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 LdBoxDrv; C:\Program Files\dnplayerext2\LdBoxDrv.sys [312496 2020-01-22] (Microsoft Windows Hardware Compatibility Publisher -> Oracle Corporation)
S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [12800 2010-06-03] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-05-11] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-05-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-05-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73368 2020-05-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-05-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [125088 2020-05-11] (Malwarebytes Inc -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2019-03-18] (Microsoft Windows -> MediaTek Inc.)
S3 nmwcd; C:\WINDOWS\system32\drivers\ccdcmbx64.sys [19968 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\WINDOWS\system32\drivers\ccdcmbox64.sys [27136 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsucx64; C:\WINDOWS\system32\drivers\nmwcdnsucx64.sys [12800 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsux64; C:\WINDOWS\system32\drivers\nmwcdnsux64.sys [171008 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-08-19] (Realtek Semiconductor Corp -> Realtek )
S3 upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbbus; C:\WINDOWS\System32\drivers\lgx64bus.sys [17920 2012-03-02] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\system32\DRIVERS\lgx64diag.sys [28160 2012-03-02] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\system32\DRIVERS\lgx64modem.sys [34816 2012-03-02] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2018-05-05] (VMware, Inc. -> VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-10-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [351968 2019-10-28] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-28] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-11 22:03 - 2020-05-11 22:03 - 002285568 _____ (Farbar) C:\Users\Usuario\Downloads\FRST64.exe
2020-05-11 21:58 - 2020-05-11 22:00 - 119799627 _____ C:\Users\Usuario\Downloads\CATALOGO MAYO MODA BAJA.zip
2020-05-11 21:57 - 2020-05-11 21:57 - 045204494 _____ C:\Users\Usuario\Downloads\CATALOGO COSMETICS MAYO20 WH.pdf
2020-05-11 18:47 - 2020-05-11 18:49 - 004319302 _____ C:\Users\Usuario\Downloads\Médicos del Hospital de Villa Nueva en conferencia de Presa .mp4
2020-05-11 11:12 - 2020-05-11 11:12 - 002475393 _____ C:\Users\Usuario\Downloads\97745548_1599315526901383_5812222761561792072_n.mp4
2020-05-11 10:41 - 2020-05-11 10:41 - 001032775 _____ C:\Users\Usuario\Downloads\Historias • Instagram (38).mp4
2020-05-11 10:40 - 2020-05-11 10:40 - 001165067 _____ C:\Users\Usuario\Downloads\97577589_258028262013665_761178314612800747_n.mp4
2020-05-11 10:32 - 2020-05-11 10:32 - 000148586 _____ C:\Users\Usuario\Desktop\cc_20200511_103203.reg
2020-05-11 10:21 - 2020-05-11 10:21 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-05-11 10:21 - 2020-05-11 10:21 - 000002892 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-05-11 10:17 - 2020-05-11 10:18 - 025306568 _____ (Piriform Software Ltd) C:\Users\Usuario\Downloads\cctrialsetup.exe
2020-05-11 10:02 - 2020-05-11 10:02 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-05-11 10:02 - 2020-05-11 10:02 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-05-11 10:02 - 2020-05-11 10:02 - 000125088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-05-11 10:02 - 2020-05-11 10:02 - 000073368 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-05-11 09:37 - 2020-05-11 09:37 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-05-11 09:37 - 2020-05-11 09:37 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-05-11 09:37 - 2020-05-11 09:37 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-05-11 09:37 - 2020-05-11 09:37 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-05-11 09:36 - 2020-05-11 09:36 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-05-11 09:36 - 2020-05-11 09:36 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-05-11 09:36 - 2020-05-11 09:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-11 09:26 - 2020-05-11 09:26 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbamtray
2020-05-11 09:26 - 2020-05-11 09:26 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbam
2020-05-11 09:24 - 2020-05-11 09:24 - 008196784 _____ (Malwarebytes) C:\Users\Usuario\Downloads\adwcleaner_8.0.4.exe
2020-05-11 09:23 - 2020-05-11 09:23 - 001980016 _____ (Malwarebytes) C:\Users\Usuario\Downloads\MBSetup.exe
2020-05-11 09:23 - 2020-05-11 09:23 - 000000000 ____D C:\Program Files\Malwarebytes
2020-05-11 09:02 - 2020-05-11 09:07 - 000051820 _____ C:\Users\Usuario\Downloads\Addition.txt
2020-05-11 08:58 - 2020-05-11 22:07 - 000035863 _____ C:\Users\Usuario\Downloads\FRST.txt
2020-05-11 08:58 - 2020-05-11 22:06 - 000000000 ____D C:\FRST
2020-05-11 08:56 - 2020-05-11 08:57 - 002285568 _____ (Farbar) C:\Users\Usuario\Downloads\FRST64 (1).exe
2020-05-11 08:56 - 2020-05-11 08:56 - 002285568 _____ (Farbar) C:\Users\Usuario\Downloads\Sin confirmar 651896.crdownload
2020-05-10 22:41 - 2020-05-10 22:41 - 000421639 _____ C:\Users\Usuario\Downloads\Le ha salido mal la broma....mp4
2020-05-10 21:49 - 2020-05-10 21:49 - 001549976 _____ C:\Users\Usuario\Downloads\Historias • Instagram (37).mp4
2020-05-10 11:34 - 2020-05-10 11:34 - 001453922 _____ C:\Users\Usuario\Downloads\ANDREA VARGAS R.  (1).zip
2020-05-10 11:29 - 2020-05-10 11:29 - 006660786 _____ C:\Users\Usuario\Downloads\JACKY MEN.  (1).zip
2020-05-10 11:23 - 2020-05-10 11:23 - 001453922 _____ C:\Users\Usuario\Downloads\ANDREA VARGAS R. .zip
2020-05-10 11:16 - 2020-05-10 11:16 - 004944904 _____ C:\Users\Usuario\Downloads\YOALY MONTOYA .zip
2020-05-10 11:14 - 2020-05-10 11:14 - 002236630 _____ C:\Users\Usuario\Downloads\KARLA REYES .zip
2020-05-10 10:24 - 2020-05-10 10:24 - 000273020 _____ C:\Users\Usuario\Downloads\facutra.pdf
2020-05-10 09:13 - 2020-05-10 09:13 - 000107714 _____ C:\Users\Usuario\Downloads\Historias • Instagram (36).mp4
2020-05-08 21:17 - 2020-05-08 21:17 - 000080223 _____ C:\Users\Usuario\Downloads\0492_001.pdf
2020-05-08 20:43 - 2020-05-08 20:43 - 000068246 _____ C:\Users\Usuario\Downloads\WhatsApp Image 2020-05-08 at 18.57.04(1).jpeg
2020-05-08 20:43 - 2020-05-08 20:43 - 000050895 _____ C:\Users\Usuario\Downloads\WhatsApp Image 2020-05-08 at 18.57.04.jpeg
2020-05-08 19:32 - 2020-05-08 19:32 - 015557334 _____ C:\Users\Usuario\Desktop\demostración histogramas y polígonos de frecuencia excel parte 2.mp4
2020-05-08 19:32 - 2020-05-08 19:32 - 014833030 _____ C:\Users\Usuario\Desktop\demostración histogramas y polígonos de frecuencia excel parte 1.mp4
2020-05-08 19:27 - 2020-05-08 19:28 - 030437704 _____ C:\Users\Usuario\Downloads\demostración histogramas y polígonos de frecuencia excel.mp4
2020-05-08 19:26 - 2020-05-08 19:26 - 001748100 _____ C:\Users\Usuario\Downloads\ESTADÍSTICA GENERAL SESIÓN 3 Y 4.pdf
2020-05-08 09:15 - 2020-05-08 09:15 - 002229534 _____ C:\Users\Usuario\Downloads\LaBarraAceitecoco.pdf
2020-05-07 12:12 - 2020-05-07 12:12 - 001043977 _____ C:\Users\Usuario\Downloads\Instagram.mp4
2020-05-06 22:12 - 2020-05-06 22:17 - 233052591 _____ C:\Users\Usuario\Downloads\No vamos a parar de demostrar que SÍ es posible construir un.mp4
2020-05-06 19:57 - 2020-05-06 19:57 - 000125395 _____ C:\Users\Usuario\Downloads\El consumidor y su comportamiento de compra.pdf
2020-05-06 19:54 - 2020-05-06 19:54 - 016176670 _____ C:\Users\Usuario\Downloads\mankiw-principios-eco-ed6.pdf
2020-05-06 12:11 - 2020-05-06 12:13 - 123642628 _____ C:\Users\Usuario\Downloads\Una publicación de Educación Continua el Hoy (3).mp4
2020-05-06 11:22 - 2020-05-06 11:23 - 045602163 _____ C:\Users\Usuario\Downloads\Una publicación de Educación Continua el Hoy (2).mp4
2020-05-06 11:16 - 2020-05-06 11:16 - 001239248 _____ C:\Users\Usuario\Downloads\Historias • Instagram (35).mp4
2020-05-06 10:55 - 2020-05-06 10:56 - 000961372 _____ C:\Users\Usuario\Downloads\Historias • Instagram (34).mp4
2020-05-06 10:42 - 2020-05-06 10:42 - 000817641 _____ C:\Users\Usuario\Downloads\05-05-2020-20.24.30(2).pdf
2020-05-06 10:42 - 2020-05-06 10:42 - 000704112 _____ C:\Users\Usuario\Downloads\05-05-2020-20.18.17(2).pdf
2020-05-06 10:39 - 2020-05-06 10:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-05-06 10:19 - 2020-05-06 10:19 - 000307706 _____ C:\Users\Usuario\Downloads\EJEMPLO REGISTRO SEMANAL DE ACTIVIDADES ACADEMICAS.pdf
2020-05-05 22:33 - 2020-05-05 22:33 - 011847054 _____ C:\Users\Usuario\Downloads\NotiCleire mayo 2020 WH.pdf
2020-05-05 22:08 - 2020-05-05 22:08 - 017132587 _____ C:\Users\Usuario\Downloads\CATALOGO MAYO MODA BAJA.pdf
2020-05-05 21:53 - 2020-05-05 21:56 - 007312622 _____ C:\Users\Usuario\Downloads\TERRIBLE LO QUE SE VIENE HERMANOS....mp4
2020-05-05 21:35 - 2020-05-11 21:50 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-05-05 14:42 - 2020-05-05 14:42 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ABBYY
2020-05-05 14:20 - 2020-05-05 14:20 - 000002907 _____ C:\Users\Public\Desktop\ABBYY FineReader 11.lnk
2020-05-05 14:20 - 2020-05-05 14:20 - 000002907 _____ C:\ProgramData\Desktop\ABBYY FineReader 11.lnk
2020-05-05 14:20 - 2020-05-05 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11
2020-05-05 14:15 - 2020-05-06 10:20 - 000000000 ____D C:\Users\Usuario\AppData\Local\ABBYY
2020-05-05 14:15 - 2020-05-05 14:24 - 000000000 ____D C:\Program Files (x86)\ABBYY FineReader 11
2020-05-05 14:15 - 2020-05-05 14:15 - 000000000 ____D C:\ProgramData\ABBYY
2020-05-05 14:08 - 2020-05-11 10:23 - 000000000 ____D C:\Temp
2020-05-04 20:51 - 2020-05-04 20:54 - 165969907 _____ C:\Users\Usuario\Downloads\Invitados a acompañarnos en la Conferencia virtual sobre DER.mp4
2020-05-04 17:31 - 2020-05-04 17:31 - 002190483 _____ C:\Users\Usuario\Downloads\Historias • Instagram (32).mp4
2020-05-04 17:31 - 2020-05-04 17:31 - 001826876 _____ C:\Users\Usuario\Downloads\Historias • Instagram (31).mp4
2020-05-04 17:31 - 2020-05-04 17:31 - 001686262 _____ C:\Users\Usuario\Downloads\Historias • Instagram (33).mp4
2020-05-04 17:30 - 2020-05-04 17:31 - 013018818 _____ C:\Users\Usuario\Downloads\League of angels heaven's fury mafia ad (thats how mafia works).mp4
2020-05-04 17:29 - 2020-05-04 17:29 - 001477025 _____ C:\Users\Usuario\Downloads\Historias • Instagram (29).mp4
2020-05-04 17:29 - 2020-05-04 17:29 - 001258370 _____ C:\Users\Usuario\Downloads\Historias • Instagram (30).mp4
2020-05-04 17:28 - 2020-05-04 17:28 - 001342139 _____ C:\Users\Usuario\Downloads\Historias • Instagram (27).mp4
2020-05-04 17:28 - 2020-05-04 17:28 - 001154202 _____ C:\Users\Usuario\Downloads\Historias • Instagram (28).mp4
2020-05-04 17:28 - 2020-05-04 17:28 - 001036343 _____ C:\Users\Usuario\Downloads\Historias • Instagram (26).mp4
2020-05-04 17:28 - 2020-05-04 17:28 - 001011157 _____ C:\Users\Usuario\Downloads\Historias • Instagram (25).mp4
2020-05-04 16:06 - 2020-05-04 16:06 - 000149453 _____ C:\Users\Usuario\Downloads\Xerox Scan_27042020104115.pdf.pdf
2020-05-04 16:06 - 2020-05-04 16:06 - 000149453 _____ C:\Users\Usuario\Downloads\Xerox Scan_27042020104115.pdf (1).pdf
2020-05-04 12:04 - 2020-05-04 12:04 - 033610217 _____ C:\Users\Usuario\Downloads\Una publicación de Educación Continua el Hoy (1).mp4
2020-05-04 11:43 - 2020-05-04 11:44 - 042920790 _____ C:\Users\Usuario\Downloads\Una publicación de Educación Continua el Hoy.mp4
2020-05-03 17:47 - 2020-05-03 17:50 - 005449744 _____ C:\Users\Usuario\Downloads\Así eran los memes durante la peste negra 🐀🦠.mp4
2020-05-03 17:46 - 2020-05-03 17:48 - 002940864 _____ C:\Users\Usuario\Downloads\Y después dicen que La Patria del Criollo son ficciones. Así.mp4
2020-05-03 12:43 - 2020-05-03 12:43 - 001402068 _____ C:\Users\Usuario\Downloads\Facebook Watch (14).mp4
2020-05-03 09:35 - 2020-05-03 09:36 - 019629455 _____ C:\Users\Usuario\Downloads\Facebook Watch (13).mp4
2020-05-03 07:19 - 2020-05-03 07:19 - 001009090 _____ C:\Users\Usuario\Downloads\DENİZ (@liseli_denizz_bal) • Fotos y vídeos de Instagram (3).mp4
2020-05-03 06:23 - 2020-05-03 06:23 - 002990689 _____ C:\Users\Usuario\Downloads\DENİZ (@liseli_denizz_bal) • Fotos y vídeos de Instagram (1).mp4
2020-05-03 06:23 - 2020-05-03 06:23 - 001419621 _____ C:\Users\Usuario\Downloads\DENİZ (@liseli_denizz_bal) • Fotos y vídeos de Instagram (2).mp4
2020-05-03 06:23 - 2020-05-03 06:23 - 000636546 _____ C:\Users\Usuario\Downloads\DENİZ (@liseli_denizz_bal) • Fotos y vídeos de Instagram.mp4
2020-05-02 21:49 - 2020-05-02 21:49 - 001267689 _____ C:\Users\Usuario\Downloads\Historias • Instagram (24).mp4
2020-05-01 18:50 - 2020-05-01 22:25 - 000017691 _____ C:\Users\Usuario\Downloads\null.xls
2020-05-01 06:58 - 2020-05-01 06:58 - 000064585 _____ C:\Users\Usuario\Downloads\72ad9d01-dcd9-489e-8892-09a50a2611d2.pdf
2020-04-30 18:21 - 2020-04-30 18:21 - 001354930 _____ C:\Users\Usuario\Downloads\INT Manuales de Administracin Financiera Integrada Municipal (1).pdf
2020-04-30 17:04 - 2020-04-30 17:04 - 003117077 _____ C:\Users\Usuario\Downloads\CHIKY PÉREZ(@chikyperez93) TikTok (1).mp4
2020-04-30 17:04 - 2020-04-30 17:04 - 003042578 _____ C:\Users\Usuario\Downloads\CHIKY PÉREZ(@chikyperez93) TikTok (4).mp4
2020-04-30 17:04 - 2020-04-30 17:04 - 001098692 _____ C:\Users\Usuario\Downloads\CHIKY PÉREZ(@chikyperez93) TikTok (3).mp4
2020-04-30 17:04 - 2020-04-30 17:04 - 000828657 _____ C:\Users\Usuario\Downloads\CHIKY PÉREZ(@chikyperez93) TikTok (2).mp4
2020-04-30 17:04 - 2020-04-30 17:04 - 000675764 _____ C:\Users\Usuario\Downloads\CHIKY PÉREZ(@chikyperez93) TikTok (5).mp4
2020-04-30 16:36 - 2020-04-30 16:36 - 000117682 _____ C:\Users\Usuario\Downloads\POSIBLES RUTAS DE UN INFORME DE AUDITORÃ_A POWER POINT.pptx
2020-04-30 16:36 - 2020-04-30 16:36 - 000117682 _____ C:\Users\Usuario\Downloads\POSIBLES RUTAS DE UN INFORME DE AUDITORÃ_A POWER POINT(1).pptx
2020-04-30 09:39 - 2020-04-30 09:39 - 000008681 _____ C:\Users\Usuario\Documents\ricardo hijo.xlsx
2020-04-30 09:36 - 2020-04-30 09:36 - 000745741 _____ C:\Users\Usuario\Downloads\melek (@liseli_melekk) • Fotos y vídeos de Instagram.mp4
2020-04-30 09:28 - 2020-04-30 09:28 - 002058451 _____ C:\Users\Usuario\Downloads\Historias • Instagram (23).mp4
2020-04-30 09:28 - 2020-04-30 09:28 - 001247207 _____ C:\Users\Usuario\Downloads\Historias • Instagram (22).mp4
2020-04-30 08:19 - 2020-04-30 08:19 - 000359114 _____ C:\Users\Usuario\Downloads\resolución ejercicio 1 tarea 2.xlsx
2020-04-30 08:12 - 2020-04-30 08:12 - 000000000 ____D C:\Users\Usuario\Downloads\Documentos_de_(_mdja01_)_Sistema_Integrado_de_Admi...acion_Financiera_en_Los_Diferentes_Sectores_de_Gob
2020-04-30 08:12 - 2020-04-30 08:12 - 000000000 ____D C:\Users\Usuario\Downloads\_dotlrn-fs.Handouts_
2020-04-30 06:16 - 2020-04-30 06:16 - 000058964 _____ C:\Users\Usuario\Downloads\df176a08-f941-4dfa-9b73-a20ba4210e32 (2).pdf
2020-04-30 06:16 - 2020-04-30 06:16 - 000058917 _____ C:\Users\Usuario\Downloads\bfb5e54b-5b79-4794-a3e2-8f30a1f64261.pdf
2020-04-30 06:12 - 2020-04-30 06:12 - 000058960 _____ C:\Users\Usuario\Downloads\88088b90-34fe-4fbc-85b9-e0f186892135.pdf
2020-04-30 06:11 - 2020-04-30 06:11 - 001354930 _____ C:\Users\Usuario\Downloads\INT Manuales de Administracin Financiera Integrada Municipal.pdf
2020-04-30 05:24 - 2020-04-30 05:24 - 016652400 _____ C:\Users\Usuario\Downloads\Documentos_de_(_mdja01_)_Sistema_Integrado_de_Admi...acion_Financiera_en_Los_Diferentes_Sectores_de_Gob.zip
2020-04-30 05:24 - 2020-04-30 05:24 - 010044296 _____ C:\Users\Usuario\Downloads\_dotlrn-fs.Handouts_.zip
2020-04-30 05:21 - 2020-04-30 05:21 - 000000000 ____D C:\Users\Usuario\Downloads\_dotlrn-fs.Lecture_Notes_
2020-04-30 05:20 - 2020-04-30 05:21 - 016358026 _____ C:\Users\Usuario\Downloads\_dotlrn-fs.Lecture_Notes_.zip
2020-04-30 04:57 - 2020-04-30 04:57 - 000059743 _____ C:\Users\Usuario\Downloads\cee422a9-74f1-4792-b807-226b2c50177c.pdf
2020-04-29 18:59 - 2020-04-29 18:59 - 000004502 _____ C:\Users\Usuario\Downloads\NIT-5205816-PER-marzo de 2020-COD-SAT-2046-NO.-27629150806-Constancia.pdf
2020-04-29 18:57 - 2020-04-29 18:57 - 000004507 _____ C:\Users\Usuario\Downloads\NIT-76164136-PER-marzo de 2020-COD-SAT-2046-NO.-27629079973-Constancia.pdf
2020-04-29 11:27 - 2018-09-04 13:13 - 015386932 _____ C:\Users\Usuario\Desktop\nicozon player(2).mp4
2020-04-29 08:17 - 2020-04-29 08:17 - 000035270 _____ C:\Users\Usuario\Downloads\receipt_1e0b2cc5-b249-4321-a184-13ad90cd0ab0.pdf
2020-04-27 22:39 - 2020-04-27 22:40 - 001329118 _____ C:\Users\Usuario\Downloads\Facebook Watch (12).mp4
2020-04-27 20:24 - 2020-04-27 20:24 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2020-04-27 20:24 - 2020-04-27 20:24 - 000001816 _____ C:\ProgramData\Desktop\iTunes.lnk
2020-04-27 20:24 - 2020-04-27 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-04-27 20:24 - 2020-04-27 20:24 - 000000000 ____D C:\Program Files\iPod
2020-04-27 20:22 - 2020-04-27 20:24 - 000000000 ____D C:\Program Files\iTunes
2020-04-27 19:17 - 2020-04-27 19:19 - 003761192 _____ C:\Users\Usuario\Downloads\No veo la hora de que todas hagan ese reto....mp4
2020-04-27 18:53 - 2020-04-27 18:53 - 000059565 _____ C:\Users\Usuario\Downloads\e3de9421-0809-46de-a76e-e137064f3fc1(2).pdf
2020-04-27 18:53 - 2020-04-27 18:53 - 000059565 _____ C:\Users\Usuario\Downloads\e3de9421-0809-46de-a76e-e137064f3fc1(1).pdf
2020-04-27 18:21 - 2020-04-27 18:21 - 000059565 _____ C:\Users\Usuario\Downloads\e3de9421-0809-46de-a76e-e137064f3fc1.pdf
2020-04-27 18:12 - 2020-04-27 18:12 - 000050055 _____ C:\Users\Usuario\Downloads\Actividad 3 - Excel en la oficina.xlsx
2020-04-27 15:26 - 2020-04-27 15:26 - 001500500 _____ C:\Users\Usuario\Downloads\CamScanner 04-19-2020 18.58.52_20200419185933.pdf
2020-04-26 11:08 - 2020-04-26 11:08 - 000082776 _____ (Zoom Video Communications, Inc.) C:\Users\Usuario\Downloads\Zoom_cm_fo42lnktZ9vvrZo4_mupckc-qprzMqHNHODAJovRMV7Tm0y6HZDS4t_k28b19f87a5fcb937_.exe
2020-04-25 23:16 - 2020-04-25 23:17 - 000544063 _____ C:\Users\Usuario\Downloads\Facebook Watch (11).mp4
2020-04-25 21:29 - 2020-04-25 21:29 - 014529759 _____ C:\Users\Usuario\Downloads\Untitled_4.zip
2020-04-25 21:15 - 2020-04-25 21:18 - 017686387 _____ C:\Users\Usuario\Downloads\Pack-Criisthinavalle.zip
2020-04-25 21:15 - 2020-04-25 21:18 - 017686387 _____ C:\Users\Usuario\Downloads\Pack-Criisthinavalle (1).zip
2020-04-25 21:11 - 2020-04-25 21:11 - 005060342 _____ C:\Users\Usuario\Downloads\ALEJANDRA RIOS (1).zip
2020-04-25 21:08 - 2020-04-25 21:08 - 006843139 _____ C:\Users\Usuario\Downloads\EBI MARTINEZ  (1).zip
2020-04-25 12:02 - 2020-04-25 12:03 - 027119015 _____ C:\Users\Usuario\Downloads\MEME NEGROS BAILANDO CON ATAUD.mp4
2020-04-25 11:37 - 2020-04-25 11:37 - 013977247 _____ C:\Users\Usuario\Downloads\video (1).mp4
2020-04-25 11:00 - 2020-04-25 11:00 - 000070020 _____ C:\Users\Usuario\Downloads\(4) Boris Cerra en Twitter Que Trump les manda a decir que n.mp4
2020-04-24 22:50 - 2020-04-24 22:50 - 000015617 _____ C:\Users\Usuario\Documents\viv.xlsx
2020-04-24 22:36 - 2020-04-24 22:37 - 003670501 _____ C:\Users\Usuario\Downloads\Junior Perez (1).mp4
2020-04-24 22:36 - 2020-04-24 22:36 - 002539164 _____ C:\Users\Usuario\Downloads\Junior Perez.mp4
2020-04-24 20:13 - 2020-04-24 20:13 - 001120008 _____ C:\Users\Usuario\Downloads\MloDH71D.mp4
2020-04-24 20:12 - 2020-04-24 20:12 - 004947634 _____ C:\Users\Usuario\Downloads\hF2W6KIO.mp4
2020-04-24 11:35 - 2020-04-24 11:35 - 000409652 _____ C:\Users\Usuario\Downloads\91138838_226472168723121_8490012877938229248_n.mp4
2020-04-24 11:32 - 2020-04-24 11:32 - 014776101 _____ C:\Users\Usuario\Downloads\video.mp4
2020-04-23 08:02 - 2020-04-30 22:07 - 000000000 ____D C:\Users\Usuario\Desktop\Ip web surf capturas prueba
2020-04-22 20:14 - 2020-04-22 20:14 - 000011079 _____ C:\Users\Usuario\Downloads\Actividad Clase 2.xlsx
2020-04-22 19:50 - 2020-04-22 19:50 - 000882435 _____ C:\Users\Usuario\Downloads\Historias • Instagram (21).mp4
2020-04-22 16:59 - 2020-04-22 16:59 - 002251964 _____ C:\Users\Usuario\Downloads\4SKlOv2d.mp4
2020-04-22 10:12 - 2020-04-22 10:12 - 000000000 ____D C:\Users\Usuario\Downloads\Musica Infantil - DJ VIRTUAL X
2020-04-22 09:57 - 2020-04-22 10:09 - 670698695 _____ C:\Users\Usuario\Downloads\Musica Infantil - DJ VIRTUAL X.rar
2020-04-21 22:23 - 2020-05-06 19:15 - 000002419 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-04-21 22:23 - 2020-05-06 19:15 - 000002411 _____ C:\Users\Usuario\Desktop\Microsoft Teams.lnk
2020-04-21 22:23 - 2020-04-21 22:24 - 000000000 ____D C:\Users\Usuario\AppData\Local\SquirrelTemp
2020-04-21 22:23 - 2020-04-21 22:23 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft Teams
2020-04-21 21:20 - 2020-04-21 21:22 - 097813672 _____ (Microsoft Corporation) C:\Users\Usuario\Downloads\Teams_windows_x64_s_8D7E66B89659177-7-0_.exe
2020-04-21 14:27 - 2020-04-21 14:27 - 000105781 _____ C:\Users\Usuario\Downloads\WhatsApp Image 2020-04-21 at 14.23.29 (1).jpeg
2020-04-21 14:27 - 2020-04-21 14:27 - 000103668 _____ C:\Users\Usuario\Downloads\WhatsApp Image 2020-04-21 at 14.23.29.jpeg
2020-04-21 14:27 - 2020-04-21 14:27 - 000097945 _____ C:\Users\Usuario\Downloads\WhatsApp Image 2020-04-21 at 14.23.30.jpeg
2020-04-21 12:22 - 2020-04-21 12:22 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2020-04-21 11:03 - 2020-04-21 11:03 - 001796381 _____ C:\Users\Usuario\Downloads\qfcPmX15.mp4
2020-04-20 22:49 - 2020-04-20 22:49 - 000900926 _____ C:\Users\Usuario\Downloads\wGCzNzrf.mp4
2020-04-20 21:47 - 2020-04-20 21:51 - 202741078 _____ C:\Users\Usuario\Downloads\Una publicación de LatinIuris el Hoy.mp4
2020-04-20 21:38 - 2020-04-20 21:38 - 001176263 _____ C:\Users\Usuario\Downloads\wb1PGki6.mp4
2020-04-20 18:06 - 2020-04-20 19:14 - 000219846 _____ C:\Users\Usuario\Downloads\Actividad 1 - Excel en la Oficina.xlsx
2020-04-19 19:07 - 2020-04-19 19:07 - 008811969 _____ C:\Users\Usuario\Downloads\zT0INt7c.mp4
2020-04-19 19:07 - 2020-04-19 19:07 - 005658213 _____ C:\Users\Usuario\Downloads\CbxhuRo6.mp4
2020-04-19 19:07 - 2020-04-19 19:07 - 004104104 _____ C:\Users\Usuario\Downloads\_lN5is7S.mp4
2020-04-19 16:04 - 2020-04-19 16:17 - 000004588 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-19 16:03 - 2020-05-06 20:19 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\IPweb Surf
2020-04-19 16:03 - 2020-04-21 17:05 - 000001979 _____ C:\Users\Usuario\Desktop\IPweb Surf.lnk
2020-04-19 16:03 - 2020-04-19 16:03 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\IPweb Surf
2020-04-19 12:02 - 2020-04-19 12:05 - 099515224 _____ () C:\Users\Usuario\Downloads\IPwebSurf_338.exe
2020-04-18 22:37 - 2020-04-25 10:53 - 000000000 ____D C:\Users\Usuario\Downloads\memes de la copa huelguera
2020-04-18 18:55 - 2020-04-18 18:55 - 000162514 _____ C:\Users\Usuario\Downloads\rossy_25710-Rosario Pacheco.html
2020-04-18 18:54 - 2020-04-18 18:55 - 000000000 ____D C:\Users\Usuario\Downloads\rossy_25710-Rosario Pacheco_files
2020-04-18 18:54 - 2020-04-18 18:54 - 000020792 _____ C:\Users\Usuario\Downloads\photos.html

primera parte


2020-04-18 18:41 - 2020-04-18 19:07 - 059005889 _____ C:\Users\Usuario\Downloads\Facebook Watch (10).mp4
2020-04-18 18:37 - 2020-04-18 18:37 - 000002073 _____ C:\Users\Usuario\Downloads\2290178148278992569.mpd
2020-04-18 18:32 - 2020-04-18 18:34 - 141951445 _____ C:\Users\Usuario\Downloads\¡Les damos la cordial bienvenida a la Conferencia Suspensión.mp4
2020-04-18 18:27 - 2020-04-18 18:27 - 000263397 _____ C:\Users\Usuario\Downloads\Historias • Instagram (20).mp4
2020-04-18 14:29 - 2020-04-18 14:29 - 003481054 _____ C:\Users\Usuario\Downloads\Historias • Instagram (19).mp4
2020-04-17 22:20 - 2020-04-17 22:27 - 337284218 _____ C:\Users\Usuario\Downloads\Llega Pumba-20200418T041652Z-001.zip
2020-04-17 22:02 - 2020-04-17 22:02 - 000371736 _____ C:\Users\Usuario\Downloads\rEL1Ul6+.mp4
2020-04-17 20:40 - 2020-04-17 20:40 - 005336430 _____ C:\Users\Usuario\Downloads\A6jyhqSg.mp4
2020-04-17 12:06 - 2020-04-17 12:06 - 001939710 _____ C:\Users\Usuario\Downloads\UcG6vpGj.mp4
2020-04-15 21:23 - 2020-04-15 21:55 - 073596928 _____ C:\Users\Usuario\Downloads\Facebook Watch (10).mp4.crdownload
2020-04-15 21:23 - 2020-04-15 21:39 - 034950273 _____ C:\Users\Usuario\Downloads\boda en san juan sacatepequez.mp4
2020-04-15 21:16 - 2020-04-15 21:17 - 002021903 _____ C:\Users\Usuario\Downloads\Facebook Watch (9).mp4
2020-04-15 21:12 - 2020-04-15 21:12 - 001111274 _____ C:\Users\Usuario\Downloads\92355692_153024372703115_3632366930981308708_n.mp4
2020-04-15 20:57 - 2020-04-15 20:57 - 000793321 _____ C:\Users\Usuario\Downloads\Historias • Instagram (17).mp4
2020-04-15 20:57 - 2020-04-15 20:57 - 000707851 _____ C:\Users\Usuario\Downloads\Historias • Instagram (18).mp4
2020-04-15 20:57 - 2020-04-15 20:57 - 000180501 _____ C:\Users\Usuario\Downloads\Historias • Instagram (16).mp4
2020-04-15 13:03 - 2020-04-15 13:03 - 000941848 _____ C:\Users\Usuario\Downloads\93569446_162276425045765_3958147085778281468_n.mp4
2020-04-15 13:01 - 2020-04-15 13:01 - 001624365 _____ C:\Users\Usuario\Downloads\94067011_248244453025102_4700341273783354994_n.mp4
2020-04-15 12:49 - 2020-04-15 12:49 - 000410341 _____ C:\Users\Usuario\Downloads\Ingenieria USAC.mp4
2020-04-15 12:09 - 2020-04-15 13:19 - 146464130 _____ C:\Users\Usuario\Downloads\intercambio artistico Korea-guatemala.mp4
2020-04-15 11:56 - 2020-04-15 11:56 - 001273803 _____ C:\Users\Usuario\Downloads\93412314_155929549245257_1435635987166195875_n.mp4
2020-04-15 05:48 - 2020-04-15 05:48 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-15 05:48 - 2020-04-15 05:48 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-15 05:48 - 2020-04-15 05:48 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-15 05:47 - 2020-04-15 05:47 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 002369576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 002188600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001659408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 001495864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 001386296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-15 05:47 - 2020-04-15 05:47 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-15 05:47 - 2020-04-15 05:47 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-15 05:47 - 2020-04-15 05:47 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-15 05:47 - 2020-04-15 05:47 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-15 05:47 - 2020-04-15 05:47 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-15 05:47 - 2020-04-15 05:47 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-15 05:47 - 2020-04-15 05:47 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-15 05:47 - 2020-04-15 05:47 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-15 05:47 - 2020-04-15 05:47 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-15 05:47 - 2020-04-15 05:47 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-15 05:47 - 2020-04-15 05:47 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-15 05:47 - 2020-04-15 05:47 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-15 05:47 - 2020-04-15 05:47 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-15 05:47 - 2020-04-15 05:47 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-15 05:47 - 2020-04-15 05:47 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-15 05:47 - 2020-04-15 05:47 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-15 05:47 - 2020-04-15 05:47 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-15 05:46 - 2020-04-15 05:46 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-15 05:46 - 2020-04-15 05:46 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-15 05:46 - 2020-04-15 05:46 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-15 05:46 - 2020-04-15 05:46 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-15 05:46 - 2020-04-15 05:46 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-15 05:46 - 2020-04-15 05:46 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-15 05:46 - 2020-04-15 05:46 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-15 05:46 - 2020-04-15 05:46 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-15 05:46 - 2020-04-15 05:46 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-15 05:46 - 2020-04-15 05:46 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-15 05:46 - 2020-04-15 05:46 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-15 05:46 - 2020-04-15 05:46 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-15 05:46 - 2020-04-15 05:46 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-15 05:46 - 2020-04-15 05:46 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-15 05:46 - 2020-04-15 05:46 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-15 05:46 - 2020-04-15 05:46 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-15 05:46 - 2020-04-15 05:46 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-15 05:46 - 2020-04-15 05:46 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 003980800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-15 05:45 - 2020-04-15 05:45 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-15 05:45 - 2020-04-15 05:45 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-15 05:45 - 2020-04-15 05:45 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-15 05:45 - 2020-04-15 05:45 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-15 05:45 - 2020-04-15 05:45 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-15 05:45 - 2020-04-15 05:45 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-15 05:45 - 2020-04-15 05:45 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-15 05:45 - 2020-04-15 05:45 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-15 05:45 - 2020-04-15 05:45 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-15 05:45 - 2020-04-15 05:45 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-15 05:45 - 2020-04-15 05:45 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-15 05:45 - 2020-04-15 05:45 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-15 05:45 - 2020-04-15 05:45 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-15 05:45 - 2020-04-15 05:45 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-15 05:45 - 2020-04-15 05:45 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-15 05:45 - 2020-04-15 05:45 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-15 05:45 - 2020-04-15 05:45 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-15 05:24 - 2020-04-15 05:24 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-15 05:24 - 2020-04-15 05:24 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-14 23:07 - 2020-04-14 23:11 - 165311485 _____ C:\Users\Usuario\Downloads\¡Bienvenidos y bienvenidas! Más que un gusto dar inicio al D.mp4
2020-04-14 23:05 - 2020-04-14 23:15 - 157774484 _____ C:\Users\Usuario\Downloads\10000000_1139111333091788_8725411813903286345_n.mp4
2020-04-14 23:04 - 2020-04-14 23:04 - 006660786 _____ C:\Users\Usuario\Downloads\JACKY MEN. .zip
2020-04-14 23:03 - 2020-04-14 23:03 - 005060342 _____ C:\Users\Usuario\Downloads\ALEJANDRA RIOS.zip
2020-04-14 23:00 - 2020-04-14 23:01 - 006843139 _____ C:\Users\Usuario\Downloads\EBI MARTINEZ .zip
2020-04-14 22:30 - 2020-04-14 22:46 - 000013028 _____ C:\Users\Usuario\Documents\tarea edith.xlsx
2020-04-14 19:08 - 2020-04-14 19:08 - 002381316 _____ C:\Users\Usuario\Downloads\94035050_661592141307951_9184816507356619555_n.mp4
2020-04-14 18:56 - 2020-04-14 18:56 - 000133257 _____ C:\Users\Usuario\Downloads\BALDEPAG INVSTIGACIÓN MAR 20.doc(1).pdf
2020-04-13 22:11 - 2020-04-13 22:11 - 000085504 _____ C:\Users\Usuario\Downloads\vi_balanza_pagos_anual_ver_banguat.xls
2020-04-13 21:14 - 2020-04-13 21:14 - 000133257 _____ C:\Users\Usuario\Downloads\BALDEPAG INVSTIGACIÓN MAR 20.doc.pdf
2020-04-13 12:23 - 2020-04-13 12:23 - 000073009 _____ C:\Users\Usuario\Downloads\Facebook Watch (8).mp4
2020-04-13 12:22 - 2020-04-13 12:22 - 000653469 _____ C:\Users\Usuario\Downloads\Facebook Watch (7).mp4
2020-04-13 12:19 - 2020-04-13 12:24 - 173314965 _____ C:\Users\Usuario\Downloads\Una publicación de Splay 7 el 1 de agosto de 2019.mp4
2020-04-13 12:19 - 2020-04-13 12:19 - 001676135 _____ C:\Users\Usuario\Downloads\CHIKY PÉREZ(@chikyperez93) TikTok.mp4
2020-04-13 12:10 - 2020-04-13 12:10 - 001476785 _____ C:\Users\Usuario\Downloads\Historias • Instagram (15).mp4
2020-04-13 12:10 - 2020-04-13 12:10 - 000741842 _____ C:\Users\Usuario\Downloads\Historias • Instagram (13).mp4
2020-04-13 12:10 - 2020-04-13 12:10 - 000533064 _____ C:\Users\Usuario\Downloads\Historias • Instagram (14).mp4
2020-04-13 12:09 - 2020-04-13 12:09 - 002434059 _____ C:\Users\Usuario\Downloads\Historias • Instagram (12).mp4
2020-04-13 12:09 - 2020-04-13 12:09 - 002359662 _____ C:\Users\Usuario\Downloads\Historias • Instagram (8).mp4
2020-04-13 12:09 - 2020-04-13 12:09 - 001459354 _____ C:\Users\Usuario\Downloads\Historias • Instagram (9).mp4
2020-04-13 12:09 - 2020-04-13 12:09 - 000775425 _____ C:\Users\Usuario\Downloads\Historias • Instagram (10).mp4
2020-04-13 12:09 - 2020-04-13 12:09 - 000554410 _____ C:\Users\Usuario\Downloads\Historias • Instagram (11).mp4
2020-04-13 05:54 - 2020-04-13 05:56 - 005669072 _____ C:\Users\Usuario\Downloads\Aquí pues casual tomando 🌞 aprovechando la ausencia del vir.mp4
2020-04-12 23:13 - 2020-04-12 23:13 - 000278863 _____ C:\Users\Usuario\Downloads\aud-20200412-wa0001opus.mp4
2020-04-12 22:57 - 2020-04-12 22:57 - 000089901 _____ C:\Users\Usuario\Downloads\WhatsApp Image 2020-04-12 at 21.59.17.jpeg
2020-04-12 22:52 - 2020-04-12 22:52 - 000281653 _____ C:\Users\Usuario\Downloads\AUD-20200412-WA0001 (2).opus
2020-04-12 22:52 - 2020-04-12 22:52 - 000281653 _____ C:\Users\Usuario\Downloads\AUD-20200412-WA0001 (1).opus
2020-04-12 22:51 - 2020-04-12 22:51 - 000281653 _____ C:\Users\Usuario\Downloads\AUD-20200412-WA0001.opus
2020-04-12 22:42 - 2020-04-12 22:27 - 000071825 _____ C:\Users\Usuario\Desktop\AUD-20200412-WA0001.opus
2020-04-12 20:43 - 2020-04-12 20:43 - 000000000 ____D C:\Users\Usuario\Downloads\Activador Camtasia 9
2020-04-12 20:36 - 2016-10-17 14:03 - 000305152 _____ (TechSmith Corporation) C:\WINDOWS\SysWOW64\tsc2_codec64.dll
2020-04-12 20:36 - 2016-10-17 14:03 - 000250880 _____ (TechSmith Corporation) C:\WINDOWS\SysWOW64\tsc2_codec32.dll
2020-04-12 20:35 - 2020-04-12 20:35 - 000001150 _____ C:\Users\Public\Desktop\Camtasia 9.lnk
2020-04-12 20:35 - 2020-04-12 20:35 - 000001150 _____ C:\ProgramData\Desktop\Camtasia 9.lnk
2020-04-12 20:35 - 2020-04-12 20:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2020-04-12 20:07 - 2020-04-12 20:35 - 000000000 ____D C:\ProgramData\TechSmith
2020-04-12 20:07 - 2020-04-12 20:07 - 000000000 ____D C:\Program Files\TechSmith
2020-04-12 15:19 - 2020-04-12 15:19 - 001890150 _____ C:\Users\Usuario\Downloads\Sjfz5q2z.mp4
2020-04-11 20:10 - 2020-04-11 20:13 - 005708646 _____ C:\Users\Usuario\Downloads\Facebook Watch (4).mp4
2020-04-11 19:04 - 2020-04-11 19:05 - 000000000 ____D C:\AdwCleaner
2020-04-11 15:49 - 2020-04-11 15:49 - 001446872 _____ C:\Users\Usuario\Downloads\Facebook Watch (6).mp4
2020-04-11 15:48 - 2020-04-11 15:49 - 001833423 _____ C:\Users\Usuario\Downloads\Facebook Watch (5).mp4
2020-04-11 15:47 - 2020-04-11 15:54 - 015466496 _____ C:\Users\Usuario\Downloads\Facebook Watch (4).mp4.crdownload

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-11 21:55 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-11 21:43 - 2018-07-28 21:34 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Mozilla
2020-05-11 19:45 - 2019-09-24 09:24 - 000004222 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{DFC92380-C225-45AE-ADFA-F911E9022127}
2020-05-11 18:19 - 2018-08-10 11:27 - 000000000 ____D C:\Users\Usuario\Documents\Camtasia Studio
2020-05-11 17:45 - 2019-09-15 15:18 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\MPC-HC
2020-05-11 13:40 - 2019-09-24 08:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-11 10:47 - 2018-08-02 13:01 - 000000000 ____D C:\Users\Usuario\dwhelper
2020-05-11 10:24 - 2019-03-18 22:50 - 000000000 ____D C:\WINDOWS\INF
2020-05-11 10:24 - 2018-07-31 17:41 - 000000000 ____D C:\Users\Usuario\AppData\Local\CrashDumps
2020-05-11 10:24 - 2018-07-30 13:28 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-05-11 10:24 - 2018-07-30 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-05-11 10:24 - 2018-07-30 13:28 - 000000000 ____D C:\Program Files (x86)\WinRAR
2020-05-11 10:21 - 2019-06-07 05:57 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-05-11 10:21 - 2019-06-07 05:57 - 000000863 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-05-11 10:21 - 2019-06-07 05:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-05-11 10:21 - 2019-06-07 05:56 - 000000000 ____D C:\Program Files\CCleaner
2020-05-11 10:01 - 2020-03-28 18:31 - 000000000 ____D C:\ProgramData\VMware
2020-05-11 10:01 - 2019-09-24 09:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-11 10:00 - 2019-03-18 22:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-05-11 10:00 - 2018-07-26 23:08 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-05-11 09:53 - 2019-09-24 09:24 - 000003860 _____ C:\WINDOWS\system32\Tasks\ESET Windows 10 upgrade – Perform upgrade
2020-05-11 09:47 - 2019-11-10 17:01 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2020-05-11 09:47 - 2019-02-10 15:58 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-05-11 09:45 - 2018-07-30 09:39 - 000000000 ____D C:\WINDOWS\AutoKMS
2020-05-11 09:36 - 2019-03-18 22:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-05-10 19:00 - 2019-11-30 20:49 - 000000000 ____D C:\WINDOWS\Minidump
2020-05-10 19:00 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-05-10 15:41 - 2019-10-04 22:19 - 000004608 _____ C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-05-10 15:12 - 2018-07-26 22:19 - 000000000 ____D C:\Users\Usuario\AppData\Local\Packages
2020-05-10 08:58 - 2019-03-18 22:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-05-10 08:58 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-05-09 21:46 - 2018-08-22 09:40 - 000000000 ____D C:\Users\Usuario\Documents\MEGAsync Downloads
2020-05-08 22:50 - 2019-03-18 18:13 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\obs-studio
2020-05-08 16:39 - 2020-02-21 12:50 - 000000000 ____D C:\Program Files\Microsoft Office
2020-05-06 23:20 - 2019-09-24 09:05 - 000000000 ____D C:\Users\Usuario
2020-05-06 21:42 - 2019-11-29 09:02 - 000003470 _____ C:\WINDOWS\system32\Tasks\ESET Windows 10 upgrade – Refresh settings
2020-05-06 18:35 - 2018-07-28 21:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-05-06 14:58 - 2019-09-16 09:43 - 000000000 ____D C:\Users\Usuario\Documents\Documentos Papa
2020-05-06 10:39 - 2018-07-28 21:34 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-05-05 14:42 - 2018-07-28 21:40 - 000000000 ____D C:\Users\Usuario\AppData\Local\Adobe
2020-05-02 11:12 - 2020-02-22 14:55 - 000002466 _____ C:\Users\Usuario\Desktop\isauro - Chrome.lnk
2020-05-02 06:32 - 2019-06-04 23:04 - 000000000 ____D C:\Users\Usuario\Desktop\carpetas de escritorio
2020-05-02 06:27 - 2019-03-18 22:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-04-30 08:41 - 2019-09-24 09:24 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-498946065-1840606481-2339772968-1001
2020-04-30 08:41 - 2019-09-24 09:05 - 000002414 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-30 08:41 - 2018-07-26 22:22 - 000000000 ___RD C:\Users\Usuario\OneDrive
2020-04-25 08:46 - 2018-08-04 08:26 - 000001092 _____ C:\Users\Usuario\Desktop\Window Hide Tool.lnk
2020-04-24 02:49 - 2019-09-24 09:55 - 000483596 _____ C:\WINDOWS\system32\perfh011.dat
2020-04-24 02:49 - 2019-09-24 09:55 - 000134842 _____ C:\WINDOWS\system32\perfc011.dat
2020-04-24 02:49 - 2019-09-24 09:47 - 000789596 _____ C:\WINDOWS\system32\perfh00A.dat
2020-04-24 02:49 - 2019-09-24 09:47 - 000155162 _____ C:\WINDOWS\system32\perfc00A.dat
2020-04-24 02:49 - 2019-09-24 09:16 - 002403462 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-23 18:33 - 2018-08-10 12:38 - 000000000 ____D C:\Users\Usuario\AppData\Local\ElevatedDiagnostics
2020-04-22 06:46 - 2019-01-19 20:09 - 000000000 ____D C:\Users\Usuario\Documents\Nueva carpeta
2020-04-22 06:46 - 2018-12-16 15:21 - 000000000 ____D C:\Users\Usuario\Documents\mil unas americas
2020-04-21 19:30 - 2020-03-03 10:18 - 000000000 ____D C:\Users\Usuario\Desktop\Nueva carpeta
2020-04-21 12:26 - 2018-07-28 22:34 - 000000000 ____D C:\Users\Usuario\AppData\Local\MSfree Inc
2020-04-21 11:53 - 2019-03-21 03:47 - 000000000 ____D C:\Users\Usuario\Downloads\Foto - Google+_files
2020-04-19 16:17 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-19 16:17 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-18 17:15 - 2020-03-16 16:43 - 000000000 ____D C:\Users\Usuario\Desktop\Satira y Arte 2012
2020-04-15 10:36 - 2019-09-24 08:55 - 000534440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-15 10:26 - 2019-03-19 00:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-04-15 10:26 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2020-04-15 10:26 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-15 10:26 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-15 10:26 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-15 10:26 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2020-04-15 10:26 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-15 10:26 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-15 10:26 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-04-15 10:26 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-15 05:53 - 2019-03-18 22:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-14 23:29 - 2019-11-04 22:35 - 000000000 ___RD C:\Users\Usuario\Desktop\bethel
2020-04-14 08:18 - 2019-09-24 09:24 - 000004622 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-04-13 12:14 - 2020-04-04 14:22 - 000000000 ___RD C:\Users\Usuario\Desktop\mp4
2020-04-12 20:35 - 2018-07-28 20:19 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-12 20:13 - 2018-08-10 11:52 - 000000000 ____D C:\Users\Usuario\AppData\Local\TechSmith
2020-04-12 13:43 - 2020-03-28 18:24 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Andy
2020-04-12 13:41 - 2020-03-28 18:34 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\VMware
2020-04-11 20:52 - 2020-04-10 11:25 - 000000000 ____D C:\Users\Usuario\Desktop\videos de disco portable david

==================== Files in the root of some directories ========

2020-03-16 17:56 - 2020-03-16 17:56 - 000000592 _____ () C:\Users\Usuario\AppData\Roaming\AutoGK.ini
2020-01-22 17:36 - 2020-01-22 17:36 - 000000068 _____ () C:\Users\Usuario\AppData\Roaming\changzhi_leidian.data
2018-07-30 14:24 - 2018-07-30 14:24 - 000000235 _____ () C:\Users\Usuario\AppData\Roaming\devices.xml
2018-10-26 07:24 - 2018-09-25 11:35 - 000911944 _____ (Kingsoft Corporation) C:\Users\Usuario\AppData\Roaming\k3rdinsertwnd.dll
2020-02-04 20:32 - 2020-02-04 20:32 - 000000132 _____ () C:\Users\Usuario\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2018-07-30 14:24 - 2018-07-30 14:24 - 000000012 _____ () C:\Users\Usuario\AppData\Roaming\settings.xml
2019-02-06 15:25 - 2019-02-06 15:54 - 000000104 ____H () C:\Users\Usuario\AppData\Roaming\WPVXAP.setting
2019-10-04 22:19 - 2020-05-10 15:41 - 000004608 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ======================== 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2020
Ran by Usuario (11-05-2020 22:08:29)
Running from C:\Users\Usuario\Downloads
Windows 10 Pro Version 1903 18362.778 (X64) (2019-09-24 15:26:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-498946065-1840606481-2339772968-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-498946065-1840606481-2339772968-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-498946065-1840606481-2339772968-1000 - Limited - Disabled)
Guest (S-1-5-21-498946065-1840606481-2339772968-501 - Limited - Disabled)
Usuario (S-1-5-21-498946065-1840606481-2339772968-1001 - Administrator - Enabled) => C:\Users\Usuario
WDAGUtilityAccount (S-1-5-21-498946065-1840606481-2339772968-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 6.0 (Disabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: ESET Smart Security 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DP Chip Lite v18.07 (HKLM-x32\...\3DP Chip Lite) (Version: v18.07 - 3DP)
4Easysoft HD Converter (HKLM-x32\...\4Easysoft HD Converter_is1) (Version:  - )
ABBYY FineReader 11 Corporate Edition (HKLM-x32\...\{F11000CE-0010-0000-0000-074957833700}) (Version: 11.11.141 - ABBYY)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Reader XI (11.0.10) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2019.0816.1152.21357 - Advanced Micro Devices, Inc.)
Andy OS (HKLM-x32\...\{f4d07f39-f016-4989-a0a4-94b7984f2a84}) (Version: 47.0.260 - Andy OS Inc.)
AndyFinalizeInstall (HKLM\...\{052D0477-FB9A-4DD4-B101-91138DF4284E}) (Version: 47.0.260 - Andy OS Inc.) Hidden
AndyImagesConfigure (HKLM\...\{D4D6AD00-8C97-4984-8BA4-EBA36CF48BDB}) (Version: 47.0.260 - Andy OS Inc.) Hidden
AndyImagesInstall (HKLM\...\{3EBE5CF7-02CA-4187-83A2-FCA61F8863EB}) (Version: 47.0.260 - Andy OS Inc.) Hidden
AndyPreInstall (HKLM\...\{C89FF20F-BE49-461E-83EC-E9AC933C0C1F}) (Version: 47.0.260 - Andy OS Inc.) Hidden
AOMEI Partition Assistant Standard Edition 8.4 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32 bits) (HKLM-x32\...\{6CF0CAEE-54B6-4D84-A055-3AF110F189D3}) (Version: 8.4 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{8B127943-89E7-4691-A7A4-D05807920A84}) (Version: 8.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6E93B248-22B6-48B2-A568-2E49C65B2EA4}) (Version: 13.5.0.20 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Auto Gordian Knot 2.45 (HKLM-x32\...\AutoGK) (Version: 2.45 - len0x)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.190.0.5002 - BlueStack Systems, Inc.)
Boilsoft Video Joiner 6.57 (HKLM-x32\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version:  - Boilsoft, Inc.)
Boilsoft Video Splitter 6.34 (HKLM-x32\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version:  - Boilsoft, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Camtasia 9 (HKLM\...\{D8A1F37A-B11B-4451-830D-6A243ADE2591}) (Version: 9.0.1.1422 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{48cb006a-7b5b-4a48-98fd-fbd7af456b0d}) (Version: 9.0.1.1422 - TechSmith Corporation)
Canon E400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_E400_series) (Version: 1.01 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon MG2400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series) (Version: 1.02 - Canon Inc.)
Canon MG2400 series On-screen Manual (HKLM-x32\...\Canon MG2400 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.66 - Piriform)
eMessenger 310 (HKLM-x32\...\{6CE28479-63DF-4EE7-92C4-5FF2069CB358}) (Version: 1.0.0.28 - KYE SYSTEMS CORP.)
ESET NOD32 Antivirus (HKLM\...\{9DF7F954-D67A-4461-9518-D752A2CE7414}) (Version: 6.0.306.3 - ESET, spol s r. o.)
Freemake Audio Converter versión 1.1.8 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.8 - Ellora Assets Corporation)
Freemake Video Converter versión 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Mixbyte Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Honeygain (HKLM-x32\...\{E1B3247E-A698-405B-A15E-2E0DCB273FA2}) (Version: 0.5.1.0 - Honeygain)
HP Photo and Imaging 2.0 - Scanners (HKLM-x32\...\{6CC93102-135E-49E2-99A4-C431E671C12A}) (Version: 2.0.0000 - {&Tahoma8}Hewlett-Packard)
iCloud (HKLM\...\{A3616230-EF97-44F3-83D3-1AE29DC639D3}) (Version: 7.18.0.22 - Apple Inc.)
IPweb Surf (HKLM-x32\...\{12F8CF7A-1E47-44BE-A605-C9B182332610}) (Version: 3.3.8 - IPweb.ru)
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
iTunes (HKLM\...\{1CA6039E-7853-4733-9F93-116CADDC9E0C}) (Version: 12.10.6.2 - Apple Inc.)
K-Lite Mega Codec Pack 15.1.6 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.1.6 - KLCP)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.12730.20250 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-498946065-1840606481-2339772968-1001\...\OneDriveSetup.exe) (Version: 20.052.0311.0011 - Microsoft Corporation)
Microsoft Project Profesional 2016 - es-es (HKLM\...\ProjectProRetail - es-es) (Version: 16.0.12730.20250 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-498946065-1840606481-2339772968-1001\...\Teams) (Version: 1.3.00.12058 - Microsoft Corporation)
Microsoft Visio - es-es (HKLM\...\VisioProRetail - es-es) (Version: 16.0.12730.20250 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mouse Controller version 1.10.0.0 (HKLM-x32\...\{558409e4-71ad-4b5f-9db7-15e987d0e3aa}_is1) (Version: 1.10.0.0 - MuGiRi Software Development)
Mozilla Firefox 76.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 76.0 (x64 es-ES)) (Version: 76.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla)
Nero 8 Micro 8.1.1.4 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.1.1.4 - Updatepack.nl)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12730.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12730.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.12730.20250 - Microsoft Corporation) Hidden
Planilla del IVA(SAT) (HKLM-x32\...\{015F551C-5101-44D8-BE5F-C0A7D9FCF44F}) (Version: 1.2.7 - Superintendencia de Administración Tributaria (SAT), Guatemala.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7614 - Realtek Semiconductor Corp.)
THE KING OF FIGHTERS '98 ULTIMATE MATCH FINAL EDITION (HKLM-x32\...\VEhFS0lOR09GRklHSFRFUlM5OFVMVElNQVRFTUFUQ0hGSU5B~BAE84215_is1) (Version: 1 - )
The King of Fighters XIII (HKLM-x32\...\The King of Fighters XIII_is1) (Version: 1.1c - SNK Playmore \ Tolyak26)
TotalAudioConverter (HKLM-x32\...\Total Audio Converter_is1) (Version: 5.1 - Softplicity, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VMware Player (HKLM\...\{E3D1D81C-EDEE-4E58-8A52-C2EC347C5548}) (Version: 12.5.7 - VMware, Inc.)
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.15.8.00000 - VMware, Inc.)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
Window Hide Tool 2.0 (HKLM-x32\...\Window Hide Tool_is1) (Version:  - FOMINE SOFTWARE)
Windows 10 Codec Pack 2.1.6 (HKLM-x32\...\Windows 10 - Codec Pack) (Version: 2.1.6 - Windows 10 Codec Pack)
WinRAR 5.90 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Wondershare Data Recovery(Build 6.6.0.21) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 6.6.0.21 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare UniConverter(Build 11.5.1.0) (HKLM-x32\...\UniConverter_is1) (Version: 11.5.1.0 - Wondershare Software)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )
Zoom (HKU\S-1-5-21-498946065-1840606481-2339772968-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.8.5.0_x86__kgqvnymyfvs32 [2020-04-09] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.167.200.0_x86__kgqvnymyfvs32 [2020-05-07] (king.com)
Complemento de Fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-04-14] (Microsoft Corporation)
Complemento de motor multimedia para Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-09] (Microsoft Corporation)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.0.0.8_x86__h6adky7gbf63m [2020-04-23] (Gameloft SE)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.2.169.0_x64__rz1tebttyb220 [2020-04-18] (Dolby Laboratories)
Hidden City: Aventura de objetos ocultos -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.34.3402.0_x86__ytsefhwckbdv6 [2020-04-25] (G5 Entertainment AB)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-03-05] (Instagram)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-07] (Microsoft Studios) [MS Ad]
MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-498946065-1840606481-2339772968-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-498946065-1840606481-2339772968-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-498946065-1840606481-2339772968-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-498946065-1840606481-2339772968-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-498946065-1840606481-2339772968-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-498946065-1840606481-2339772968-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-498946065-1840606481-2339772968-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-498946065-1840606481-2339772968-1001_Classes\CLSID\{34D696ED-C575-784A-3DDE-88A6CB27EDCD}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-498946065-1840606481-2339772968-1001_Classes\CLSID\{3D763921-AB15-4E68-B0E9-C146AD957818} -> [MEGA] => C:\Users\Usuario\Documents\MEGA [2018-08-22 09:33]
CustomCLSID: HKU\S-1-5-21-498946065-1840606481-2339772968-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-11-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2012-09-20] (ABBYY PRODUCTION LLC -> ABBYY)
ContextMenuHandlers1: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-03-22] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [{26D8ED70-189A-48FD-9482-67F08AAC0D31}] -> {26D8ED70-189A-48FD-9482-67F08AAC0D31} => C:\Program Files (x86)\CoolUtils\TotalAudioConverter\CoolUtilsContextMenu64.dll [2018-05-20] (Softplicity -> )
ContextMenuHandlers2: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-11-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2018-05-05] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2018-05-05] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers4: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-11-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2012-09-20] (ABBYY PRODUCTION LLC -> ABBYY)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => lvcod64.dll
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32-x32: [vidc.i420] => lvcodec2.dll
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [vidc.lags] => C:\Windows\SysWOW64\lagarith.dll [230080 2016-09-20] (Cole Williams Software Limited ->  )
HKLM\...\Drivers32: [msacm.divxa32] => C:\Windows\SysWOW64\DivXa32.acm [291408 2013-12-16] (Packed With Joy !) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Codec Pack 2.7.4\Useful links\Download Codecs & Tools.lnk -> hxxp://www.codecs.com
Shortcut: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Codec Pack 2.7.4\Useful links\Talk about Codecs.lnk -> hxxp://codecs.com/foru
Shortcut: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Codec Pack 2.7.4\Useful links\X Codec Pack homepage.lnk -> hxxp://www.xpcodecpack.com
Shortcut: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RealAnime 6\Homepage.lnk -> hxxp://www.detritus.qc.ca
ShortcutWithArgument: C:\Users\Usuario\Desktop\isauro - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"

==================== Loaded Modules (Whitelisted) =============

2002-04-17 10:49 - 2002-04-17 10:49 - 000024576 _____ () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2019-06-28 17:32 - 2019-06-28 17:32 - 003598336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-04-18 08:34 - 2020-04-18 08:34 - 000165376 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.2.169.0_x64__rz1tebttyb220\DAXRPCClient.dll
2020-04-18 08:34 - 2020-04-18 08:35 - 037219328 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.2.169.0_x64__rz1tebttyb220\DolbyAccess.dll
2020-04-09 13:58 - 2020-04-09 14:00 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.2.169.0_x64__rz1tebttyb220\e_sqlite3.dll
2019-08-16 11:37 - 2019-08-16 11:37 - 000158208 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\SYSTEM32\amdihk64.dll
2002-04-17 10:40 - 2002-04-17 10:40 - 000020480 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL
2009-08-11 12:37 - 2009-08-11 12:37 - 001655296 _____ (Microsoft Corporation) [File not signed] C:\Program Files\ESET\ESET NOD32 Antivirus\MFC80U.DLL
2017-09-14 00:37 - 2017-09-14 00:37 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qgif.dll
2017-09-14 00:42 - 2017-09-14 00:42 - 000033280 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qicns.dll
2017-09-14 00:37 - 2017-09-14 00:37 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qico.dll

parte 1


 2017-09-14 00:37 - 2017-09-14 00:37 - 000245760 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qjpeg.dll
2017-09-14 00:42 - 2017-09-14 00:42 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qsvg.dll
2017-09-14 00:42 - 2017-09-14 00:42 - 000020992 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qtga.dll
2017-09-14 00:42 - 2017-09-14 00:42 - 000316416 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qtiff.dll
2017-09-14 00:42 - 2017-09-14 00:42 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qwbmp.dll
2017-09-14 00:42 - 2017-09-14 00:42 - 000322560 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\imageformats\qwebp.dll
2017-09-14 00:37 - 2017-09-14 00:37 - 001010688 _____ (The Qt Company Ltd) [File not signed] C:\ProgramData\MEGAsync\platforms\qwindows.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000414208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000516608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 001441280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2019-08-16 11:49 - 2019-08-16 11:49 - 005999104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 006413824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 001141760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000339968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 004143104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 003840000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000332800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000349184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 080959488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 005622272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 000190464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-06-28 17:32 - 2019-06-28 17:32 - 002825216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-06-28 17:33 - 2019-06-28 17:33 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-06-28 17:33 - 2019-06-28 17:33 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-06-28 17:33 - 2019-06-28 17:33 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-06-28 17:33 - 2019-06-28 17:33 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-06-28 17:33 - 2019-06-28 17:33 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-06-28 17:33 - 2019-06-28 17:33 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-06-28 17:33 - 2019-06-28 17:33 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2019-06-28 17:33 - 2019-06-28 17:33 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-498946065-1840606481-2339772968-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-07-26 19:04 - 2018-07-31 07:45 - 000000862 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1         app.drivereasy.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-498946065-1840606481-2339772968-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled) 
Wi-Fi: VMware Bridge Protocol -> vmware_bridge (enabled) 
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "kxesc"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-498946065-1840606481-2339772968-1001\...\StartupApproved\Run: => "Window Hide Tool"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{1525010C-CF10-4C56-97E5-FB7AFC29015E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E3AF5EAB-6FB2-4B08-A53F-F09D3F957DDE}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{83563AB1-0CE1-4316-BC20-0909C51F5069}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{76F51D92-7405-4FF0-8BBB-BC5456B8DE51}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E90DD9D7-1E72-4DCC-907D-4576F4619782}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1313FF16-608C-4D1B-B8C1-F929108A04B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DF31B5D9-B14D-4CB9-8272-26863618B5AA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2D76B0AE-0A95-4F2D-A294-B1E24EF04860}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CEF0741F-3C03-4C70-8AB2-CF7A74C4F9E5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AFF12696-3CC3-401A-8670-8489CBA48881}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{831844DF-184D-48F0-A1BF-13324A5C32BB}] => (Allow) 㩃啜敳獲啜畳牡潩䅜灰慄慴剜慯業杮癜敩屷楶睥攮數 => No File
FirewallRules: [{6D013D69-6858-4A8A-906E-3B4EF894EE3E}] => (Allow) 㩃啜敳獲啜畳牡潩䅜灰慄慴剜慯業杮癜敩屷档潲敭牤癩牥攮數 => No File
FirewallRules: [{344A6C22-F296-48F5-BE97-8FA2AC4DEE39}] => (Allow) 㩃啜敳獲啜畳牡潩䅜灰慄慴剜慯業杮癜敩屷桃潲敭䅜灰楬慣楴湯䍜牨浯⹥硥e => No File
FirewallRules: [{74CEDF80-1FB6-4DCA-A0ED-73FC59043D8B}] => (Allow) 㩃啜敳獲啜畳牡潩䅜灰慄慴剜慯業杮癜敩屷楶睥⹕硥e => No File
FirewallRules: [TCP Query User{E88C43FE-AD3F-4E24-9D25-EA9A8E1D793E}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
FirewallRules: [UDP Query User{5BA6D669-81B0-4EB9-A656-41AF7C5CEBF4}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
FirewallRules: [{8873A220-476A-4669-9599-A5A3FC6DB1E3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{625E5053-B1D3-4D3B-970A-376684B5CFD8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E8ABB2E6-0755-4B9F-BD50-3E43620C9F17}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7F0C59B6-A90C-49EF-BD68-C2956CF3BBD6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{49D67879-4CBB-4BC1-9F92-574D9233DA34}] => (Allow) C:\Users\Usuario\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B38862F5-6404-454F-A4D1-F82323128D86}] => (Allow) C:\Program Files\Andy\Andy.exe (Andy OS Inc -> Andy OS, inc.)
FirewallRules: [{D5AA4044-50DB-4239-92EC-CDF804A44058}] => (Allow) C:\Program Files\Andy\AndyConsole.exe (Andy OS Inc -> Andy OS, inc.)
FirewallRules: [{1F921C53-F3D9-4474-8D14-02C51C722F40}] => (Allow) C:\Program Files\Andy\HandyAndy.exe (Andy OS Inc -> Andy OS, inc.)
FirewallRules: [{70B96808-F5AB-4198-8F2A-507B2882D986}] => (Allow) C:\Program Files\Andy\VMwareCheck.exe (Andy OS Inc -> Andy OS, inc.)
FirewallRules: [{92EF9364-2B7A-4A65-B55B-85A24DDD10BF}] => (Allow) C:\Program Files\Andy\AndyDoctor.exe (Andy OS Inc -> Andy OS, inc.)
FirewallRules: [{1E99CE42-4AC5-4758-B578-D39B515A7369}] => (Allow) C:\Program Files\Andy\Andy.exe (Andy OS Inc -> Andy OS, inc.)
FirewallRules: [{AC81F6C9-38FF-4C7C-A2EA-AD3D02B149F6}] => (Allow) C:\Program Files\Andy\AndyConsole.exe (Andy OS Inc -> Andy OS, inc.)
FirewallRules: [{7DF1126D-1F06-4D1D-A408-252DF906DE44}] => (Allow) C:\Program Files\Andy\HandyAndy.exe (Andy OS Inc -> Andy OS, inc.)
FirewallRules: [{CAA735FA-EED5-448F-A76C-0AAF87C0124A}] => (Allow) C:\Program Files\Andy\VMwareCheck.exe (Andy OS Inc -> Andy OS, inc.)
FirewallRules: [{610DE000-B5D5-4FA6-9DD1-0AE067974E8F}] => (Allow) C:\Program Files\Andy\AndyDoctor.exe (Andy OS Inc -> Andy OS, inc.)
FirewallRules: [{622D0FA2-8D51-495D-BA27-F44DFA8A6EB5}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{E9B364C0-333A-4B03-A1DC-A91B15CD34BD}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{CED5DEFB-3CBF-4406-9C09-36226CC0F5C8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B9567FD9-54C5-48E1-B514-CCD139371A8B}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{4A690682-7521-4CFE-94D4-FCC46377E97E}] => (Allow) LPort=8318
FirewallRules: [TCP Query User{DB67DAFC-6F7A-418F-BC1B-E203DD615E0D}C:\users\usuario\appdata\roaming\ipweb surf\ipweb surf.exe] => (Allow) C:\users\usuario\appdata\roaming\ipweb surf\ipweb surf.exe (Dmitry Belyaev -> www.IPweb.ru)
FirewallRules: [UDP Query User{663AFA6D-CCD5-4083-9E25-D68A3D780764}C:\users\usuario\appdata\roaming\ipweb surf\ipweb surf.exe] => (Allow) C:\users\usuario\appdata\roaming\ipweb surf\ipweb surf.exe (Dmitry Belyaev -> www.IPweb.ru)
FirewallRules: [{D79FFA91-A8EC-4750-8C80-FE53E0869AA4}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

03-05-2020 15:19:14 Punto de control programado
05-05-2020 14:10:17 Installed MSXML 6.0 Parser

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/11/2020 10:08:41 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10580,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/11/2020 10:01:49 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (05/11/2020 10:00:39 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9268,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/11/2020 09:16:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7892,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/11/2020 08:34:40 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13296,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/11/2020 08:26:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12444,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/11/2020 08:13:30 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6912,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/11/2020 08:07:09 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (14304,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (05/11/2020 10:24:14 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-5HKBV0U)
Description: No se puede iniciar un servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Error 
"2147942767"
al iniciar este comando:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (05/11/2020 10:00:08 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5HKBV0U)
Description: El servidor microsoft.windowscommunicationsapps_16005.12624.20368.0_x64__8wekyb3d8bbwe!microsoft.windowslive.mail no se registró con DCOM dentro del tiempo de espera requerido.

Error: (05/11/2020 09:59:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Adaptador de rendimiento de WMI terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (05/11/2020 09:59:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Servicio del iPod se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (05/11/2020 09:59:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio VMware USB Arbitration Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (05/11/2020 09:59:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio VMware DHCP Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (05/11/2020 09:59:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Wondershare Install Assist Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (05/11/2020 09:59:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio Hacer clic y ejecutar de Microsoft Office terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.


Windows Defender:
===================================
Date: 2019-11-27 15:34:38.446
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {FD7B45C0-2C9B-44A7-8476-D0AE8B7BEDC6}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-11-27 09:51:24.885
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {C5E715BA-8764-442B-B397-25F54C8CE77C}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-11-26 13:11:01.660
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {E54B320A-AD49-4844-8E2A-A03CA715E93F}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-11-26 13:05:15.150
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {F6B955F3-B6A9-4FC0-AD61-5F05EF2E3248}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-11-26 12:10:02.035
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {4FAAC4B6-FF81-4AC4-BD13-3BE54BBFEF26}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-11-22 06:53:58.022
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.305.2530.0
Origen de actualización: Servidor de Microsoft Update
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.16500.1
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulta Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2020-05-11 21:46:17.353
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2020-05-11 21:45:50.966
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2020-05-11 21:45:45.676
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2020-05-11 18:51:21.100
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2020-05-11 18:04:59.869
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2020-05-11 18:04:47.906
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-11 18:04:29.819
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2020-05-11 17:17:07.996
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. P2.60 01/11/2016
Motherboard: ASRock FM2A88M Pro3+
Processor: AMD A10-7860K Radeon R7, 12 Compute Cores 4C+8G
Percentage of memory in use: 47%
Total physical RAM: 15298.05 MB
Available physical RAM: 8103.24 MB
Total Virtual: 18613.34 MB
Available Virtual: 9399.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1861.73 GB) (Free:821.76 GB) NTFS
Drive d: (La.MenteMaestra) (CDROM) (Total:4.36 GB) (Free:0 GB) UDF

\\?\Volume{007d63a3-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{007d63a3-0000-0000-0000-f08dd1010000}\ () (Fixed) (Total:0.8 GB) (Free:0.38 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 007D63A3)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1861.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=816 MB) - (Type=27)

==================== End of Addition.txt ======================= 

segunda parte

me sigue direccionando a esa pagina :S

Hola

No descargaste y ejecutaste FRST en el escritorio como te indiqué, muevelo allí si no fallará el paso siguiente.

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación :warning: con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
SearchScopes: HKU\S-1-5-21-498946065-1840606481-2339772968-1001 -> {44177982-996D-4b79-B29F-5B60E13A5169} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=98012088_4_dg&ch=2&ie=utf-8
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
FF NewTab: Mozilla\Firefox\Profiles\trr6gwnt.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10092__191122
FF Plugin-x32: @kingsfot.com/npkws -> c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll [No File]
CHR Extension: (Redirect) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokpkalabgohhkgejegabmcacleccdgi [2020-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-22]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers1: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers2: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers2: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers4: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers5: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
FirewallRules: [{831844DF-184D-48F0-A1BF-13324A5C32BB}] => (Allow) 㩃啜敳獲啜畳牡潩䅜灰慄慴剜慯業杮癜敩屷楶睥攮數 => No File
FirewallRules: [{6D013D69-6858-4A8A-906E-3B4EF894EE3E}] => (Allow) 㩃啜敳獲啜畳牡潩䅜灰慄慴剜慯業杮癜敩屷档潲敭牤癩牥攮數 => No File
FirewallRules: [{344A6C22-F296-48F5-BE97-8FA2AC4DEE39}] => (Allow) 㩃啜敳獲啜畳牡潩䅜灰慄慴剜慯業杮癜敩屷桃潲敭䅜灰楬慣楴湯䍜牨浯⹥硥e => No File
FirewallRules: [{74CEDF80-1FB6-4DCA-A0ED-73FC59043D8B}] => (Allow) 㩃啜敳獲啜畳牡潩䅜灰慄慴剜慯業杮癜敩屷楶睥⹕硥e => No File


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX/Corregir y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo