Infecci´´on persistente con el Virus del "doble acento" o de la "doble tilde"

Hola respetado foro:

En el dia de hoy, he encontrado que luego de la actualizacion de unos programas de diseño de Adobe que me insistia vehemente que los instalara a mi pc de escritorio personal , me empezaron a aparecer una serie de alteraciones en los acentos digitados con el teclado. Son dobles acentos, tildes, di´´eresis y demás.

´´ a esto es que me refiero… Ejemplos: “canci´´on, misi´´on, ortograf´´ia, auditor´´ia, etc” - por tanto voy a no colocar acentos en este mensaje para seguir escribiendo normalmente.

Al principio crei que yo habia desconfigurado el idioma regional con algun atajo de alt + mayusculas o algo asi. Tanto el bloc de notas, como worpad, word, acrobat u otras aplicaciones tenian el mismo problema, igualmente los navegadores de internet, y hasta el modo de comandos de dos.

Lo intente todo, no pude solucionar nada.

He investigado un poco y noto que se trata del virus que llaman del doble acento, o doble tilde, y que parece ser que detras de este, hay un poderoso troyano, que captura toda la informacion peligrosa como datos personales, transacciones bancarias y demas. Y me preocupa mucho pues hago muchas transacciones electronicas y de responsabilidad en el manejo de dinero.

Casualmente me he encontrado este foro hoy, me he inscrito, y casualmente tengo tambien varios de los programas que aqui se mencionan, ya incluso ya habia ejecutado hace unas horas algunos tales como Malwarebytes Business, hijackthis, y ccleaner… El primer programa malwarebytes me ha arrojado el reporte varias veces un archivo malicioso en la carpeta user/local/appdata/roaming/inminent y lo ha puesto en cuarentena y lo ha borrado “supuestamente” y he reiniciado el equipo ya seis veces. El ccleaner me habla de algunos registros problematicos que he resuelto dando reparar sin dar copia de seguridad, pero todo vuelve a aparecer, y el hijackthis no me ayuda mucho a entender algo concluyente. Como antivirus uso el panda online. Tuve Norton, Kaspersky, Avira y Nod32, pero hace rato los desinstale porque no hacian mas que bajarle el rendimiento a la maquina. En todo caso no he logrado solucionar el problema.

El virus con cada reinicio vuelve a aparecer intacto.

Quiero por favor que me ayuden a eliminar este poderoso troyano correctamente. Estoy empezando a perder la fe.

Gracias por toda la atenci´´on prestada a este mensaje.

Cordialmente,

Server 007

Post Data:

Ahora el pc est´´a generando comportamientos extraños, como crear un archivo ejecutable de 200 GB en el espacio libre del disco logico de sistema… Me acaba de aparecer poro espacio en el disco, cuando efectivamente me sobran mas de 300 GB … y aparecio de la nada un archivo ejecutable de 300 GB … Lo acabo de borrar y ante mis propios ojos acabo de aparecer otro exactamente igual creciendo de tamaño.

Necesito su ayuda de manera prioritaria. Esto se esta poniendo fuerte… :frowning:

Hola @SERVER007

Aunque ya has utilizado alguno de los pasos, realiza lo siguiente pero respetando el orden:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos con todos los programas cerrados incluido los navegadores

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
  • Cuando lo instales destilda las casillas para no permitir la instalación de Ccleaner Browser/Avast Browser o similar…
  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes Versión 4

  • Presiona clic en “Use Malewarebytes Free” (Usar Malewarebyte gratis).

  • Pulsa en el botón “Open Malewarebytes Free”.

imagen

  • Presiona el botón “Scan” (Escaneo).

imagen

Una vez finalizado el escaneo aparecerá la siguiente pantalla:

imagen

  • Pulsa en “View report” (Ver informe).

  • Luego presionar el botón “Export” (Exportar). Elijes “Text file” (fichero de texto). Elijes un nombre y guardas ese archivo en el escritorio…

4.- Desactiva nuevamente temporalmente tu antivirus y cualquier programa de seguridad.

5.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

6.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Nos comentas.

Salu2

Hola SanMar,

Muchas gracias por la oportuna respuesta :slightly_smiling_face:. Me puse manos a la obra. Los análisis duraron mucho tiempo. Por eso hasta ahora escribo. Parece ser que con la última herramienta Farbar se logró vencer el malware, las cosas parecen estar en la normalidad. Las tildes no volvieron a duplicarse. Sin embargo sigue apareciendo un archivo .exe de Adobe en la carpeta Temp que crece de tamaño inexplicablemente. Y la sigo borrando y sigue apareciendo.

El ZHPCleaner mencionó en algún momento “Imboster” e “Inminent” como malware secuestrador… Parece ser un troyano muy potente…
Estoy revisando mi pc a ver si ya está bien. Aun no estoy totalmente seguro si se sanó, honestamente

Aquí está el reporte completo, a ver que se puede concluir:

# -------------------------------
# Malwarebytes AdwCleaner 7.4.2.0
# -------------------------------
# Build:    10-21-2019
# Database: 2019-11-19.3 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-19-2019
# Duration: 00:00:01
# OS:       Windows 7 Ultimate
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\HOMEPC\AppData\Roaming\imminent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [37890 octets] - [19/11/2019 21:51:19]
AdwCleaner[S00].txt - [1677 octets] - [19/11/2019 21:51:46]
AdwCleaner[C00].txt - [1808 octets] - [19/11/2019 21:53:03]
AdwCleaner[S01].txt - [1560 octets] - [19/11/2019 22:03:15]
AdwCleaner[C01].txt - [1728 octets] - [19/11/2019 22:03:30]
AdwCleaner[S02].txt - [1682 octets] - [19/11/2019 23:45:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

REPORTE ZHPCleaner

ZHPCleaner: ¿Has instalado a este server? 190.157.8.108 190.157.8.46 100.70.133.50 <---- ?

~ ZHPCleaner v2019.11.14.158 by Nicolas Coolman (2019/11/14)
~ Run by HOMEPC (Administrator)  (19/11/2019 23:52:43)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\HOMEPC\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\HOMEPC\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados. (ADS)

---\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados. (Servicio)

---\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados. (Navegador)

---\  Hosts carpeta (1)
~ El archivo hosts es legítimo (30)

---\  Tareas automáticas programadas. (1)
ENCONTRADOS tareas: [AutoKMS] [C:\Windows\Tasks\AutoKMS.job]  =>HackTool.AutoKMS

---\  Explorador ( Archivos, Carpetas ) (12)
ENCONTRADOS carpeta: C:\Users\HOMEPC\Desktop\µTorrent.lnk  [Bad : C:\Users\HOMEPC\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\HOMEPC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\HOMEPC\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
ENCONTRADOS archivo: C:\Users\HOMEPC\AppData\Roaming\Imminent  =>PUP.Optional.IMBooster
ENCONTRADOS carpeta: C:\Users\HOMEPC\AppData\Roaming\uTorrent\uTorrent.exe [BitTorrent Inc. - µTorrent]  =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\HOMEPC\Desktop\µTorrent.lnk    =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\HOMEPC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk    =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Windows\Tasks\AutoKMS.job    =>HackTool.AutoKMS
ENCONTRADOS carpeta: C:\Windows\Prefetch\AUTOKMS.EXE-601AC3B6.pf    =>HackTool.AutoKMS
ENCONTRADOS archivo: C:\Program Files (x86)\PC Camera\PC Camera  =>.SUP.Empty
ENCONTRADOS archivo: C:\Program Files (x86)\PC Camera  =>.SUP.Empty
ENCONTRADOS archivo: C:\Users\HOMEPC\AppData\Roaming\Imminent\Logs  =>PUP.Optional.IMBooster
ENCONTRADOS archivo: C:\Users\HOMEPC\AppData\Roaming\Imminent\Monitoring  =>PUP.Optional.IMBooster

---\  Registro ( Claves, Valores, Datos) (4)
ENCONTRADOS clave: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
ENCONTRADOS clave: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask
ENCONTRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11B91CD8-D2EC-4BAC-AAC5-B32E7E2A8F9C}\\DhcpNameServer [Bad : 190.157.8.108 190.157.8.46 100.70.133.50]  =>Hijacker.Browser
ENCONTRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 190.157.8.108 190.157.8.46 100.70.133.50]  =>Hijacker.Browser

---\  Resumen de elementos en su estación de trabajo (6)
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/09/08/adware-imbooster/  =>PUP.Optional.IMBooster
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
https://nicolascoolman.eu/2017/02/28/toolbar-ask/  =>Toolbar.Ask
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser

---\ Resultado de la reparación.
~ ninguna reparación hecha
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK

---\ STATISTIQUES
~ Items escaneado : 82659
~ Items encontrado : 30
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0
~ End of search in 00h07mn51s

---\  Reporte (0)
ZHPCleaner-[S]-20112019-00_00_34.txt

~ ZHPCleaner v2019.11.14.158 by Nicolas Coolman (2019/11/14)
~ Run by HOMEPC (Administrator)  (20/11/2019 00:10:32)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\HOMEPC\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\HOMEPC\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados. (ADS)

---\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados. (Servicio)

---\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados. (Navegador)

---\  Hosts carpeta (1)
~ El archivo hosts es legítimo (30)

---\  Tareas automáticas programadas. (1)
BORRADOS tareas: [AutoKMS] [C:\Windows\Tasks\AutoKMS.job (Not File) ]  =>HackTool.AutoKMS

---\  Explorador ( Archivos, Carpetas ) (6)
MOVIDO carpeta: C:\Users\HOMEPC\Desktop\µTorrent.lnk  [Bad : C:\Users\HOMEPC\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVIDO carpeta: C:\Users\HOMEPC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\HOMEPC\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVIDO carpeta: C:\Windows\Tasks\AutoKMS.job    =>HackTool.AutoKMS
MOVIDO carpeta: C:\Windows\Prefetch\AUTOKMS.EXE-601AC3B6.pf    =>HackTool.AutoKMS
MOVIDO archivo: C:\Users\HOMEPC\AppData\Roaming\Imminent  =>PUP.Optional.IMBooster
MOVIDO archivo: C:\Program Files (x86)\PC Camera  =>.SUP.Empty

---\  Registro ( Claves, Valores, Datos) (4)
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11B91CD8-D2EC-4BAC-AAC5-B32E7E2A8F9C}\\DhcpNameServer [Bad : 190.157.8.108 190.157.8.46 100.70.133.50]  =>Hijacker.Browser
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 190.157.8.108 190.157.8.46 100.70.133.50]  =>Hijacker.Browser
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
BORRADOS clave*: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask

---\  Resumen de elementos en su estación de trabajo (6)
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/09/08/adware-imbooster/  =>PUP.Optional.IMBooster
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser
https://nicolascoolman.eu/2017/02/28/toolbar-ask/  =>Toolbar.Ask

---\ Limpieza adicional. (2)
~ Clave de registro Tracing borrados (2)
~ Quitar los antiguos informes de ZHPCleaner. (0)

---\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK

---\ STATISTIQUES
~ Items escaneado : 2584
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0
~ End of clean in 00h00mn31s

---\  Reporte (2)
ZHPCleaner-[S]-20112019-00_00_34.txt
ZHPCleaner-[R]-20112019-00_11_03.txt

NOTA DE REPORTE:

IMbooster, Publicidad software (Adware).

5 / 5 ( 2 Votos )
IMbooster, Publicidad software (Adware).


Programa de IMbooster (Iminent) puede mostrar los anuncios en forma de cupones y publicidad de la bandera en forma de pop-ups. 
Estos anuncios generalmente son firmó con las palabras "Powered by"., "Traído a usted por" o incluso "Anuncios de"., seguido del nombre de lo adware. Puede cambiar algunos ajustes de su navegador(Secuestrador) como las páginas de inicio y búsqueda. Instala un barra adicional de navegador. Algunos antivirus, como 

Malwarebytes, clasificar este software en la categoría del Optionnels software potencialmente no deseado (CACHORRO/LPI)


 Publicidad software (Adware)
Este programa está clasificado en la categoría de adware (Adware), Inglés "ANUNCIOS" diminutivo de advertencia (Cartel de promoción). Adware suele establecerse como un programa o como una extensión del navegador y se cargan cada vez que se inicia el sistema. Pueden iniciar servicios, Iniciar tareas programadas y 

crear accesos directos en tu escritorio. Todas estas operaciones se llevan a cabo con o sin su consentimiento en los términos de su contrato de uso. Una vez instalado, adware puede cambiar algunos ajustes en su navegador, como por ejemplo las páginas de la investigación, la página de inicio o incluso tu página de 

error "404". Adware puede recoger sus hábitos de navegación y comunicarse con un servidor por el método de seguimiento porque es más a menudo una solución de marketing para retener clientes.

Durante la navegación generalmente muestra anuncios en forma de cupones y banners en forma de pop-ups. Estos anuncios generalmente son firmó con las palabras "Funciona con", "Traído a usted por" o incluso "Anuncios de", seguido del nombre de lo adware. Pero algunos adware son exageradas en el tamaño y la 

frecuencia de los anuncios de display, que puede afectar la velocidad de navegación por internet y la visibilidad de los contenidos de las páginas visitadas. Tenga en cuenta también que el editor de publicidad puede declina cualquier responsabilidad sobre el contenido de los enlaces destinados sus anuncios. En el 

extremo, el objetivo de estos programas es ganar dinero generando tráfico Web patrocinado por sitios. Algunos adware se instala a través de la el software incluido y no son necesariamente deseado por el usuario y antivirus generalmente los clasifican en software potencialmente no deseado (LPI/PUP).


 Secuestrador
Un secuestrador o secuestradores de Exploradore, es una aplicación que cambia algunas configuraciones de su navegador de internet sin su consentimiento. Estas son generalmente las páginas, páginas de búsqueda y la configuración de proveedor de servicio de Internet. Esto es principalmente para hacer una redirección 

del tráfico de las páginas de inicio y búsqueda a un servidor dedicado que recopila información sobre sus hábitos de navegación. El objetivo de esta aplicación es hacer dinero generando tráfico Web a su propio motor de búsqueda.


 Software potencialmente no deseado (LPI)
Software potencialmente no deseado (LPI) o programas potencialmente no deseados (PUP) son la causa de muchas infecciones. El ejemplo más frecuente es adware InstallCore, CrossRider, Graftor o Boxore contaminar sus unidades de almacenamiento de datos y la Base de registros. Se establecieron generalmente sin su 

conocimiento mediante descarga gratuita. De hecho algunos sitios utilizan el método repaquetage, una operación que es repetir la instalación del módulo de software mediante la adición de opciones de descarga. Estas opciones le permiten añadir otros programas en cuanto a barras de herramientas de navegador de 

ejemplo, el adware, software potencialmente no deseado, software de anuncios intrusivos, e incluso Exploradore. 


 Software espía (software espía) y adware (Adware) no deseados, como malware, puede utilizar las vulnerabilidades de los sistemas operativos o software legítimo de la escritura. Por lo tanto, es imprescindible contar con software oficial y que tienen una actualización automática. El sistema operativo Windows debe 

programarse en modo actualización automática activa, para tener las últimas actualizaciones de vulnerabilidades de seguridad críticas.

TÉCNICAS DE LOS ELEMENTOS
 Funciones
– Se estableció como un proceso puesto en marcha al inicio del sistema (RP),
– Modifica la página de inicio del navegador de Microsoft Edge (E0),
– Sustituye a la página de inicio del navegador Google Chrome (G0),
– Reemplaza el navegador Mozilla Firefox la página de inicio (M0),
– Modifica la página de inicio de Internet Explorer (R0),
– Sustituye a la página de búsqueda del navegador Mozilla Firefox (M1),
– Instala una extensión del programa para navegador Google Chrome (G2),
– Instala una extensión para el programa de navegador de Mozilla Firefox (M2),
– Instala un plugin para el navegador Mozilla Firefox (P2),
– Instala un plugin para el navegador Mozilla Firefox (M3),
– Cambia la configuración de Microsoft Internet Explorer navegador de Hook (R3),
– Instala como un objeto Browser Helper (BHO) navegador de Internet (O2),
– Instala como una barra de herramientas (Barra de herramientas) navegador de Internet (O3),
– Se instaló en la Base de registros para ser lanzado cada vez que se inicia el sistema (O4),
– Inicia un administrador de sesiones (Ø36),
– Comienza una tarea automática programada (Ø38),
– Se instala como un programa (O42)
– Crea varias claves del registro de «Software».,
– Añadir carpetas adicionales (O43),
– Registro en la carpeta de Windows prefetcher (O45)
– Crea una clave del registro ShareTools MSconfig StartupReg (O53),
– De Il presente le for Internet recherche (O69),
– Se instala en la carpeta temporal del usuario (O84),
– Crea una conexión entrante en la aplicación a las excepciones de Firewall de Windows (O87),
– Crea varias claves y valores del registro (O88 ),
– Crea varios archivos y carpetas (O88 ),
– Crea las claves de registro de instalación (Ø90),

Escuchar en los informes

Datos de
Identificado desde el 17/04/2011
[MD5.97816FE0CB19B1F2BCC12B16C02C410E] – (.Iminent – IMbouster.) — C:\Programa FilesIminentIMbousterIMbouster.exe [1323000]
[MD5. F48123180618013816ED9375266AEFA6] – (.Iminent – Notificar iminent.) — C:\Programa FilesIminentSearchTheWebIminent.Notifier.exe [536056]
G2 – EXT: C:\UsersCoolmanAppDataLocalGoogleChromeUser DataDefaultExtensionsnociobghckdhokecfeajdpimjeapnopn [Iminent emoticonos]
G2 – CME: Preferencia de [Usuario DataDefault] [olghjjajidfdflkafeekiojnfmiolccp] Iminent emoticonos
R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Página de inicio = http://www.globasearch.com/
R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Página de inicio = http://www.globasearch.com/
R0 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Página de inicio = http://www.globasearch.com/
M1 – RPD:Redirección de la página de búsqueda – C:\Programa FireFoxextensions programa [email protected]
M0 – MFSP: Prefs.js [Coolman – ujdn04ph.default] http://Search.iminent.com
M2 – MFEP: Prefs.js [Cb335wn, – ujdn04ph.default\{C9B68337-E93A-44EA-94DC-CB300EC06444}] [] IMinent Toolbar v4.45.0 (.IMinent.)
M3 – MFPP: Plugins – [HP_Administrateur] — C:\Documents and Settings\Coolman\Application Data\Mozilla\Firefox\Profiles\7nk8jrkg.default\searchplugins\search_the_web.xml
R3 – Hook: Iminent.BHO.NavigationError – {84FF7BD6-B47F-46F8-9130-01B2696B36CB} . (.Iminent – IminentNavigationBHO.) (3.27.3) — C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
O2 – BHO: TBSB01620 – {58124A0B-DC32-4180-9BFF-E0E21AE34026} . (.. – Motor de la barra de herramientas de IE.) — C:\Program Files\IMinent Toolbar\tbcore3.dll
O2 – BHO: CHelperBHO – {84FF7BD6-B47F-46F8-9130-01B2696B36CB} . (.Iminent – IminentNavigationBHO.) — C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
O2 – BHO: IMinent Webbouster – {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} . (.Iminent – Iminent Webbouster.) — C:\Program Files\Iminent\IMbouster4Web\Iminent.Webbouster.dll
O3 – Barra de herramientas: IMinent Toolbar – {977AE9CC-AF83-45E8-9E03-E2798216E2D5} . (.. – Motor de la barra de herramientas de IE.) — C:\Program Files\IMinent Toolbar\tbcore3.dll
O4 – HKLM... Run: [IMbouster] . (.Iminent – IMbouster.) — C:\Programa FilesIminentIMbousterIMbouster.exe
O4 – HKLM... Run: [Iminent.Notifier] . (.Iminent – Notificar iminent.) — C:\Programa FilesIminentSearchTheWebIminent.Notifier.exe
O4 – HKCU... RunOnce: [.IMinentUpdate] C:\DOCUME~1\…\LOCALS~1\Temp\NotifierSetup.exe (.no el archivo.)
O4 – HKUS\S-1-5-21-299502267-73586283-682003330-1004\..\RunOnce: [.IMinentUpdate] C:\DOCUME~1\Coolman\LOCALS~1\Temp\NotifierSetup.exe
O4 – HKLM... Wow6432NodeRun: [IMbouster] C:\Archivos de programa (x 86)\Iminent\IMbouster\IMbouster.exe
Ø36 – AppCertDlls: (x 86) . (…) — C:\Archivos de programa (x 86)\Search Results Toolbar\Datamngr\apcrtldr.dll
Ø36 – AppCertDlls: (x 64) . (…) — C:\Archivos de programa (x 86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll
[MD5.FAFCA7F5C8A6CC270C2C29FFE438AE78] [APT] [Default2Check] (…) — c:\Users\Coolman\dtdata\R003.exe [190552]
O39 – APT: Default2Check – (…) — C:\Windows\System32\Tasks\Default2Check [3682]
O42 – Software: IMinent Toolbar – (.IMinent.) [HKLM] — {A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
O42 – Software: iminent-en Toolbar – (…) [HKLM] — iminent-en Toolbar
O42 – Software: Iminent – (.Iminent.) [HKLM] — IMbousterARP
O42 – Software: Iminent – (.Iminent.) [HKLM] — {AC06B562-763A-4839-8422-F9C00BEF63E3}
[HKCU\Software\AppDataLow\Software\iminent-en]
[HKLM\Software\iminent-en]
[HKLM\Software\Wow6432Node\Iminent]
O43 – CFD: 23/09/2010 – 09:15:02 —-D- C:\Program Files\IMinent Toolbar
O43 – CFD: 03/06/2011 – 16:06:18 – [1405952] —-D- C:\ProgramData\{EA9CE86F-8625-4C5D-A7DE-52142EF5AB8A}
O43 – CFD: 20/01/2010 – 21:33:44 – [28,204] –H-D- C:\ProgramData\{329B9835-5B70-44DD-AACF-3C5CBE39ABB1}
O43 – CFD: 09/02/2010 – 23:40:18 – [4,081] –H-D- C:\ProgramData\{C8831C54-20C5-4438-9725-9E4A8BFFA66C}
O53 – SMSR:HKLM…\startupreg\Iminent [Clave] . (…) — C:\Program Files\Iminent\Iminent.exe
O53 – SMSR:HKLM…\startupreg\IminentMessenger [Clave] . (…) — C:\Program Files\Iminent\Iminent.Messengers.exe
O69 – OSE: SearchScopes [HKCU] {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} – (SearchTheWeb) – http://search.iminent.com/?appId=&ref=toolbox&q ={searchTerms}
O69 – OSE: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – (Cassiopesa) – http://www.globasearch.com/
O69 – OSE: SearchScopes [HKCU] {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} – (Search The Web) – http://www.globasearch.com/
[MD5.E85727B30D9243BF49C882C5E85ACAA1] [SPRF] (.Iminent – Iminent Utils.) — C:\Users\Coolman\AppData\Local\Temp\Iminent.Utils.dll [25088]
O87 – FAEL: « {226551E7-B264-4CBD-8C4C-5E08D1A586B0} » | En – Privado – P6 – VERDADERA | .(.APN LLC – DtUser.) — C:\Archivos de programa (x 86)\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe
O87 – FAEL: « {94814EA2-90AE-4FF9-8B88-4B4EC726E014} » | En – Privado – P17 – VERDADERA | .(.APN LLC – DtUser.) — C:\Archivos de programa (x 86)\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Iminent]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP]
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iminent-en Toolbar]
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{AC06B562-763A-4839-8422-F9C00BEF63E3}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMbousterARP]
[HKU\S-1-5-21-1993962763-2052111302-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}]
[HKCU\Software\AppDataLow\Software\iminent-en]
[HKLM\Software\iminent-en]
[HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[HKLMSoftwareClassesCLSID{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
C:\Program Files\Iminent
C:\Program Files\IMinent Toolbar
C:\Program Files\Iminent\Iminent.Messengers.exe
C:\Archivos de programa (x 86)\Search Results Toolbar
Ø90 – PUC: « 482AA67AD25E6E74E9F48BD5FBE8533C » . (.IMinent Toolbar.) — C:\Documents and Settings\Coolman\My Documents\My Received Files\icon.ico
Ø90 – PUC: « E14B11EF79C383347ACB3E40327F50B8 » . (.Iminent.) — C:\WindowsInstaller{FE11B41E-3C97-4338-A7BC-E30423F7058B}\imbouster.ico

[colapso]
Alias
Malwarebytes PUP.Optional.Iminent.A.
PUP.Optional.IMbooster

Editores asociados
Datos de
iminent.com
Iminent
Iminent Technology
www.globasearch.com

[colapso]
Algunos productos
ImBooster
IMbouster
IMinent
Iminent emoticonos
IMinent Toolbar
iminent-en Toolbar
SearchTheWeb

Encriptación MD5
Datos de
FAFCA7F5C8A6CC270C2C29FFE438AE78
E85727B30D9243BF49C882C5E85ACAA1

[colapso]
Numéo de série
Datos de
00B6815DF3B6D64839E008D65B53EF0170
64CA9F4A3D9A5E89553273D5E484CBE9
2B0709ADBE1F3C
11214EA925C07E01E1C06B597DD4B36FAA8B
1121CF423BE77B3AE7537B1BCE9F96A3C3E5

Me tocó hacer una segunda parte porque el informe es demasiado largo !!

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 20/11/19
Hora del análisis: 0:28
Archivo de registro: a030d46c-0b56-11ea-a3db-e07996c86974.json

-Información del software-
Versión: 4.0.4.49
Versión de los componentes: 1.0.750
Versión del paquete de actualización: 1.0.15168
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: MODULE\HOMEPC

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 272665
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 6 min, 2 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2019
Ran by HOMEPC (administrator) on MODULE (INTEL_ DH67BL__) (20-11-2019 00:39:45)
Running from C:\Users\HOMEPC\Downloads
Loaded Profiles: HOMEPC (Available Profiles: HOMEPC & OFICINA)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Windows\Samsung\PanelMgr\caller64.exe
() [File not signed] C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> ) [File not signed] C:\Users\HOMEPC\AppData\Roaming\foxsmizdnjqg\wxsegsqxxbmo.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\HOMEPC\Downloads\adwcleaner_7.4.2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Nicolas Coolman -> Nicolas Coolman) [File not signed] C:\Users\HOMEPC\AppData\Roaming\ZHP\ZHPCleaner.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(SafeNet Canada, Inc. -> SafeNet, Inc.) C:\Windows\System32\hasplms.exe
(SafeNet Canada, Inc. -> SafeNet, Inc.) C:\Windows\System32\hasplmv.exe
(Samsung Electronics Co., Ltd.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(WDC) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Western Digital Technologies, Inc.) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Incorporation)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1702400 2009-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [626688 2010-12-01] () [File not signed]
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [4810224 2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5933552 2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\...\MountPoints2: {9932e0ef-7f02-11e7-bff7-e06995c86974} - J:\unlock.exe autoplay=true
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11192019234904570\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11192019234904570\...\MountPoints2: {9932e0ef-7f02-11e7-bff7-e06995c86974} - J:\unlock.exe autoplay=true
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11192019234904570\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2019-10-05]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.) [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A620582-0826-4429-BEFC-A5E23362F9D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-06-04] (Google Inc -> Google Inc.)
Task: {0FE7741B-3D6B-4CA7-9117-5A1B5504A0B9} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3487624 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {10FDE71F-AEBF-41B9-9157-BB5EF00592A1} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950664 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1118F867-EEB5-4955-863A-C856A2D623F8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [995208 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1B1CEDCD-DBD9-4BBC-9CD2-F6D7F15A499A} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950664 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1B597BF4-1FCB-46E7-AF35-BCB3BC1A5B5A} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {27C003BD-B521-4621-8DE7-23D86382C99B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773512 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {32222A69-546D-433C-A1E5-7D5D3C4642E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {5896E73F-2FB5-4EFC-9B5A-D990CBAC69AE} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950664 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5A042955-A611-43C2-B005-1EC49FB47925} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-06-04] (Google Inc -> Google Inc.)
Task: {60647C02-7626-4C44-BC4A-F9AD6685B932} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [696200 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {73C65A43-1596-4373-8A3D-1D9C260E3D07} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {818B6FF4-7C89-442C-8A4F-84647A5D59C0} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773512 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9496EBDB-ADFD-48F5-B41E-8811DEE63346} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950664 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AB42B71A-0A95-463D-9324-68696EF7CFA3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855944 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C43891B3-2749-436B-AEAB-1190403498D6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {D1D680FD-9879-4D0B-87F5-C64004DE271B} - System32\Tasks\6F78616F64677274716A7A73 => C:\Users\HOMEPC\AppData\Roaming\foxsmizdnjqg\wxsegsqxxbmo.exe [919681528 2019-11-19] (Adobe Systems, Incorporated -> ) [File not signed]
Task: {E81EED5F-D43C-42EB-BC5A-A73807777141} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E88BBDF9-FA94-4552-94E3-D2380946EB90} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855944 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E94980B8-9057-4B6F-ACAD-AF027973B2EA} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {F832B810-3CF1-4CEA-A98B-A3880CB20EE9} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-09-25] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 190.157.8.108 190.157.8.46 100.70.133.50
Tcpip\..\Interfaces\{11B91CD8-D2EC-4BAC-AAC5-B32E7E2A8F9C}: [DhcpNameServer] 190.157.8.108 190.157.8.46 100.70.133.50

Internet Explorer:
==================
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/ncr
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11192019234904570\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ncr
URLSearchHook: [S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11202019003754891] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11202019003756978] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-2535146315-3776577491-2254638198-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://co.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__171211__yaie&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]

FireFox:
========
FF DefaultProfile: afwwtnm8.default
FF ProfilePath: C:\Users\HOMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\oue5zdrp.default-release-1567798430190 [2019-11-19]
FF Homepage: Mozilla\Firefox\Profiles\oue5zdrp.default-release-1567798430190 -> www.google.com/ncr
FF ProfilePath: C:\Users\HOMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\afwwtnm8.default [2019-11-19]
FF Homepage: Mozilla\Firefox\Profiles\afwwtnm8.default -> hxxps://www.google.com/ncr
FF NewTab: Mozilla\Firefox\Profiles\afwwtnm8.default -> hxxps://co.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171211__yaff
FF Extension: (AdBlock) - C:\Users\HOMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\afwwtnm8.default\Extensions\[email protected] [2019-08-28]
FF Extension: (ImTranslator: Traductor, Diccionario, Voz) - C:\Users\HOMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\afwwtnm8.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2019-08-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-09-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-09-25] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-25] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default [2019-11-19]
CHR Extension: (Presentaciones) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-04]
CHR Extension: (Documentos) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-04]
CHR Extension: (Google Drive) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-04]
CHR Extension: (YouTube) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-04]
CHR Extension: (Hojas de cálculo) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-04]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-28]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-15]
CHR Extension: (Gmail) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-30]
CHR Extension: (Chrome Media Router) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 hasplms; C:\Windows\system32\hasplms.exe [4295208 2017-07-07] (SafeNet Canada, Inc. -> SafeNet, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-19] (Malwarebytes Inc -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773512 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773512 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [216576 2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] (Western Digital Technologies, Inc. -> )
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] (Western Digital Technologies, Inc. -> )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 cvintdrv; C:\Windows\SysWow64\Drivers\cvintdrv.sys [4096 2006-04-10] () [File not signed]
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-02-10] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2019-11-19] (Malwarebytes Corporation -> Malwarebytes)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [110912 2016-02-16] (Future Technology Devices International Ltd -> FTDI Ltd.)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [95168 2016-02-16] (Future Technology Devices International Ltd -> FTDI Ltd.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [1296160 2017-07-07] (SafeNet, Inc. -> SafeNet, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [216544 2019-11-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-11-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-11-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [278344 2019-11-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [106344 2019-11-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69544 2018-06-07] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Inc.)
S3 PAC207; C:\Windows\SysWOW64\DRIVERS\PFC027.SYS [162176 2005-02-24] () [File not signed]
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Inc.)
R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

Y una tercera parte:

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-20 00:39 - 2019-11-20 00:46 - 000029199 _____ C:\Users\HOMEPC\Downloads\FRST.txt
2019-11-20 00:26 - 2019-11-20 00:26 - 000000000 ____D C:\Users\HOMEPC\AppData\Roaming\Imminent
2019-11-20 00:11 - 2019-11-20 00:26 - 000002446 _____ C:\Users\HOMEPC\Desktop\ZHPCleaner (R).txt
2019-11-20 00:00 - 2019-11-20 00:21 - 000002383 _____ C:\Users\HOMEPC\Desktop\ZHPCleaner (S).txt
2019-11-19 23:50 - 2019-11-19 23:50 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-11-19 23:49 - 2019-11-20 00:08 - 000005945 _____ C:\Users\HOMEPC\Desktop\CREACION REPORTE A FOROSPYWARE.txt
2019-11-19 23:49 - 2019-11-19 23:49 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-11-19 23:49 - 2019-11-19 23:49 - 000106344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-11-19 23:48 - 2019-11-19 23:48 - 000278344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-11-19 23:38 - 2019-11-20 00:45 - 000000000 ____D C:\FRST
2019-11-19 23:38 - 2019-11-19 23:38 - 002260480 _____ (Farbar) C:\Users\HOMEPC\Downloads\FRST64.exe
2019-11-19 23:37 - 2019-11-19 23:37 - 000216544 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-11-19 23:37 - 2019-11-19 23:37 - 000000000 ____D C:\Users\HOMEPC\AppData\Local\cache
2019-11-19 23:19 - 2019-11-20 00:26 - 000000000 ____D C:\Users\HOMEPC\AppData\Roaming\ZHP
2019-11-19 23:19 - 2019-11-19 23:19 - 000000794 _____ C:\Users\HOMEPC\Desktop\ZHPCleaner.lnk
2019-11-19 23:19 - 2019-11-19 23:19 - 000000000 ____D C:\Users\HOMEPC\AppData\Local\ZHP
2019-11-19 23:18 - 2019-11-19 23:18 - 003332992 _____ (Nicolas Coolman) C:\Users\HOMEPC\Downloads\ZHPCleaner.exe
2019-11-19 23:18 - 2019-11-19 23:18 - 001883976 _____ (Malwarebytes) C:\Users\HOMEPC\Downloads\MBSetup.exe
2019-11-19 23:03 - 2019-11-19 23:04 - 000002842 _____ C:\Users\HOMEPC\Desktop\Rkill.txt
2019-11-19 23:03 - 2019-11-19 23:03 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\HOMEPC\Downloads\rkill.exe
2019-11-19 22:58 - 2019-11-19 22:58 - 000002019 _____ C:\Users\HOMEPC\Desktop\REPORTE MALWARE 19112019.txt
2019-11-19 21:56 - 2019-11-19 21:56 - 000001808 _____ C:\Users\HOMEPC\Documents\AdwCleaner[C00].txt
2019-11-19 21:42 - 2019-11-19 21:42 - 000000064 _____ C:\Users\HOMEPC\Documents\infospyware account.txt
2019-11-19 21:38 - 2019-11-19 21:38 - 007622344 _____ (Malwarebytes) C:\Users\HOMEPC\Downloads\adwcleaner_7.4.2.exe
2019-11-19 18:22 - 2019-11-19 18:22 - 000075639 _____ C:\Users\HOMEPC\Desktop\Opciones_Robocopy.pdf
2019-11-19 17:47 - 2019-11-19 23:10 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-11-19 17:47 - 2019-11-19 23:10 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2019-11-19 17:47 - 2019-11-19 17:47 - 000003446 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2019-11-19 17:41 - 2019-11-19 17:41 - 000002532 _____ C:\Users\HOMEPC\Documents\install original instructions.txt
2019-11-19 17:36 - 2019-11-19 17:36 - 000001055 _____ C:\Users\HOMEPC\Documents\hosts.txt
2019-11-19 17:22 - 2019-11-19 18:33 - 000000410 _____ C:\Users\HOMEPC\Documents\Acrobatt Installed Codes.txt
2019-11-19 17:20 - 2019-11-19 17:20 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2019-11-19 17:12 - 2019-11-19 18:52 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2019-11-19 17:12 - 2019-11-19 17:12 - 000000040 ____H C:\76A9D7A3D9B0
2019-11-19 17:12 - 2018-09-19 23:32 - 000195888 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_2.dll
2019-11-19 17:10 - 2019-11-19 18:55 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2019-11-19 17:10 - 2019-11-19 18:55 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2019-11-19 17:10 - 2019-11-19 17:10 - 000002014 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2019-11-19 17:10 - 2019-11-19 17:10 - 000002014 _____ C:\ProgramData\Desktop\Adobe Acrobat DC.lnk
2019-11-19 17:06 - 2019-11-19 20:44 - 000154969 _____ C:\Users\HOMEPC\Documents\Profile ALEJANDRO CASTELL linkedin.pdf
2019-11-19 16:57 - 2019-11-19 16:58 - 000000000 ____D C:\Users\HOMEPC\Desktop\Adobe Acrobat
2019-11-19 16:56 - 2019-11-19 16:56 - 000003518 _____ C:\Windows\system32\Tasks\6F78616F64677274716A7A73
2019-11-19 16:56 - 2019-11-19 16:56 - 000000000 ___HD C:\Users\HOMEPC\AppData\Roaming\foxsmizdnjqg
2019-11-19 16:41 - 2015-07-02 22:00 - 000005104 _____ C:\Users\HOMEPC\Desktop\x-force.nfo
2019-11-19 16:31 - 2016-12-12 22:22 - 000061286 _____ C:\Users\HOMEPC\Desktop\painter.nfo
2019-11-19 15:53 - 2019-11-19 16:00 - 000000000 ____D C:\Users\HOMEPC\Downloads\uTorrent
2019-11-19 15:53 - 2019-11-19 15:53 - 000000000 ____D C:\Users\HOMEPC\AppData\LocalLow\uTorrent
2019-11-18 17:07 - 2019-11-18 17:07 - 000000000 ____D C:\Users\HOMEPC\AppData\Roaming\Google
2019-11-18 16:23 - 2019-11-18 16:24 - 000266581 _____ C:\Users\HOMEPC\Downloads\123541415.jpeg
2019-11-18 16:20 - 2019-11-18 16:20 - 000328550 _____ C:\Users\HOMEPC\Downloads\2834865827.jpeg
2019-11-18 08:40 - 2019-11-18 08:40 - 000411448 _____ C:\Users\HOMEPC\Downloads\ControlAsistencia.pdf
2019-11-17 01:48 - 2019-11-18 22:05 - 000001750 _____ C:\Users\HOMEPC\Documents\LISTAS DE REPROD YOUTUBE 2.txt
2019-11-16 18:37 - 2019-11-16 18:37 - 000212822 _____ C:\Users\HOMEPC\Downloads\hvad_er_asatro.pdf
2019-11-16 18:10 - 2019-11-16 18:10 - 000113850 _____ C:\Users\HOMEPC\Downloads\den_ideelle_civilisation.pdf
2019-11-16 18:10 - 2019-11-16 18:10 - 000113850 _____ C:\Users\HOMEPC\Downloads\Vargsmål_1997_Varg_Vikernes.pdf
2019-11-16 18:10 - 2019-11-16 18:10 - 000113850 _____ C:\Users\HOMEPC\Downloads\El_informe_Abu_Bakr_Al_Baghdadi_Seal_Washington.pdf
2019-11-16 09:32 - 2019-11-19 02:35 - 000000000 ____D C:\Users\HOMEPC\Downloads\Instagram NOV
2019-11-16 00:16 - 2019-11-16 00:16 - 000000025 _____ C:\Users\HOMEPC\Documents\conif color skin.txt
2019-11-15 09:41 - 2019-11-15 09:41 - 000024429 _____ C:\Users\HOMEPC\Desktop\Laboratorio-1 calcio AGJH.pdf
2019-11-15 01:44 - 2019-11-16 00:11 - 000000000 ____D C:\Users\HOMEPC\AppData\Local\SecondLife
2019-11-15 01:44 - 2019-11-15 20:27 - 000000000 ____D C:\Users\HOMEPC\AppData\Roaming\SecondLife
2019-11-15 01:44 - 2019-11-15 01:44 - 000001856 _____ C:\Users\Public\Desktop\Second Life Viewer.lnk
2019-11-15 01:44 - 2019-11-15 01:44 - 000001856 _____ C:\ProgramData\Desktop\Second Life Viewer.lnk
2019-11-15 01:44 - 2019-11-15 01:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
2019-11-15 01:44 - 2019-11-15 01:44 - 000000000 ____D C:\Program Files\SecondLifeViewer
2019-11-15 01:41 - 2019-11-15 01:41 - 115595640 _____ C:\Users\HOMEPC\Downloads\Second_Life_6_3_4_532299_x86_64_Setup.exe
2019-11-14 15:36 - 2019-11-14 15:36 - 000119585 _____ C:\Users\HOMEPC\Documents\ohgo5glp45epzdrzjizibcbw20191114033611.pdf
2019-11-14 15:28 - 2019-11-14 15:28 - 000116187 _____ C:\Users\HOMEPC\Documents\ohgo5glp45epzdrzjizibcbw20191114032240.pdf
2019-11-14 15:20 - 2019-11-14 15:20 - 000000428 _____ C:\Users\HOMEPC\Downloads\49515768-d2ad-422e-8d56-677db1fc77c120191114031908.csv
2019-11-14 12:07 - 2019-11-14 12:07 - 000187231 _____ C:\Users\HOMEPC\Documents\PAGO CODENSA NOV 2019 comprobante_20191114T17_06_22.pdf
2019-11-14 12:00 - 2019-11-14 12:00 - 000020901 _____ C:\Users\HOMEPC\Documents\PAGO CUOTA ADMON NOV 2019 SANTA BARBARA TORRE 5 APTO 1907.pdf
2019-11-14 10:48 - 2019-11-18 22:04 - 000005438 _____ C:\Users\HOMEPC\Documents\PRUEBA WAIS INTELIGENCIA ONLINE.ods
2019-11-14 02:11 - 2019-11-14 02:11 - 000000419 _____ C:\Users\HOMEPC\Documents\LISTAS DE REPROD YOUTUBE.txt
2019-11-07 13:32 - 2019-11-07 13:32 - 000005514 _____ C:\Users\HOMEPC\Desktop\AUTORIZACION RETIRO EXAMENES LAB Y CITAS MEDICAS CLINICA SANTAFE.odt
2019-11-07 13:30 - 2019-11-07 13:30 - 000011066 _____ C:\Users\HOMEPC\Documents\NUEVO EGREGASTOS PROJECT 2019.ods
2019-11-06 23:44 - 2019-11-06 23:47 - 000000000 ____D C:\Users\HOMEPC\Downloads\Chad Hurley - YouTube_files
2019-11-06 23:44 - 2019-11-06 23:44 - 002637498 _____ C:\Users\HOMEPC\Downloads\Chad Hurley - YouTube.htm
2019-11-04 15:52 - 2019-11-04 15:52 - 000033094 _____ C:\Users\HOMEPC\Downloads\welcomeOption.jspx.htm
2019-11-04 15:52 - 2019-11-04 15:52 - 000000000 ____D C:\Users\HOMEPC\Downloads\welcomeOption.jspx_files
2019-11-04 11:31 - 2019-11-04 11:31 - 000003943 _____ C:\Users\HOMEPC\Documents\BEST AND WORST LIFE YEARS.ods
2019-11-03 16:30 - 2019-11-03 16:30 - 000259590 _____ C:\Users\HOMEPC\Downloads\3q-c-Nry08McVFeDU_PVKhEp6jriWF5yjRyL2YqXfswqeBBKNZicq3GgHe_ksV17PGKmI0uA=w2120-fcrop64=1,00000000ffffffff-k-c0xffffffff-no-nd-rj.htm
2019-11-02 09:44 - 2019-11-03 14:15 - 000005640 _____ C:\Users\HOMEPC\Desktop\AUTORIZACION RETIRO EXAMENES LAB Y CITAS MEDICAS POR TUTELA RESONANCIA MAGNETICA CEREBRAL.odt
2019-11-01 23:08 - 2019-11-03 14:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-31 18:12 - 2019-11-02 00:38 - 000001013 _____ C:\Users\HOMEPC\Desktop\AUTORIZACION.txt
2019-10-31 15:59 - 2019-10-31 15:59 - 000077351 _____ C:\Users\HOMEPC\Documents\DirectorioMedico Reina Sofía.pdf
2019-10-31 12:50 - 2019-10-31 12:50 - 000000370 _____ C:\Users\HOMEPC\Downloads\Mydata_HOMEPCCASTELLSARCHITECT(1).zip
2019-10-31 12:49 - 2019-10-31 12:50 - 000000370 _____ C:\Users\HOMEPC\Downloads\Mydata_HOMEPCCCASTELLSARCHITECT.zip
2019-10-30 18:08 - 2019-10-30 18:08 - 000390405 _____ C:\Users\HOMEPC\Downloads\Cédula de Ciudadanía 170311.pdf
2019-10-30 10:22 - 2019-10-30 10:22 - 000752213 _____ C:\Users\HOMEPC\Documents\PAGO SEG ALLIANZ 2019 Invoice_77910254041.pdf
2019-10-29 11:57 - 2019-10-29 11:57 - 000001830 _____ C:\Users\HOMEPC\Desktop\status for smartphones.txt
2019-10-28 23:43 - 2019-10-28 23:43 - 000000554 _____ C:\Users\HOMEPC\Downloads\vinculos fotos kerrang 436.txt
2019-10-28 20:09 - 2019-10-28 20:09 - 003916078 _____ C:\Users\HOMEPC\Downloads\ProgramaDeGobiernoClaudiaLopez.pdf
2019-10-27 22:21 - 2019-10-27 22:21 - 000004123 _____ C:\Users\HOMEPC\Documents\DATOS LOCALIDADES VOTO.ods
2019-10-26 19:35 - 2019-10-26 19:35 - 002380209 _____ C:\Users\HOMEPC\Documents\CONCEJO BOGOTA 2019 GUIACO160010002-T07_20191016200524.pdf
2019-10-26 19:31 - 2019-10-26 19:31 - 002380209 _____ C:\Users\HOMEPC\Downloads\GUIACO160010002-T07_20191016200524.pdf
2019-10-26 17:32 - 2019-10-26 17:32 - 000209594 _____ C:\Users\HOMEPC\Documents\pago bono comprobante bbta.pdf
2019-10-26 17:30 - 2019-10-26 17:30 - 000001398 _____ C:\Users\HOMEPC\Documents\SoporteDeCompra.pdf
2019-10-26 00:13 - 2019-10-26 00:13 - 000038130 _____ C:\Users\HOMEPC\Documents\OTROS DATOS UtILES.ods
2019-10-25 00:30 - 2019-10-25 00:30 - 000005602 _____ C:\Users\HOMEPC\Documents\acronimos utiles.ods
2019-10-23 18:46 - 2019-10-23 18:46 - 000000000 ____D C:\Users\HOMEPC\Downloads\Receipt   J6_files
2019-10-23 18:45 - 2019-10-23 18:46 - 000136206 _____ C:\Users\HOMEPC\Downloads\Receipt   J6.htm

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-19 23:59 - 2011-04-12 04:10 - 000747208 _____ C:\Windows\system32\perfh00A.dat
2019-11-19 23:59 - 2011-04-12 04:10 - 000158680 _____ C:\Windows\system32\perfc00A.dat
2019-11-19 23:59 - 2009-07-14 00:13 - 001676126 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-19 23:59 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-11-19 23:50 - 2017-08-03 01:46 - 000000000 ____D C:\ProgramData\NVIDIA
2019-11-19 23:47 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-19 23:45 - 2009-07-13 23:45 - 000020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-19 23:45 - 2009-07-13 23:45 - 000020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-19 23:38 - 2017-08-03 00:07 - 000000000 ____D C:\Users\HOMEPC\AppData\LocalLow\Mozilla
2019-11-19 23:37 - 2019-09-05 22:10 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-11-19 23:37 - 2019-09-05 22:10 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-11-19 23:37 - 2019-09-05 22:09 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-11-19 21:51 - 2018-03-08 09:25 - 000000000 ____D C:\AdwCleaner
2019-11-19 21:14 - 2017-12-11 00:39 - 000000000 ____D C:\Users\HOMEPC\AppData\Roaming\uTorrent
2019-11-19 21:09 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-11-19 20:44 - 2017-08-02 22:58 - 000000000 ____D C:\Users\HOMEPC\AppData\Roaming\Adobe
2019-11-19 18:56 - 2017-08-03 02:04 - 000000000 ____D C:\Users\HOMEPC\AppData\Local\Adobe
2019-11-19 18:33 - 2019-03-20 13:30 - 000111370 _____ C:\Users\HOMEPC\Desktop\PROTOCOLO REGISTRO OFICIAL HOMEPC BACKUP LAPTOP.xlsx
2019-11-19 17:46 - 2019-03-09 00:46 - 000558912 _____ C:\Windows\system32\FNTCACHE.DAT
2019-11-19 17:46 - 2019-03-08 19:57 - 000111032 _____ C:\Users\HOMEPC\AppData\Local\GDIPFONTCACHEV1.DAT
2019-11-19 17:20 - 2017-08-03 00:04 - 000000000 ____D C:\ProgramData\Adobe
2019-11-19 17:15 - 2017-09-15 23:39 - 000000000 ____D C:\Users\HOMEPC\AppData\LocalLow\Adobe
2019-11-19 17:06 - 2017-08-03 00:04 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-11-19 16:27 - 2017-08-02 22:25 - 000000000 ____D C:\Program Files\WinRAR
2019-11-18 17:50 - 2018-06-04 11:01 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-18 17:50 - 2018-06-04 11:01 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-18 17:50 - 2018-06-04 11:01 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-15 09:03 - 2019-10-14 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-11-11 00:18 - 2018-10-16 19:55 - 000000000 ____D C:\Users\HOMEPC\AppData\Local\CrashDumps
2019-11-09 17:43 - 2019-10-20 02:00 - 000011811 _____ C:\Users\HOMEPC\Desktop\pw y id ideas general list.txt
2019-11-06 19:30 - 2017-08-02 23:01 - 000011344 _____ C:\Users\HOMEPC\AppData\Roaming\SmarThruOptions.xml
2019-11-06 19:08 - 2019-10-13 14:13 - 000000000 ____D C:\Users\HOMEPC\Desktop\October Discoveries
2019-11-04 19:42 - 2018-06-04 11:01 - 000003536 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-04 19:42 - 2018-06-04 11:01 - 000003408 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-04 19:42 - 2018-06-04 11:01 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-03 14:20 - 2019-09-06 14:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-10-31 17:08 - 2018-11-04 13:01 - 000000000 ____D C:\Rybka
2019-10-30 23:14 - 2019-10-12 17:01 - 000001025 _____ C:\Users\HOMEPC\Desktop\lista mk oct 11.txt
2019-10-28 23:47 - 2018-05-04 11:12 - 000000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories ========

2017-08-02 23:01 - 2019-11-06 19:30 - 000011344 _____ () C:\Users\HOMEPC\AppData\Roaming\SmarThruOptions.xml
2019-11-19 17:10 - 2019-11-19 17:10 - 000000410 _____ () C:\Users\HOMEPC\AppData\Local\oobelibMkey.log
2008-02-05 13:28 - 2008-02-05 13:28 - 000000051 _____ () C:\Users\HOMEPC\AppData\Local\setup.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-11-19 10:44
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2019
Ran by HOMEPC (20-11-2019 00:46:33)
Running from C:\Users\HOMEPC\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2017-07-27 18:51:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2535146315-3776577491-2254638198-500 - Administrator - Disabled)
OFICINA (S-1-5-21-2535146315-3776577491-2254638198-1001 - Administrator - Enabled) => C:\Users\OFICINA
Invitado (S-1-5-21-2535146315-3776577491-2254638198-501 - Limited - Disabled)
ORACLEWORK (S-1-5-21-2535146315-3776577491-2254638198-1003 - Limited - Enabled)
HOMEPC (S-1-5-21-2535146315-3776577491-2254638198-1000 - Administrator - Enabled) => C:\Users\HOMEPC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actualización de NVIDIA 33.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 33.2.0.0 - NVIDIA Corporation) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe)
Adobe Master Collection 64 OEM NPAPI (HKLM-x32\...\Adobe Master Collection NPAPI) (Version: 19.0.0.253 - Adobe)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
BioExplorer (HKLM-x32\...\{EAA13E3E-31B9-4A1F-84D1-0D772F81FB3D}) (Version: 1.00.10413 - CyberEvolution, Inc)
BMrMMP Audio Add-Ons (HKLM-x32\...\{05EEDB6B-6201-4032-AE5C-08C461D1789D}) (Version: 1.00.0000 - BrainMaster Technologies, Inc.)
BMrMMP Video Add-Ons (HKLM-x32\...\{D843B090-07F7-458F-B5C6-46C24DB8321E}) (Version: 1.00.0000 - BrainMaster Technologies, Inc.)
BrainMaster 3.0 Series Software (HKLM-x32\...\{2E33CD70-546B-4291-AC70-37F91DE6A0FD}) (Version: 3.70.1000 - BrainMaster Technologies, Inc.)
BrainMaster BrainAvatar (HKLM-x32\...\{96FBC5D4-3DA5-491E-B2BF-FC64E4E70653}) (Version: 4.6.4.792 - BrainMaster Technologies, Inc.)
BrainMaster Demo Package Suite For the 2.5 & 3.0 Series Software (HKLM-x32\...\{F0E1DBEB-F7FE-4DD4-9AC7-7DE43FDAB923}) (Version: 1.00.0000 - BrainMaster Technologies, Inc.)
BrainMaster EEGPro Package Suite For the 2.5 & 3.0 Series Software (HKLM-x32\...\{DFC8F88E-A33A-4ED3-A74C-2DDAB495154C}) (Version: 1.00.0000 - BrainMaster Technologies, Inc.)
BrainMaster Peripheral Package Suite For the 2.5 & 3.0 Series Software (HKLM-x32\...\{8E33B183-D8FF-47B6-8DD2-C55DCA3F2F51}) (Version: 1.00.0000 - BrainMaster Technologies, Inc.)
BrainMaster Z-Score Package Suite For the 2.5 & 3.0 Series Software (HKLM-x32\...\{3333A8A4-594F-414C-927B-CEE82660A8E0}) (Version: 1.00.0000 - BrainMaster Technologies, Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
CoolSoft VirtualMIDISynth 1.15.0 (HKLM-x32\...\CoolSoft VirtualMIDISynth) (Version: 1.15.0.0 - CoolSoft)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DScaler 5 Mpeg Decoders (HKLM-x32\...\DScaler 5 Mpeg Decoders_is1) (Version:  - )
EDFbrowser (HKLM-x32\...\EDFbrowser) (Version: 1.67 - Teunis van Beelen)
FFmpeg (Windows) for Audacity versión 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel(R) Desktop Utilities (HKLM-x32\...\{F01CBA59-B5BD-4608-A834-1CBE8C292A71}) (Version: 1.0.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
K-Lite Mega Codec Pack 10.4.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Mantenimiento Samsung SCX-4623 Series (HKLM-x32\...\Samsung SCX-4623 Series) (Version:  - Samsung Electronics CO.,LTD)
Merge Version 2.5 (HKLM-x32\...\merge_is1) (Version:  - )
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 70.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 70.0.1 (x64 es-ES)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0 - Mozilla)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version:  - )
NI EULA Depot (HKLM-x32\...\{7732868A-6A12-45CA-AC21-F381F498B81B}) (Version: 2.10.130 - National Instruments) Hidden
NI LabWindows/CVI 8.0.1 Run-Time Engine (HKLM-x32\...\{889BF4A8-E783-46C4-8FB8-97A0B977C32A}) (Version: 8.0.1356 - National Instruments) Hidden
NI Math Kernel Libraries (HKLM-x32\...\{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}) (Version: 1.0.861.0 - National Instruments) Hidden
NI MDF Support (HKLM-x32\...\{C3623389-6333-41D2-BF85-9450306EFDEB}) (Version: 2.10.130 - National Instruments) Hidden
NI Uninstaller (HKLM-x32\...\{C7BBA061-1EFA-41D9-9C15-E4320284F693}) (Version: 2.10.130 - National Instruments) Hidden
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.11 - NVIDIA Corporation) Hidden
NVIDIA Controlador de 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.15.0.186 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.15.0.186 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Panel de control de NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
PC Camera (HKLM-x32\...\{088B7BF8-AC95-4348-B77B-619AEB3A74A5}) (Version: 0.1.3.73.1 - PC Camera) Hidden
PC Camera (HKLM-x32\...\InstallShield_{088B7BF8-AC95-4348-B77B-619AEB3A74A5}) (Version: 0.1.3.73.1 - PC Camera)
PerformanceTest v9.0 (HKLM\...\PerformanceTest 9_is1) (Version: 9.0.1031.0 - Passmark Software)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
RW-Everything v1.7 (HKLM\...\RW-Everything_is1) (Version:  - )
Samsung Network PC Fax (HKLM-x32\...\{80078570-6C67-486C-8CF0-B0D778FC69B5}) (Version: 1.4.29.0 - Samsung Electronics Co., Ltd.)
SecondLifeViewer (HKLM\...\SecondLifeViewer) (Version: 6.3.4.532299 - Linden Research, Inc.)
Skype versión 8.54 (HKLM-x32\...\Skype_is1) (Version: 8.54 - Skype Technologies S.A.)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
Telegram Desktop version 1.8.8 (HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.8 - Telegram FZ-LLC)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Word Password Recovery Master 4.1 (HKLM-x32\...\Word Password Recovery Master_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6718864 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4220304 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [!NetFax0] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [!NetFax1] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [!NetFax2] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [!NetFax3] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [!NetFax4] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [!NetFax5] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [!NetFax6] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [!NetFax7] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [midi1] => VirtualMIDISynth\VirtualMIDISynth.dll
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3554304 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [258560 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [wave3] => C:\Windows\system32\serwvdrv.dll [22528 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [127488 2014-03-24] () [File not signed]
HKLM\...\Drivers32-x32: [midi1] => VirtualMIDISynth\VirtualMIDISynth.dll
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3649536 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [839680 2008-09-24] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [wave3] => C:\Windows\SysWOW64\serwvdrv.dll [18432 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-03-24] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\HOMEPC\Desktop\Download Intel(R) Desktop Utilities.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.intel.com/go/idu/

==================== Loaded Modules (Whitelisted) =============

2019-02-18 13:55 - 2019-02-18 13:55 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\es_es\acrotray.esp
2017-08-02 23:25 - 2010-09-13 18:28 - 000058880 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-03-05 09:24 - 2010-03-05 09:24 - 000886272 _____ () [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2019-03-27 06:47 - 2019-03-27 06:47 - 000169984 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\fc20ffcedaa7ff2f475520f5e26ea5b5\IsdiInterop.ni.dll
2017-08-02 22:59 - 2008-11-11 07:23 - 000027648 _____ () [File not signed] C:\Windows\System32\sso2ml6.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000013824 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\es_es\Acrobat Elements\ContextMenuShim64.esp
2017-08-02 23:24 - 2010-10-05 07:43 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2015-09-28 14:17 - 2015-09-28 14:17 - 000516608 _____ (CoolSoft (hxxp://coolsoft.altervista.org)) [File not signed] C:\Windows\system32\VirtualMIDISynth\VirtualMIDISynth.dll
2019-03-27 06:47 - 2019-03-27 06:47 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4ded45704f10c739b65154d1a8db33d6\IAStorCommon.ni.dll
2017-08-02 23:24 - 2010-10-05 07:38 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2017-08-02 23:25 - 2010-09-13 18:29 - 000006656 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IAStorDataMgr.resources.dll
2017-08-02 23:25 - 2010-09-13 18:29 - 000032768 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IAStorIcon.resources.dll
2017-08-02 23:25 - 2010-09-13 18:29 - 000004608 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IntelVisualDesign.resources.dll
2017-08-02 23:25 - 2010-09-13 18:28 - 000165376 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll
2017-08-02 23:25 - 2010-09-13 18:28 - 001108480 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll
2017-08-02 23:25 - 2010-09-13 18:25 - 000275456 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll
2019-03-27 06:47 - 2019-03-27 06:47 - 000219136 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\ab0fd4ffae76faf75b1e9ffc18863beb\IAStorDataMgr.ni.dll
2019-03-27 06:47 - 2019-03-27 06:47 - 000474624 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1015e7abe9eea3484ce585e968404791\IAStorUtil.ni.dll
2008-07-29 02:51 - 2008-07-29 02:51 - 000245760 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\msvcm90.dll
2008-07-29 03:54 - 2008-07-29 03:54 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\msvcm90.dll
2018-03-26 12:58 - 2018-03-26 12:58 - 000112128 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2010-11-20 22:24 - 2009-07-14 03:41 - 000014848 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\slwga.dll
2019-03-27 07:12 - 2018-03-23 18:05 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2017-08-02 23:01 - 2010-05-27 02:46 - 000229888 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Windows\System32\NetFaxPort64.dll
2017-08-02 23:01 - 2010-05-27 02:47 - 000187904 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll
2017-08-02 23:01 - 2010-05-27 02:47 - 000199680 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Windows\system32\spool\drivers\x64\3\NetFaxUser64.dll
2017-08-02 22:59 - 2008-11-05 02:58 - 000074240 _____ (Samsung Electronics) [File not signed] C:\Windows\system32\ssdevm64.dll
2011-03-09 11:11 - 2011-03-09 11:11 - 000111104 _____ (Western Digital Corp.) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WdNetworkDiscovery.DLL
2011-03-09 11:15 - 2011-03-09 11:15 - 000105472 _____ (Western Digital) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Vista\Shadow.dll
2017-08-02 23:00 - 2008-11-11 07:23 - 000033792 _____ (Windows (R) Server 2003 DDK provider) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\sso2mpc.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2019-11-19 18:42 - 000001078 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 enable.adobe.com
127.0.0.1 lmlicenses.adobe.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\DMIX
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11192019234904570\Control Panel\Desktop\\Wallpaper -> C:\Users\OFICINA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 190.157.8.108 - 190.157.8.46
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A88E306D-4742-4FF8-ACC4-4AF23314DB40}] => (Allow) C:\Users\HOMEPC\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A4A98653-49BD-44EE-A0C8-5EFC107EE540}] => (Allow) C:\Users\HOMEPC\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{EEF18867-8F5D-4005-9CC5-4C15D129E71A}] => (Allow) C:\Windows\system32\hasplms.exe (SafeNet Canada, Inc. -> SafeNet, Inc.)
FirewallRules: [{EEC2893C-9AB2-44FA-B696-6873CFB0F507}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1598AA77-20D0-4A3C-8FAC-68C7AC6B09EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AC056107-9A4F-4D51-8C9D-44B8175BD726}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C42F04E0-1639-4209-B756-01367C2DD17D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{36186BD6-4901-44B6-9CE5-02402D721CF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F9528A1F-1C1A-4259-B787-A1B59DF23BDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D394272E-DAC5-4003-811C-94FCFEF3CB08}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{30F9B2C2-6FA3-465B-8A97-90A84DE74094}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{9860CA06-1F60-49AC-BEB0-3C5E0DA22D41}C:\program files\secondlifeviewer\slvoice.exe] => (Allow) C:\program files\secondlifeviewer\slvoice.exe () [File not signed]
FirewallRules: [UDP Query User{B64097C7-F089-44B3-A709-A1B394F51314}C:\program files\secondlifeviewer\slvoice.exe] => (Allow) C:\program files\secondlifeviewer\slvoice.exe () [File not signed]
FirewallRules: [{CB019705-47F6-454D-B463-462B0922C83B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F7315134-E634-4DE6-8EF3-0B0A8241B9C8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{49AA0135-C932-4B1F-B866-00C37AA5EE86}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

29-10-2019 16:35:25 Punto de control programado
06-11-2019 10:01:32 Punto de control programado
14-11-2019 16:44:11 Punto de control programado
19-11-2019 17:03:27 Installed Adobe Acrobat DC.

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/19/2019 11:55:09 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Error al inicializar la infraestructura de asociación de la API de generación de perfiles. Este proceso no permitirá que se asocie un generador de perfiles. HRESULT: 0x80004005.  Id. de proceso (decimal): 1184. Id. de mensaje: [0x2509].

Error: (11/19/2019 11:53:27 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Error al inicializar la infraestructura de asociación de la API de generación de perfiles. Este proceso no permitirá que se asocie un generador de perfiles. HRESULT: 0x80004005.  Id. de proceso (decimal): 2820. Id. de mensaje: [0x2509].

Error: (11/19/2019 11:48:45 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/19/2019 11:48:45 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.

Contexto: aplicación Windows

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/19/2019 11:48:45 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: No se puede inicializar el objeto Recopilador.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/19/2019 11:48:45 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.TripoliIndexer>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	No se ha encontrado el elemento.  (HRESULT : 0x80070490) (0x80070490)

Error: (11/19/2019 11:48:43 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.JetPropStore>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/19/2019 11:48:43 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: El servicio Windows Search no puede cargar la información del almacén de propiedades.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	La base de datos del índice de contenido está dañada.  (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (11/20/2019 12:18:29 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 80.

Error: (11/20/2019 12:18:29 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (11/20/2019 12:02:29 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 80.

Error: (11/20/2019 12:02:29 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (11/19/2019 11:54:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 80.

Error: (11/19/2019 11:54:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (11/19/2019 11:50:26 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 80.

Error: (11/19/2019 11:50:26 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.


Windows Defender:
===================================
Date: 2017-08-23 11:50:06.262
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{2FE6BC49-CF48-43AC-8076-8E2D66E58229}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:NT AUTHORITY\Servicio de red

==================== Memory info =========================== 

BIOS: Intel Corp. BLH6710H.86A.0160.2012.1204.1156 12/04/2012
Motherboard: Intel Corporation DH67BL
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 58%
Total physical RAM: 16338.8 MB
Available physical RAM: 6861.96 MB
Total Virtual: 16336.94 MB
Available Virtual: 11166.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:256.74 GB) (Free:181.06 GB) NTFS
Drive d: () (Fixed) (Total:1606.18 GB) (Free:1605.66 GB) NTFS
Drive f: () (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive g: () (Fixed) (Total:73.35 GB) (Free:66 GB) NTFS
Drive h: () (Fixed) (Total:24.32 GB) (Free:24.23 GB) NTFS
Drive i: () (Fixed) (Total:55.62 GB) (Free:6.55 GB) NTFS
Drive l: (My Passport) (Fixed) (Total:1931.48 GB) (Free:212.46 GB) NTFS

\\?\Volume{2f7009ef-72bb-11e7-a7eb-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 92ED979E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=256.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1606.2 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 153.4 GB) (Disk ID: 58FD58FD)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=153.3 GB) - (Type=42)

==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

No sé si se pueda ya cantar victoria.

Gracias…

Server 007

Hola @SERVER007

FRST no elimina el malware automáticamente, tu equipo aún está infectado.

Debo analizar su reporte y luego te dejare una respuesta.

Por el momento no instales nada ni ejecutes ningún programa antinada.

Salu2

Hola @SERVER007

Ejecutaste FRST desde un lugar incorrecto:

  • Running from C:\Users\HOMEPC\Downloads

Corta el ejecutable y pegalo en tu escritorio <<< Esto es Muy Importante.


Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\...\MountPoints2: {9932e0ef-7f02-11e7-bff7-e06995c86974} - J:\unlock.exe autoplay=true
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11192019234904570\...\MountPoints2: {9932e0ef-7f02-11e7-bff7-e06995c86974} - J:\unlock.exe autoplay=true
Task: {73C65A43-1596-4373-8A3D-1D9C260E3D07} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
C:\Program Files\Common Files\AVAST Software
Task: {C43891B3-2749-436B-AEAB-1190403498D6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {D1D680FD-9879-4D0B-87F5-C64004DE271B} - System32\Tasks\6F78616F64677274716A7A73 => C:\Users\HOMEPC\AppData\Roaming\foxsmizdnjqg\wxsegsqxxbmo.exe [919681528 2019-11-19] (Adobe Systems, Incorporated -> ) [File not signed]
URLSearchHook: [S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11202019003754891] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11202019003756978] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-2535146315-3776577491-2254638198-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://co.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__171211__yaie&p={searchTerms}
FF NewTab: Mozilla\Firefox\Profiles\afwwtnm8.default -> hxxps://co.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171211__yaff
FF Extension: (AdBlock) - C:\Users\HOMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\afwwtnm8.default\Extensions\[email protected] [2019-08-28]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-11-20 00:26 - 2019-11-20 00:26 - 000000000 ____D C:\Users\HOMEPC\AppData\Roaming\Imminent
2019-11-19 16:56 - 2019-11-19 16:56 - 000003518 _____ C:\Windows\system32\Tasks\6F78616F64677274716A7A73
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3554304 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [258560 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [wave3] => C:\Windows\system32\serwvdrv.dll [22528 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [127488 2014-03-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3649536 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [839680 2008-09-24] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [wave3] => C:\Windows\SysWOW64\serwvdrv.dll [18432 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-03-24] () [File not signed]
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
VirusTotal: C:\Users\HOMEPC\AppData\Roaming\foxsmizdnjqg\wxsegsqxxbmo.exe
(Adobe Systems, Incorporated -> ) [File not signed] C:\Users\HOMEPC\AppData\Roaming\foxsmizdnjqg\wxsegsqxxbmo.exe
2019-11-19 16:56 - 2019-11-19 16:56 - 000000000 ___HD C:\Users\HOMEPC\AppData\Roaming\foxsmizdnjqg
Folder: C:\76A9D7A3D9B0
Folder: C:\Rybka

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.

Buenas noches, @SanMar, actualizo noticias con respecto al estado de mi PC

Como sigue infectado deje abierto el proceso de vigilancia del antivirus y del malwarebytes. En algun momento reporto una señal de alerta de conexion saliente fraudulenta por el puerto 30706 a este servidor “tracker.pomf.se” y con una ip 185.19.107.254 que parece radicarse en Alemania o Suecia. Lastimosamente el efecto de las tildes volvió a aparecer. El archivos ejecutable que se me aparece de la nada en la carpeta C:\user\AppData\Local\Temp dice llamarse Acrobat_DC_Web_WWMUI.exe y comienza espontáneamente con un tamaño de 1 GB y con el tiempo va acrecentandose hasta alcanzar 200 GB o mas. Tambien es notoria la presencia de la carpeta C:\user\AppData\Roaming\Imminent la cual esta claramente detectada por todas las herramientas como pup trojan.datastealer y puede borrarse pero vuelve a aparecer. En esa carpeta se encuentran la subcarpeta “Monitoring” con dos archivos “network.dat” y “system.dat”. He revisado el contenido de estos archivos modificando la extension a texto, pero solo salen jeroglificos. He vuelto a ejecutar la tarea inicial propuesta en el orden de estas herramientas, con el ordenador en modo de fallos ( Tengo Windows 7 SP1 Ultimate, 64 bits ) a ver si puedo borrar algo mas pero nada cambia. En la consola de comandos aparecen puertos abiertos establecidos con direcciones similares a las del tracker denunciado en 185.164.167.37, 185.125.205.94, 191.231.647.013 de los cuales al consultar por google uno de ellos esta asociado a un trojano, ver “https://www.joesandbox.com/analysis/108504/0/executive

Tengo el pc comprometido, no me he atrevido a hacer ningun tipo de transaccion en linea. Siento que me tienen “chuzado”.

Estaba escribiendo esto, y justo salio vuestra respuesta tan esperada. Gracias voy a ejecutar con prontitud este procedimiento a ver que tal. Ya corté el archivo del FRST para el escritorio. Ya comentare el resultado. Obs. Rybka es un programa de ajedrez, creo que inocuo. Gracias.

Hola @SERVER007

No te preocupes, la infección esta relacionada a algo que instalaste o se instalo con respecto a Adobe, tal vez una medicina??

No se eliminara, solo mostrara el contenido de la carpeta.

Esperamos el reporte del FixLog.

Salu2

Hola @SanMar

Efectivamente, la historia completa comenzó con la pérdida de una licencia de acrobat XI de hace 7 años hace dos días, debido a que instalé un Master Collection que traía a su vez un Acrobat DC 2015… El Master Collection realmente no lo necesito completamente, solo unos programas. Intenté corregir eso, y también lo del Acrobat, pero terminé perdiendo la validez de la licencia original y me quedé sin nada. Entonces busqué un patch para arreglar eso. Utilizo mucho el Acrobat para firmas digitales y certificados de auditoría y no podía quedarme sin el programa. Hace demasiado tiempo ( años ) no se asomaba un virus por mi PC. De hecho había desinstalado todos los antivirus, pues creía que con el malwarebytes y otras herramientas como las que se usan aquí era suficiente.

Parece ser que todo está bien. Desapareció el tema de las tildes dobles nuevamente , y la carpeta imminent, así como tampoco hasta el momento ha vuelto a aparecer el archivo ejecutable aquel que crece como Godzilla. Es demasiado pronto para saber si todo esta bien.

Aquí pego el reporte del FixLog. Me inquietaron dos cosas… Sale un error en NVidia al reiniciar el pc, algo con el monitor… y por otro lado al reiniciar casi no pude entrar ya que la pantalla se pixeló totalmente con lineas de colores en el momento del set de la bios antes de iniciar el sistema operativo… y también durante el GUI de windows… se ve terrible… solo al mover el cursor por encima se despeja un claro en la imagen pixelada y de esta manera tuve que reiniciar otra vez para que saliera la imagen limpia… Voy a ver si puedo pegar un pantallazo sobre lo que estoy describiendo.

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-11-2019
Ran by HOMEPC (20-11-2019 21:57:53) Run:1
Running from C:\Users\HOMEPC\Desktop
Loaded Profiles: HOMEPC (Available Profiles: HOMEPC & OFICINA)
Boot Mode: Normal
==============================================

fixlist content:
*****************

Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\...\MountPoints2: {9932e0ef-7f02-11e7-bff7-e06995c86974} - J:\unlock.exe autoplay=true
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11192019234904570\...\MountPoints2: {9932e0ef-7f02-11e7-bff7-e06995c86974} - J:\unlock.exe autoplay=true
Task: {73C65A43-1596-4373-8A3D-1D9C260E3D07} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
C:\Program Files\Common Files\AVAST Software
Task: {C43891B3-2749-436B-AEAB-1190403498D6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {D1D680FD-9879-4D0B-87F5-C64004DE271B} - System32\Tasks\6F78616F64677274716A7A73 => C:\Users\HOMEPC\AppData\Roaming\foxsmizdnjqg\wxsegsqxxbmo.exe [919681528 2019-11-19] (Adobe Systems, Incorporated -> ) [File not signed]
URLSearchHook: [S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11202019003754891] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11202019003756978] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-2535146315-3776577491-2254638198-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://co.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__171211__yaie&p={searchTerms}
FF NewTab: Mozilla\Firefox\Profiles\afwwtnm8.default -> hxxps://co.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171211__yaff
FF Extension: (AdBlock) - C:\Users\HOMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\afwwtnm8.default\Extensions\[email protected] [2019-08-28]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-11-20 00:26 - 2019-11-20 00:26 - 000000000 ____D C:\Users\HOMEPC\AppData\Roaming\Imminent
2019-11-19 16:56 - 2019-11-19 16:56 - 000003518 _____ C:\Windows\system32\Tasks\6F78616F64677274716A7A73
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3554304 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [258560 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [wave3] => C:\Windows\system32\serwvdrv.dll [22528 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [127488 2014-03-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3649536 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [839680 2008-09-24] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [wave3] => C:\Windows\SysWOW64\serwvdrv.dll [18432 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-03-24] () [File not signed]
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
VirusTotal: C:\Users\HOMEPC\AppData\Roaming\foxsmizdnjqg\wxsegsqxxbmo.exe
(Adobe Systems, Incorporated -> ) [File not signed] C:\Users\HOMEPC\AppData\Roaming\foxsmizdnjqg\wxsegsqxxbmo.exe
2019-11-19 16:56 - 2019-11-19 16:56 - 000000000 ___HD C:\Users\HOMEPC\AppData\Roaming\foxsmizdnjqg
Folder: C:\76A9D7A3D9B0
Folder: C:\Rybka

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

    
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => not found
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9932e0ef-7f02-11e7-bff7-e06995c86974} => removed successfully
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11192019234904570\...\MountPoints2: {9932e0ef-7f02-11e7-bff7-e06995c86974} - J:\unlock.exe autoplay=true => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{73C65A43-1596-4373-8A3D-1D9C260E3D07}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73C65A43-1596-4373-8A3D-1D9C260E3D07}" => removed successfully
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
C:\Program Files\Common Files\AVAST Software => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C43891B3-2749-436B-AEAB-1190403498D6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C43891B3-2749-436B-AEAB-1190403498D6}" => removed successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1D680FD-9879-4D0B-87F5-C64004DE271B}" => not found
"C:\Windows\System32\Tasks\6F78616F64677274716A7A73" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6F78616F64677274716A7A73" => not found
URLSearchHook: [S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11202019003754891] ATTENTION => Default URLSearchHook is missing => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): No automatic fix found for this entry.
URLSearchHook: [S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11202019003756978] ATTENTION => Default URLSearchHook is missing => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): No automatic fix found for this entry.
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => removed successfully
"Firefox newtab" => removed successfully
C:\Users\HOMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\afwwtnm8.default\Extensions\[email protected] => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
C:\Users\HOMEPC\AppData\Roaming\Imminent => moved successfully
"C:\Windows\system32\Tasks\6F78616F64677274716A7A73" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.LAGS" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.X264" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.XVID" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.ac3acm" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\wave3 => value restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FFDS" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.LAGS" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.X264" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.XVID" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.ac3acm" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.lameacm" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\wave3 => value restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FFDS" => not found
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully
"BVTFilter" => removed successfully
"BVTConsumer" => removed successfully
"VirusTotal: C:\Users\HOMEPC\AppData\Roaming\foxsmizdnjqg\wxsegsqxxbmo.exe" => not found
C:\Users\HOMEPC\AppData\Roaming\foxsmizdnjqg\wxsegsqxxbmo.exe => No running process found
C:\Users\HOMEPC\AppData\Roaming\foxsmizdnjqg => moved successfully

========================= Folder: C:\76A9D7A3D9B0 ========================

C:\76A9D7A3D9B0 => File

====== End 1 Folder: ======


========================= Folder: C:\Rybka ========================

2018-11-04 13:01 - 2010-11-22 16:42 - 470847706 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Rybka\46094_DeRybImSt4_01-05-2010.7z
2018-11-04 13:01 - 2011-04-27 01:38 - 000000456 ____A [26D203B13BE768E6CD77D17A5259415B] () C:\Rybka\ANOTHER PGN.txt
2018-11-04 13:01 - 2008-02-09 21:45 - 003084288 ____A [FDD57797447F1B4E264A87D53BE6B259] (Martin Blume) C:\Rybka\Arena.exe
2018-11-04 13:01 - 2010-11-22 16:55 - 013996126 ____A [99D37D9DDFB5372CBE695CD7B6AF30D2] () C:\Rybka\arena_2.5_beta.zip
2018-11-04 13:01 - 2019-10-31 18:12 - 000006936 ____A [001BF5C0CBD04E552E98A2332939C654] () C:\Rybka\ArenaENG.cfg
2018-11-04 13:01 - 2019-10-31 18:12 - 000020279 ____A [1AF77E1262B406809F04A31E7F80185C] () C:\Rybka\ArenaGUI.cfg
2018-11-04 13:01 - 2010-11-22 17:44 - 000312184 ____A [1C542E0C4110954A937033F8AC42A7D8] () C:\Rybka\BookAdapterAquarium.zip
2018-11-04 13:01 - 2010-05-24 18:27 - 002554368 ____A [CD5A29E2D86E4360F987E8473425F420] () C:\Rybka\Deep Rybka 4 SSE42 w32.exe
2018-11-04 13:01 - 2010-05-24 18:13 - 002798592 ____A [4B12D5CD1A328C3D1E01D8630F3D9381] () C:\Rybka\Deep Rybka 4 SSE42 x64.exe
2018-11-04 13:01 - 2010-11-22 12:49 - 002554368 ____A [7AA5C8F355175411525A5A78FD766143] () C:\Rybka\Deep Rybka 4 w32.exe
2018-11-04 13:01 - 2010-05-24 18:10 - 002800128 ____A [0D347DB5D5BFD1AB3825E61B576628E1] () C:\Rybka\Deep Rybka 4 x64.exe
2018-11-04 13:01 - 2010-11-22 16:14 - 052011791 ____A [B56050432E608C12860DA6BE120BA7E4] () C:\Rybka\Dvoretsky_M._-_Dvoretsky_s_Endgame_Manual__2nd_ed__2008_.pdf
2018-11-04 13:01 - 2009-11-25 16:13 - 000015360 ____A [A044EBFB4EF7B34C8AD0F298732F6FD6] () C:\Rybka\Elo Opening.xls
2018-11-04 13:01 - 2012-09-19 12:08 - 000603828 ____A [2050AC6BC4F0652B7687253B4DFA79A1] () C:\Rybka\Guia-para-Aperturas-de-Doble-Peon-Rey-AjedrezDeEntrenamiento Avanzado.com_.zip
2018-11-04 13:01 - 2005-09-22 23:44 - 000014053 ____A [9CF20E02A67C9FC2EAFE9C19E5114674] () C:\Rybka\help.htm
2018-11-04 13:01 - 2010-11-22 16:38 - 000829767 ____A [F51089FE323B4BCC1949DC0A1A619C6D] () C:\Rybka\JYU7.stockfish-191-win.zip
2018-11-04 13:01 - 2005-02-07 04:04 - 000015468 ____A [E3284CD16C61B277D81C4E27858978C0] () C:\Rybka\KPK.sbb
2018-11-04 13:01 - 2003-05-14 16:23 - 000000046 ____A [5A91D8520914C60E24E6F6592E96AA1E] () C:\Rybka\My.txt
2018-11-04 13:01 - 2006-09-09 13:07 - 000364544 ____A [86A070A906FCAD7AEEB64E3CDF2199EA] () C:\Rybka\naum.exe
2018-11-04 13:01 - 2010-11-22 17:01 - 000321215 ____A [15B36AF1E54DD3CBD932FB1DA0072103] () C:\Rybka\naum2_0.zip
2018-11-04 13:01 - 2005-02-08 04:34 - 000017324 ____A [5CD4431433676591578B4BB0FD9EFE73] () C:\Rybka\pawnrace.sbb
2018-11-04 13:01 - 2009-12-01 13:10 - 000000222 ____A [5DEAA84D0B835355B6FC3D0F9CDA4522] () C:\Rybka\ratings.txt
2018-11-04 13:01 - 2011-04-11 23:47 - 000000401 ____A [02FA57679F523D1D1CEDEF317976A864] () C:\Rybka\Richardeaht.pgn.txt
2018-11-04 13:01 - 2008-07-29 06:14 - 002580480 ____A [9F3266D7B32E0F27AD2BBB4093074880] () C:\Rybka\Rybka 3 w32.exe
2018-11-04 13:01 - 2010-11-22 15:08 - 002183106 ____A [001F7D2BCDE5F83D7C72C04883342A48] () C:\Rybka\Rybka 4.zip
2018-11-04 13:01 - 2008-08-04 10:03 - 004681728 ____A [9646BB9B8F198422F90CB2C4B6C5208A] () C:\Rybka\Rybka_v2.1c.demo.w32.exe
2018-11-04 13:01 - 2015-01-10 18:37 - 000000109 ____A [F990F5C30154C09C1EBFE634AB5CDD06] () C:\Rybka\Schess.dft
2018-11-04 13:01 - 2010-11-22 16:45 - 003190292 ____A [9366CCAC75C530938DB2C7612234D822] (Triple Happy Ltd. ) C:\Rybka\setup-tarrasch-v1.00b.exe
2018-11-04 13:01 - 2006-03-17 03:50 - 000499712 ____A [9E33178B4CC6EBE261B6AE6B56E90E4A] () C:\Rybka\slow.exe
2018-11-04 13:01 - 2008-04-30 11:43 - 000600361 ____A [BE3BAD2ACDE7C95DFEF1FC84B39F6992] () C:\Rybka\SlowBlitzWV21.zip
2018-11-04 13:01 - 2010-11-22 16:56 - 000058019 ____A [ACE6521CF1839E25E1CBE956B33CCB8A] () C:\Rybka\spanish_v24.zip
2018-11-04 13:01 - 2018-02-01 00:31 - 001322510 ____A [80BC3B0E0A487B14D166AB73DCD50221] () C:\Rybka\stockfish_9_x32.exe
2018-11-04 13:01 - 2018-01-30 19:11 - 001154048 ____A [710E536A2648FA2F00CFD7E878106D85] () C:\Rybka\stockfish_9_x64.exe
2018-11-04 13:01 - 2018-01-31 19:26 - 001138688 ____A [F256DCF3B6930CCE77C521CC80DFA2D2] () C:\Rybka\stockfish_9_x64_bmi2.exe
2018-11-04 13:01 - 2018-01-30 19:11 - 001147392 ____A [EE3E84E70E5E5E238B02E190C7709FB1] () C:\Rybka\stockfish_9_x64_popcnt.exe
2018-11-04 13:01 - 2010-10-05 19:02 - 000206336 ____A [EEDA22A732A4E4EEFFD2C989A826BB0E] () C:\Rybka\stockfish-191-32-ja.exe
2018-11-04 13:01 - 2006-03-11 13:23 - 000429110 ____A [2E759E975A028C04591011A2D4739F1C] () C:\Rybka\TestBook.scb
2018-11-04 13:01 - 2019-10-31 18:12 - 000009355 ____A [410E7202EA62F37B941B838D67F8A5DC] () C:\Rybka\WeitereDateien.TXT
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Anthems
2018-11-04 13:01 - 2003-11-26 09:00 - 000000069 ____A [AB81958407256CBE89EB9E5F023E326E] () C:\Rybka\Anthems\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta
2018-11-04 13:01 - 2002-05-16 18:05 - 000054784 ____A [2356C3EA9FE0ABC0111A0F6233FB4CC5] () C:\Rybka\arena_2.5_beta\Accuclck.exe
2018-11-04 13:01 - 2010-11-18 23:26 - 003493888 ____A [F913D4E464A12DD1D3C207627F99FB9C] () C:\Rybka\arena_2.5_beta\Arena.exe
2018-11-04 13:01 - 2001-11-14 15:01 - 000000671 ____A [DE09B59470F022A6DD1AEB4F3D4D27FC] () C:\Rybka\arena_2.5_beta\Arena.exe.manifest
2018-11-04 13:01 - 2011-03-25 15:58 - 000004493 ____A [E0D85477781B235E69A5C3F9EB5621F7] () C:\Rybka\arena_2.5_beta\ArenaENG.cfg
2018-11-04 13:01 - 2011-03-25 15:58 - 000026689 ____A [A1AB7C8E8AD556B8C46E6F27EE0C3FFB] () C:\Rybka\arena_2.5_beta\ArenaGUI.cfg
2018-11-04 13:01 - 2007-11-09 17:20 - 001219586 ____A [166CCCC7E2ED569D17379DD2A08BD03D] () C:\Rybka\arena_2.5_beta\ecocodes7.txt
2018-11-04 13:01 - 2007-02-08 00:09 - 001083795 ____A [59CFBE4105E3B063B66CF96C80F7CAD6] () C:\Rybka\arena_2.5_beta\ecocodes9.txt
2018-11-04 13:01 - 2002-01-12 20:07 - 000001577 ____A [5857A4213499CD99BFD20C274EE19243] () C:\Rybka\arena_2.5_beta\england.gif
2018-11-04 13:01 - 2011-03-25 15:58 - 000000844 ____A [863146176ACB9100CA8298DCD46DD8BC] () C:\Rybka\arena_2.5_beta\LastGame.$$$
2018-11-04 13:01 - 2003-05-14 16:23 - 000000046 ____A [5A91D8520914C60E24E6F6592E96AA1E] () C:\Rybka\arena_2.5_beta\My.txt
2018-11-04 13:01 - 1998-06-10 01:22 - 000048640 ____A [051F26345EEF42D05778C01D2435FEC8] () C:\Rybka\arena_2.5_beta\Timeseal.exe
2018-11-04 13:01 - 2001-12-09 12:27 - 000052736 ____A [4A3D1CD7D0E83ADE8E6267B8344CACFA] () C:\Rybka\arena_2.5_beta\Timestamp.exe
2018-11-04 13:01 - 2010-11-24 15:13 - 000000227 ____A [F0DFF29C54902076045A31C2793B641B] () C:\Rybka\arena_2.5_beta\WeitereDateien.TXT
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Anthems
2018-11-04 13:01 - 2003-11-26 09:00 - 000007107 ____A [47EDDBFF078F9E9D718A0F7A3C6A48F4] () C:\Rybka\arena_2.5_beta\Anthems\france.mid
2018-11-04 13:01 - 2003-11-26 09:00 - 000007913 ____A [A0B20C22DB16C224DC8D899555B2221D] () C:\Rybka\arena_2.5_beta\Anthems\germany.mid
2018-11-04 13:01 - 2003-11-26 09:00 - 000000069 ____A [AB81958407256CBE89EB9E5F023E326E] () C:\Rybka\arena_2.5_beta\Anthems\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Books
2018-11-04 13:01 - 2003-11-26 09:00 - 000000077 ____A [048A0CF6ABD7AD206506D4415C243868] () C:\Rybka\arena_2.5_beta\Books\info.txt
2018-11-04 13:01 - 2009-03-31 19:35 - 000541044 ____A [E93502D98B2BD91A417424F3D886C3CC] () C:\Rybka\arena_2.5_beta\Books\olympiad.abk
2018-11-04 13:01 - 2008-12-14 07:00 - 000000507 ____A [8B0DFA7B54AE622C608B51D01CEE8B5E] () C:\Rybka\arena_2.5_beta\Books\Titus_Read_Me.txt
2018-11-04 13:01 - 2008-12-14 06:18 - 000479276 ____A [6D93E1D97721672F38063FCEBCAD2E22] () C:\Rybka\arena_2.5_beta\Books\Titus2.4.abk
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Databases
2018-11-04 13:01 - 2003-11-26 10:00 - 000000299 ____A [4E8557D5CD7691B6F22BFB525F3720BC] () C:\Rybka\arena_2.5_beta\Databases\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\ELOstat
2018-11-04 13:01 - 2005-01-11 23:42 - 000089088 ____A [F010272BD52EEEF35C517BAEEDEA4681] () C:\Rybka\arena_2.5_beta\ELOstat\ELOstat.exe
2018-11-04 13:01 - 2005-01-13 00:28 - 000003955 ____A [20D7D8991F022CD1D358C7A392838656] () C:\Rybka\arena_2.5_beta\ELOstat\ELOstat.his
2018-11-04 13:01 - 2005-01-26 14:56 - 000000465 ____A [CAC6D67E2E47FA12A27DB4AA01F0B66D] () C:\Rybka\arena_2.5_beta\ELOstat\info.txt
2018-11-04 13:01 - 2005-01-13 00:56 - 000047375 ____A [0C9948C55556603DDB61C1A96D117604] () C:\Rybka\arena_2.5_beta\ELOstat\liesmich.rtf
2018-11-04 13:01 - 2005-01-13 01:12 - 000048381 ____A [5C32C4CCCF61F0E44D772E9454B37460] () C:\Rybka\arena_2.5_beta\ELOstat\readme.rtf
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Engines
2018-11-04 13:01 - 2002-03-06 21:32 - 000000208 ____A [A3631744D12A0D5563A4AB9B1CE95FA3] () C:\Rybka\arena_2.5_beta\Engines\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Engines\AnMon
2018-11-04 13:01 - 2004-07-04 10:11 - 001288288 ____A [D88043149030711CEF29C3FC90BFF41F] () C:\Rybka\arena_2.5_beta\Engines\AnMon\AnMon.book
2018-11-04 13:01 - 2002-04-22 16:02 - 000015054 ____A [794D1C7DDACD88E38906D449E50E7D2B] () C:\Rybka\arena_2.5_beta\Engines\AnMon\AnMon_5.75.bmp
2018-11-04 13:01 - 2009-06-27 18:13 - 000219648 ____A [FD5C204B93E3D171EE26AF9F91A3C561] () C:\Rybka\arena_2.5_beta\Engines\AnMon\AnMon_5.75.exe
2018-11-04 13:01 - 2006-01-30 19:43 - 000002008 ____A [13BE7E3567F15C7B3B48583B5FD90FA3] () C:\Rybka\arena_2.5_beta\Engines\AnMon\readme.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Engines\Hermann
2018-11-04 13:01 - 2010-11-04 19:59 - 003442659 ____A [BB45DADB765E2E081AD0C90529A623A6] () C:\Rybka\arena_2.5_beta\Engines\Hermann\Hermann.opn
2018-11-04 13:01 - 2010-11-04 19:38 - 000537088 ____A [7FD610031F41762D8F9C52F009561786] () C:\Rybka\arena_2.5_beta\Engines\Hermann\Hermann_2.6_32.exe
2018-11-04 13:01 - 2010-11-04 19:35 - 000680448 ____A [D48A51E458CAFC45F2ABAE89C445A528] () C:\Rybka\arena_2.5_beta\Engines\Hermann\Hermann_2.6_64.exe
2018-11-04 13:01 - 2003-06-25 20:58 - 000002440 ____A [B3C7436B51943AA724994F3214E5FDB5] () C:\Rybka\arena_2.5_beta\Engines\Hermann\hermann-1.jpg
2018-11-04 13:01 - 2003-06-25 20:58 - 000002127 ____A [91E183F2FC31679F82B37C43CBEA7FD8] () C:\Rybka\arena_2.5_beta\Engines\Hermann\hermann-2.jpg
2018-11-04 13:01 - 2005-04-09 17:47 - 000002892 ____A [EA65BD7FCBEE9A4E21902B969CFEFF6A] () C:\Rybka\arena_2.5_beta\Engines\Hermann\hermann-3.jpg
2018-11-04 13:01 - 2005-04-09 17:48 - 000003174 ____A [F74FFE1693A6996D48A777EB1EB2820F] () C:\Rybka\arena_2.5_beta\Engines\Hermann\hermann-4.jpg
2018-11-04 13:01 - 2009-10-10 16:39 - 000004098 ____A [8765395A162F802DAE79E93C27F06624] () C:\Rybka\arena_2.5_beta\Engines\Hermann\Liesmich.txt
2018-11-04 13:01 - 2009-10-10 16:40 - 000003292 ____A [6B00EE38B0B5206280385E41E0E18AB9] () C:\Rybka\arena_2.5_beta\Engines\Hermann\Readme.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Engines\Naum
2018-11-04 13:01 - 2006-09-09 13:07 - 000364544 ____A [86A070A906FCAD7AEEB64E3CDF2199EA] () C:\Rybka\arena_2.5_beta\Engines\Naum\naum.exe
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Engines\Ruffian
2018-11-04 13:01 - 2003-11-07 03:09 - 000000231 ____A [D7D82207DB0F8B3D6D9D56EEF0D04534] () C:\Rybka\arena_2.5_beta\Engines\Ruffian\changes.txt
2018-11-04 13:01 - 2003-11-07 03:02 - 000001326 ____A [CF686E71F9A0D4D60DF0DDEB7B3C7B1E] () C:\Rybka\arena_2.5_beta\Engines\Ruffian\readme.txt
2018-11-04 13:01 - 2004-04-30 23:45 - 004600420 ____A [2F03E02C2D438EE5EB0C48040CD4B3F7] () C:\Rybka\arena_2.5_beta\Engines\Ruffian\Ruffian.bok
2018-11-04 13:01 - 2003-11-25 01:00 - 000015056 ____A [36DE93D14CDFD47FEFDF02494830C66D] () C:\Rybka\arena_2.5_beta\Engines\Ruffian\Ruffian_105.bmp
2018-11-04 13:01 - 2003-03-19 01:39 - 000458752 ____A [ECA06F534E16A184E3DEB4250400132B] () C:\Rybka\arena_2.5_beta\Engines\Ruffian\Ruffian_105.exe
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Engines\Rybka
2018-11-04 13:01 - 2010-11-22 12:49 - 002554368 ____A [7AA5C8F355175411525A5A78FD766143] () C:\Rybka\arena_2.5_beta\Engines\Rybka\Deep Rybka 4 w32.exe
2018-11-04 13:01 - 2008-07-29 06:14 - 002580480 ____A [9F3266D7B32E0F27AD2BBB4093074880] () C:\Rybka\arena_2.5_beta\Engines\Rybka\Rybka 3 w32.exe
2018-11-04 13:01 - 2006-12-02 17:51 - 007360512 ____A [7867981945665A42B7891885551163C4] () C:\Rybka\arena_2.5_beta\Engines\Rybka\Rybka v2.2n2.mp.w32.exe
2018-11-04 13:01 - 2006-12-02 17:45 - 007882752 ____A [DC87ACFCA479855FFCDD60100AEFFC97] () C:\Rybka\arena_2.5_beta\Engines\Rybka\Rybka v2.2n2.mp.x64.exe
2018-11-04 13:01 - 2008-08-04 10:03 - 004681728 ____A [9646BB9B8F198422F90CB2C4B6C5208A] () C:\Rybka\arena_2.5_beta\Engines\Rybka\Rybka_v2.1c.demo.w32.exe
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Engines\SOS
2018-11-04 13:01 - 2005-05-11 17:21 - 000002858 ____A [1AD46E113EF5B090E7E37BAAA9B87727] () C:\Rybka\arena_2.5_beta\Engines\SOS\readme.txt
2018-11-04 13:01 - 2002-02-25 09:46 - 002799028 ____A [6E57F40F5A5F9255D478C8868B54E63F] () C:\Rybka\arena_2.5_beta\Engines\SOS\SOS.book
2018-11-04 13:01 - 2005-02-21 02:08 - 000015056 ____A [DB01FF1BD27443C60823A8CE79072BCD] () C:\Rybka\arena_2.5_beta\Engines\SOS\SOS-51_Arena.bmp
2018-11-04 13:01 - 2005-02-22 20:42 - 000212992 ____A [5A4687A05BE629EA097D97BA3C65DBCC] () C:\Rybka\arena_2.5_beta\Engines\SOS\SOS-51_Arena.exe
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Engines\Spike
2018-11-04 13:01 - 2006-07-08 16:12 - 000003751 ____A [405305B4A1BF799A335600C8698BF84D] () C:\Rybka\arena_2.5_beta\Engines\Spike\readme.txt
2018-11-04 13:01 - 2006-06-10 10:40 - 000001628 ____A [B232C0D5D3C170EDC698CC2AA83BD258] () C:\Rybka\arena_2.5_beta\Engines\Spike\Spike.cnfg
2018-11-04 13:01 - 2006-05-24 22:08 - 001720320 ____A [6F2A43400EA04F4738F6A1B4C7B45576] (Ralf Schäfer & Volker Böhm) C:\Rybka\arena_2.5_beta\Engines\Spike\Spike1.2.exe
2018-11-04 13:01 - 2004-04-21 21:29 - 000004276 ____A [414F58BA1E15690CEF15764A88586C7C] () C:\Rybka\arena_2.5_beta\Engines\Spike\spike1.2.gif
2018-11-04 13:01 - 2006-06-10 10:38 - 000311296 ____A [727D1B418B74243258D6D7DF3780B308] (Spike) C:\Rybka\arena_2.5_beta\Engines\Spike\SpikeConfig.exe
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Engines\Stockfish
2018-11-04 13:01 - 2010-10-05 19:02 - 000206336 ____A [EEDA22A732A4E4EEFFD2C989A826BB0E] () C:\Rybka\arena_2.5_beta\Engines\Stockfish\stockfish-191-32-ja.exe
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Flags
2018-11-04 13:01 - 2002-01-12 19:59 - 000001563 ____A [62FFF4DF0A97C093F7FE7FECF9985CE7] () C:\Rybka\arena_2.5_beta\Flags\argentina.gif
2018-11-04 13:01 - 2002-01-12 20:01 - 000001562 ____A [38507CD876FB4D8CE6638E6057316E58] () C:\Rybka\arena_2.5_beta\Flags\australia.gif
2018-11-04 13:01 - 2002-01-12 19:58 - 000001593 ____A [2CAE4259BBB7575DB981B03DC878739E] () C:\Rybka\arena_2.5_beta\Flags\austria.gif
2018-11-04 13:01 - 2002-01-14 18:50 - 000001482 ____A [FFA84E16397B160B30BECB6C2A44E313] () C:\Rybka\arena_2.5_beta\Flags\belarus.gif
2018-11-04 13:01 - 2002-01-12 20:06 - 000001353 ____A [722E05E676BE9200EFD669FA95BEEC4E] () C:\Rybka\arena_2.5_beta\Flags\belgium.gif
2018-11-04 13:01 - 2002-01-14 18:52 - 000001586 ____A [5174AC27A2782FFA670F88387F5C0CE5] () C:\Rybka\arena_2.5_beta\Flags\brazil.gif
2018-11-04 13:01 - 2003-11-26 10:00 - 000001524 ____A [E6FF0FE0DFDF16DFD3E969ABB951A3EB] () C:\Rybka\arena_2.5_beta\Flags\cameroon.gif
2018-11-04 13:01 - 2002-01-14 18:54 - 000001560 ____A [EF349D1EBEE0338F84EA745BDECE91AD] () C:\Rybka\arena_2.5_beta\Flags\canada.gif
2018-11-04 13:01 - 2003-11-26 10:00 - 000001528 ____A [EAAE5C7E7645733B0B2D11CB1308F0D8] () C:\Rybka\arena_2.5_beta\Flags\catalonia.gif
2018-11-04 13:01 - 2002-01-14 18:54 - 000001516 ____A [D2942E349B1CCD587E82CF2C40D8B48A] () C:\Rybka\arena_2.5_beta\Flags\chile.gif
2018-11-04 13:01 - 2010-11-22 17:26 - 000000872 ____A [253ABA62B8190ED4558F054FE43E2711] () C:\Rybka\arena_2.5_beta\Flags\colombia.GIF
2018-11-04 13:01 - 2002-01-14 18:56 - 000001503 ____A [EF23104186BFFDAC9274D4DCE1E02D5F] () C:\Rybka\arena_2.5_beta\Flags\croatia.gif
2018-11-04 13:01 - 2002-01-12 20:06 - 000001487 ____A [D21F5BC89DD2433D982B9A78D4605A36] () C:\Rybka\arena_2.5_beta\Flags\czech.gif
2018-11-04 13:01 - 2002-01-12 19:56 - 000001597 ____A [5CD84ADA691AE91423D07D16850F8071] () C:\Rybka\arena_2.5_beta\Flags\denmark.gif
2018-11-04 13:01 - 2002-01-12 20:07 - 000001577 ____A [5857A4213499CD99BFD20C274EE19243] () C:\Rybka\arena_2.5_beta\Flags\england.gif
2018-11-04 13:01 - 2002-01-14 19:00 - 000001496 ____A [E53AE338E53EEBF27AF46C13E7D7F757] () C:\Rybka\arena_2.5_beta\Flags\ethiopia.gif
2018-11-04 13:01 - 2005-04-17 16:46 - 000001610 ____A [B95E3E33C3F7CBB15B84DFDC891470BC] () C:\Rybka\arena_2.5_beta\Flags\europe.gif
2018-11-04 13:01 - 2002-01-14 19:01 - 000001536 ____A [70AC836805686B345CAB6332FD8485F6] () C:\Rybka\arena_2.5_beta\Flags\finland.gif
2018-11-04 13:01 - 2002-01-12 19:51 - 000001572 ____A [B3E9B981574C698906D5A38D0956D001] () C:\Rybka\arena_2.5_beta\Flags\france.gif
2018-11-04 13:01 - 2002-01-12 19:50 - 000001347 ____A [20963EE6150244DB140F50242D5561D4] () C:\Rybka\arena_2.5_beta\Flags\germany.gif
2018-11-04 13:01 - 2002-01-12 19:54 - 000001527 ____A [6EC0F3F09669204FECF746CC07463337] () C:\Rybka\arena_2.5_beta\Flags\greece.gif
2018-11-04 13:01 - 2002-01-14 19:05 - 000001574 ____A [1D6F56D7CA62D384C1EB724A884714C7] () C:\Rybka\arena_2.5_beta\Flags\hongkong.gif
2018-11-04 13:01 - 2002-01-14 19:06 - 000001505 ____A [DA867212C85C14616E281DB29A877D2A] () C:\Rybka\arena_2.5_beta\Flags\hungary.gif
2018-11-04 13:01 - 2002-01-14 19:07 - 000001485 ____A [12F54C4B12B5D9317FAFFCC028DDF8A1] () C:\Rybka\arena_2.5_beta\Flags\india.gif
2018-11-04 13:01 - 2002-01-14 19:08 - 000001576 ____A [339C606EAE64D1AB57D798A8C76AE3B5] () C:\Rybka\arena_2.5_beta\Flags\indonesia.gif
2018-11-04 13:01 - 2002-04-24 21:06 - 000000111 ____A [814B5607A11D0FF44191BFB041BF2737] () C:\Rybka\arena_2.5_beta\Flags\info.txt
2018-11-04 13:01 - 2002-01-14 19:08 - 000001526 ____A [F3A103EB139804B04B98D3932E049068] () C:\Rybka\arena_2.5_beta\Flags\iran.gif
2018-11-04 13:01 - 2002-01-12 20:03 - 000001566 ____A [0537E115BDDC18B221D3DE845C395EF5] () C:\Rybka\arena_2.5_beta\Flags\israel.gif
2018-11-04 13:01 - 2002-01-12 20:08 - 000001567 ____A [F141880042DA83009AA29550498BEB62] () C:\Rybka\arena_2.5_beta\Flags\italy.gif
2018-11-04 13:01 - 2002-01-14 19:18 - 000001522 ____A [210C8C99495C866BEF08BA43A9FCF5BE] () C:\Rybka\arena_2.5_beta\Flags\mexico.gif
2018-11-04 13:01 - 2002-01-12 19:57 - 000001527 ____A [08111CDD0B2AE1033DB1225F4262E75F] () C:\Rybka\arena_2.5_beta\Flags\netherland.gif
2018-11-04 13:01 - 2002-01-12 20:08 - 000001593 ____A [3C55E498A46ABDB1E3ABF8D1002D1620] () C:\Rybka\arena_2.5_beta\Flags\new_zealand.gif
2018-11-04 13:01 - 2002-01-14 19:22 - 000001586 ____A [2D56F6A19721A311160C4C16B4965208] () C:\Rybka\arena_2.5_beta\Flags\norway.gif
2018-11-04 13:01 - 2002-01-14 19:25 - 000001491 ____A [C7B6879323D38852A75DA9C6260E383E] () C:\Rybka\arena_2.5_beta\Flags\philippines.gif
2018-11-04 13:01 - 2002-01-14 19:25 - 000001537 ____A [D3AEFE9955493EF0ACA08E8DC2C5D638] () C:\Rybka\arena_2.5_beta\Flags\poland.gif
2018-11-04 13:01 - 2002-01-14 19:26 - 000001573 ____A [50C6BC13ABE3908E80ECA765DB355D3D] () C:\Rybka\arena_2.5_beta\Flags\portugal.gif
2018-11-04 13:01 - 2002-01-14 19:26 - 000001568 ____A [DA4AAD7D0C80548FBC091B947A230613] () C:\Rybka\arena_2.5_beta\Flags\puerto_rico.gif
2018-11-04 13:01 - 2002-01-14 19:27 - 000001537 ____A [2CC6CE320A023590AEB1497275E903C6] () C:\Rybka\arena_2.5_beta\Flags\romania.gif
2018-11-04 13:01 - 2002-01-12 19:53 - 000001532 ____A [CFA3C2E89CD3B3C92ED5871C730A0B65] () C:\Rybka\arena_2.5_beta\Flags\russia.gif
2018-11-04 13:01 - 2002-01-14 19:36 - 000001563 ____A [3B80C67F42D86ED0D8F847745DED770F] () C:\Rybka\arena_2.5_beta\Flags\singapore.gif
2018-11-04 13:01 - 2002-01-14 19:38 - 000001483 ____A [CD6FF84DE56896C4A8104C2A6B354BA7] () C:\Rybka\arena_2.5_beta\Flags\south_africa.gif
2018-11-04 13:01 - 2002-01-14 19:39 - 000001560 ____A [A61C1489DABADE3358C0F369C37F2CD4] () C:\Rybka\arena_2.5_beta\Flags\spain.gif
2018-11-04 13:01 - 2002-01-12 20:08 - 000001558 ____A [2F726DC6763F920FBE3FFD6EAE067F3F] () C:\Rybka\arena_2.5_beta\Flags\sweden.gif
2018-11-04 13:01 - 2002-01-12 20:09 - 000001541 ____A [813495957F3EBEA3B3D6D39797795C7B] () C:\Rybka\arena_2.5_beta\Flags\switzerland.gif
2018-11-04 13:01 - 2002-01-12 19:55 - 000001584 ____A [58345F9DA86F2FFC5106CD91E28C0968] () C:\Rybka\arena_2.5_beta\Flags\ukraine.gif
2018-11-04 13:01 - 2002-01-14 19:43 - 000001570 ____A [E08342DDC0A1C2BC865A6351FC0877F7] () C:\Rybka\arena_2.5_beta\Flags\uruguay.gif
2018-11-04 13:01 - 2002-01-12 19:52 - 000001568 ____A [696E81C2EEED3B4FF28FBA69C196164C] () C:\Rybka\arena_2.5_beta\Flags\usa.gif
2018-11-04 13:01 - 2002-01-14 19:44 - 000001560 ____A [86FD6E2300F02495D97A902944241EB4] () C:\Rybka\arena_2.5_beta\Flags\vietnam.gif
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Fonts
2018-11-04 13:01 - 2005-01-04 23:40 - 000004000 ____A [473159478B7B177C80AE3038E195235A] () C:\Rybka\arena_2.5_beta\Fonts\ARFIG07.FON
2018-11-04 13:01 - 2005-01-04 23:27 - 000005136 ____A [127E4D8B4E27B6C18304D40BC9839AE2] () C:\Rybka\arena_2.5_beta\Fonts\ARFIG08.FON
2018-11-04 13:01 - 2005-01-04 23:28 - 000005600 ____A [B0A97F48CE916770131C089AD720F28F] () C:\Rybka\arena_2.5_beta\Fonts\ARFIG09.FON
2018-11-04 13:01 - 2005-01-10 21:49 - 000006384 ____A [A3713A412CE5F87D8AA2CB40C8B0227F] () C:\Rybka\arena_2.5_beta\Fonts\ARFIG10.FON
2018-11-04 13:01 - 2005-01-04 23:29 - 000008272 ____A [CA4646DECCCAC9D20E4B23FC1D37237E] () C:\Rybka\arena_2.5_beta\Fonts\ARFIG11.FON
2018-11-04 13:01 - 2005-01-04 23:29 - 000008832 ____A [944511A2618554039C26B878B7B86ED8] () C:\Rybka\arena_2.5_beta\Fonts\ARFIG12.FON
2018-11-04 13:01 - 2005-01-04 23:30 - 000011696 ____A [E91A0E95306003EF3B964821935184B9] () C:\Rybka\arena_2.5_beta\Fonts\ARFIG14.FON
2018-11-04 13:01 - 1996-07-24 15:48 - 000034860 ____A [5A680984516580719B624DDEB84DE5F4] () C:\Rybka\arena_2.5_beta\Fonts\digiface.ttf
2018-11-04 13:01 - 2010-11-02 22:13 - 000001356 ____A [EEF7A9F996A5EDD8BF2153AA0D90E437] () C:\Rybka\arena_2.5_beta\Fonts\info.txt
2018-11-04 13:01 - 1998-04-14 01:00 - 000055580 ____A [0AF626882B944DB4F3E1576404051F50] () C:\Rybka\arena_2.5_beta\Fonts\KINGFONT.TTF
2018-11-04 13:01 - 1995-03-02 00:00 - 000055912 ____A [37BCB36247468D364EB90095A9C96F96] () C:\Rybka\arena_2.5_beta\Fonts\LEIPFONT.TTF
2018-11-04 13:01 - 2005-09-13 16:08 - 000031824 ____A [28FFEE80A70364CF01F3B97F6F322151] () C:\Rybka\arena_2.5_beta\Fonts\MERIFONTNEW.TTF
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Graphics
2018-11-04 13:01 - 2002-03-25 19:21 - 000000296 ____A [A0A52E0744E888015EEFB21AC18214EF] () C:\Rybka\arena_2.5_beta\Graphics\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Graphics\Players
2018-11-04 13:01 - 2006-03-09 21:38 - 000000163 ____A [264ACD1C03AE4B3F5554578305652ADA] () C:\Rybka\arena_2.5_beta\Graphics\Players\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Graphics\Schemes
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\BirchTauari
2018-11-04 13:01 - 2006-11-07 22:09 - 000008649 ____A [CFA30BD33D243F834D9D868AA8A7B4A2] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\BirchTauari\background.jpg
2018-11-04 13:01 - 2006-11-07 22:11 - 000008628 ____A [92EF282A48E9EEE5B4B40FFFA7DCC735] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\BirchTauari\black.jpg
2018-11-04 13:01 - 2006-11-07 22:10 - 000008818 ____A [F2244BB88C0852E8AB631DCA718BA40C] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\BirchTauari\board.jpg
2018-11-04 13:01 - 2006-11-07 22:11 - 000008412 ____A [0AF5B6F9D9C2A9D56687377E18A410E8] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\BirchTauari\clockslogos.jpg
2018-11-04 13:01 - 2006-11-07 22:08 - 000001577 ____A [1B4D895B81F41EDC994C474DE3CEF5D8] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\BirchTauari\toolbar.jpg
2018-11-04 13:01 - 2005-09-26 20:47 - 000004216 ____A [40F5DAB9C8800254A7CE7845B339D900] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\BirchTauari\white.jpg
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Blue
2018-11-04 13:01 - 2008-10-07 22:27 - 000000785 ____A [B359C99F4EC096ED59FF5B0D40A82208] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Blue\background.jpg
2018-11-04 13:01 - 2003-11-26 08:00 - 000002171 ____A [13AD747B2163D1A20DBC2C4D4F7345CB] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Blue\black.jpg
2018-11-04 13:01 - 2007-02-12 20:01 - 000000660 ____A [9C23FB5AE02DEE826F3A89B7A8D1F36D] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Blue\board.jpg
2018-11-04 13:01 - 2005-09-25 19:31 - 000006747 ____A [463D6E44C90FD542EF7F4A3D48BAAC23] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Blue\clockslogos.jpg
2018-11-04 13:01 - 2008-10-07 22:28 - 000000785 ____A [B359C99F4EC096ED59FF5B0D40A82208] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Blue\toolbar.jpg
2018-11-04 13:01 - 2003-11-26 08:00 - 000001773 ____A [1C28603F56FCBD17988B8648EFCE5CEC] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Blue\white.jpg
2018-11-04 13:01 - 2013-01-02 13:24 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Gold
2018-11-04 13:01 - 2013-01-02 13:24 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Ice
2018-11-04 13:01 - 2013-01-02 13:24 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Light Blue
2018-11-04 13:01 - 2013-01-02 13:24 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Metall
2018-11-04 13:01 - 2013-01-02 13:24 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Red Sand
2018-11-04 13:01 - 2013-01-02 13:24 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Winboard
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Wood
2018-11-04 13:01 - 2005-09-26 21:44 - 000007133 ____A [76F05EC83D3D4A77D5DD8827F4E2EAA6] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Wood\background.jpg
2018-11-04 13:01 - 2005-09-26 21:34 - 000023164 ____A [1E0BD4EBFFDC0345B1622662B9C01569] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Wood\black.jpg
2018-11-04 13:01 - 2005-09-26 21:34 - 000004954 ____A [0F1D08B1C5A978C91F1038BD4163231E] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Wood\board.jpg
2018-11-04 13:01 - 2005-09-26 21:44 - 000007133 ____A [76F05EC83D3D4A77D5DD8827F4E2EAA6] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Wood\clockslogos.jpg
2018-11-04 13:01 - 2005-11-21 19:58 - 000006376 ____A [9B769A9053EAF61872CE245083260D40] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Wood\toolbar.jpg
2018-11-04 13:01 - 2005-09-26 21:33 - 000020746 ____A [67F31FABD200D135DF560DDB8594D696] () C:\Rybka\arena_2.5_beta\Graphics\Schemes\Wood\white.jpg
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Human Games
2018-11-04 13:01 - 2011-01-27 15:59 - 000001601 ____A [0155061CC77C12EBE1386CAD2213668E] () C:\Rybka\arena_2.5_beta\Human Games\Endless Darkness - Pavel57.pgn
2018-11-04 13:01 - 2010-11-23 12:01 - 000000954 ____A [902ADA0C7CA61AAE028F85203EAE63D3] () C:\Rybka\arena_2.5_beta\Human Games\Mangos - Realmente Insano.pgn
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Languages
2018-11-04 13:01 - 2010-11-18 22:52 - 000177746 ____A [C388BA5A49F2D4F0CB7BBEE6983ACBB6] () C:\Rybka\arena_2.5_beta\Languages\English.lng
2018-11-04 13:01 - 2010-11-18 23:42 - 000177746 ____A [3284A176452C9667BFF41395A9883CE7] () C:\Rybka\arena_2.5_beta\Languages\English_Russian_Codepage.lng
2018-11-04 13:01 - 2008-12-22 22:57 - 000000154 ____A [015A73BC1FE989817FD93ADE321C8616] () C:\Rybka\arena_2.5_beta\Languages\info.txt
2018-11-04 13:01 - 2010-07-09 08:20 - 000187058 ____A [0CBE00CE96E52592C855956D33A3001B] () C:\Rybka\arena_2.5_beta\Languages\Spanish.lng
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Logos
2018-11-04 13:01 - 2003-06-15 18:00 - 000002264 ____A [A040EA46C4003FC76CAEF83B3E319863] () C:\Rybka\arena_2.5_beta\Logos\crafty-2.JPG
2018-11-04 13:01 - 2003-11-26 10:00 - 000003118 ____A [FD50E2508042E7CA5D65F1FFC6AE7252] () C:\Rybka\arena_2.5_beta\Logos\gladiator_01.jpg
2018-11-04 13:01 - 2003-11-26 10:00 - 000003143 ____A [A81E0232D4580A641D659C720A7B29D1] () C:\Rybka\arena_2.5_beta\Logos\gladiator_02.jpg
2018-11-04 13:01 - 2003-11-26 10:00 - 000003075 ____A [1F95DCC74B30E4256D3F0490571107FA] () C:\Rybka\arena_2.5_beta\Logos\gladiator_03.jpg
2018-11-04 13:01 - 2003-11-26 10:00 - 000003036 ____A [ECB28D1E68F86A649887B1DE5E50D1EB] () C:\Rybka\arena_2.5_beta\Logos\gladiator_04.jpg
2018-11-04 13:01 - 2003-11-26 10:00 - 000003093 ____A [AF86848C06FC4F90F1D26462A5B6EAD3] () C:\Rybka\arena_2.5_beta\Logos\gladiator_05.jpg
2018-11-04 13:01 - 2003-11-26 10:00 - 000003095 ____A [7E2F8665FC04560A56158101F9BD5BA1] () C:\Rybka\arena_2.5_beta\Logos\gladiator_06.jpg
2018-11-04 13:01 - 2003-11-26 10:00 - 000003068 ____A [86C17BE86CD52F117C08634650187465] () C:\Rybka\arena_2.5_beta\Logos\gladiator_07.jpg
2018-11-04 13:01 - 2003-11-26 10:00 - 000003073 ____A [30AA6E03054E7BB3DDFD8CBC359780D5] () C:\Rybka\arena_2.5_beta\Logos\gladiator_08.jpg
2018-11-04 13:01 - 2003-11-26 10:00 - 000003031 ____A [8FF07A1A02494376FDDFBD9C317D421C] () C:\Rybka\arena_2.5_beta\Logos\gladiator_09.jpg
2018-11-04 13:01 - 2003-11-26 10:00 - 000003284 ____A [960902B80040FA1372142946252A335E] () C:\Rybka\arena_2.5_beta\Logos\gladiator_10.jpg
2018-11-04 13:01 - 2003-11-26 10:00 - 000003441 ____A [91BCB843349A8F0455AE51C3E5CEE1FE] () C:\Rybka\arena_2.5_beta\Logos\gladiator_11.jpg
2018-11-04 13:01 - 2003-11-26 09:00 - 000000084 ____A [185A73E7CA16290207748EF8F543BD0F] () C:\Rybka\arena_2.5_beta\Logos\info.txt
2018-11-04 13:01 - 2003-06-15 18:00 - 000002330 ____A [3CA7593734BF762C7F172120D46B4BE4] () C:\Rybka\arena_2.5_beta\Logos\sos-1.JPG
2018-11-04 13:01 - 2003-06-15 18:00 - 000002207 ____A [122E947331991D5E9D9822A28D78C88F] () C:\Rybka\arena_2.5_beta\Logos\sos-2.JPG
2018-11-04 13:01 - 2003-06-15 18:00 - 000002384 ____A [9BFBE435EE8D84C7E45E85385A725063] () C:\Rybka\arena_2.5_beta\Logos\sos-3.JPG
2018-11-04 13:01 - 2003-06-15 18:00 - 000002648 ____A [2B3C89ED53B4F6E0D139E1C69DEB6E66] () C:\Rybka\arena_2.5_beta\Logos\sos-4.JPG
2018-11-04 13:01 - 2003-06-15 18:00 - 000002420 ____A [51423B8A9FAA7455D4EE65B6C47A4CF9] () C:\Rybka\arena_2.5_beta\Logos\sos-5.JPG
2018-11-04 13:01 - 2003-06-15 18:00 - 000001958 ____A [95FA016144F727400569154C6DAFF97B] () C:\Rybka\arena_2.5_beta\Logos\sos-6.JPG
2018-11-04 13:01 - 2003-06-15 18:00 - 000002372 ____A [7A51B47ADC0D1FA544EB9972286C5944] () C:\Rybka\arena_2.5_beta\Logos\sos-7.JPG
2018-11-04 13:01 - 2003-06-15 18:00 - 000002501 ____A [1832FB2B989C433ECF66986E97230437] () C:\Rybka\arena_2.5_beta\Logos\sos-8.JPG
2018-11-04 13:01 - 2003-06-15 18:00 - 000002183 ____A [E4CB6F5627861F3DD57713D3A4011599] () C:\Rybka\arena_2.5_beta\Logos\sos-9.JPG
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Readme
2018-11-04 13:01 - 2010-11-09 22:17 - 000007831 ____A [AE06A2E2C759F0527435B03560D08A3C] () C:\Rybka\arena_2.5_beta\Readme\copyright.txt
2018-11-04 13:01 - 2010-11-18 23:07 - 001065008 ____A [D7BB21A71D2CD4FC33A264BF904EE707] () C:\Rybka\arena_2.5_beta\Readme\deutsch.chm
2018-11-04 13:01 - 2010-11-18 23:05 - 001034476 ____A [F9ED21A57FD8B7273C4C82FAF21FA5EF] () C:\Rybka\arena_2.5_beta\Readme\english.chm
2018-11-04 13:01 - 2006-11-07 22:40 - 000000133 ____A [B30867F121CF4898F53AE4FE0564163D] () C:\Rybka\arena_2.5_beta\Readme\info.txt
2018-11-04 13:01 - 2010-11-18 23:28 - 000008819 ____A [C9CAC27CBFE67863B8B2CE3D10700FDA] () C:\Rybka\arena_2.5_beta\Readme\liesmich.txt
2018-11-04 13:01 - 2010-11-19 00:24 - 000008368 ____A [380993CFF039A98E35D82B947661FDBC] () C:\Rybka\arena_2.5_beta\Readme\readme.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () 

Otra vez el reporte muy largo, tuve que partir el mensaje en dos…

C:\Rybka\arena_2.5_beta\Shelf
2018-11-04 13:01 - 2010-11-02 19:59 - 000000119 ____A [EE9B7065432A0057D3A1A84F67443166] () C:\Rybka\arena_2.5_beta\Shelf\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Sounds
2018-11-04 13:01 - 2008-11-13 21:13 - 000004562 ____A [F8B453D89D978DA03FB0CEE539D7062E] () C:\Rybka\arena_2.5_beta\Sounds\capture.wav
2018-11-04 13:01 - 2003-11-26 09:00 - 000000108 ____A [C4DEA6BD2CFF68362D57C02593206005] () C:\Rybka\arena_2.5_beta\Sounds\info.txt
2018-11-04 13:01 - 2008-11-13 21:57 - 000012934 ____A [C371F2C8FDDFF341145ABED3DD4AAE5A] () C:\Rybka\arena_2.5_beta\Sounds\move.wav
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\SpeedTest
2018-11-04 13:01 - 2008-12-02 20:53 - 000495104 ____A [FB13E30E7BB8B6A0EDB36A49B9373999] (Martin Blume) C:\Rybka\arena_2.5_beta\SpeedTest\GTest.exe
2018-11-04 13:01 - 2008-10-20 20:33 - 000000107 ____A [D81578FD611853CA2A4ACC81EF087D90] () C:\Rybka\arena_2.5_beta\SpeedTest\info.txt
2018-11-04 13:01 - 2007-12-25 20:07 - 000000227 ____A [F621737632B12279724F17923F301514] () C:\Rybka\arena_2.5_beta\SpeedTest\readme.txt
2018-11-04 13:01 - 2010-11-09 20:31 - 000002174 ____A [96A68F461022948102467C936771E52E] () C:\Rybka\arena_2.5_beta\SpeedTest\SystemList.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\TB
2018-11-04 13:01 - 2009-11-18 03:01 - 000015054 ____A [506A8604EB1B9230E910763AC5809A0E] () C:\Rybka\arena_2.5_beta\TB\Gaviota.bmp
2018-11-04 13:01 - 2010-06-05 22:08 - 000471552 ____A [7E37FF660F4E38164E6310A8830CFEA8] () C:\Rybka\arena_2.5_beta\TB\gaviota.tb
2018-11-04 13:01 - 2010-06-08 01:17 - 000000593 ____A [EBBC8AF8496FF96C91F27B6E3B525284] () C:\Rybka\arena_2.5_beta\TB\gaviota-license.txt
2018-11-04 13:01 - 2010-06-08 01:02 - 000005471 ____A [73DFAAE5DEF41D325010EC4472E890FE] () C:\Rybka\arena_2.5_beta\TB\gaviota-readme.txt
2018-11-04 13:01 - 2010-11-18 23:51 - 000000862 ____A [5D0D19ED81A5BC5F8AC1F640E32BC994] () C:\Rybka\arena_2.5_beta\TB\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\TB\gtb.cp4
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\TB\gtb.cp4\gtb3
2018-11-04 13:01 - 2010-06-21 18:28 - 000002021 ____A [D7A5B1B3EAD671273ED96B41E0616510] () C:\Rybka\arena_2.5_beta\TB\gtb.cp4\gtb3\kbk.gtb.cp4
2018-11-04 13:01 - 2010-06-21 18:28 - 000001754 ____A [5B56485E4C99F2D91172D4676A0DE939] () C:\Rybka\arena_2.5_beta\TB\gtb.cp4\gtb3\knk.gtb.cp4
2018-11-04 13:01 - 2010-06-21 18:28 - 000027435 ____A [ECAA0490D03CC256B5183EDDEE44D035] () C:\Rybka\arena_2.5_beta\TB\gtb.cp4\gtb3\kpk.gtb.cp4
2018-11-04 13:01 - 2010-06-21 18:28 - 000009443 ____A [C80C5B3E32F601DFAA7F3F6B6A431EF7] () C:\Rybka\arena_2.5_beta\TB\gtb.cp4\gtb3\kqk.gtb.cp4
2018-11-04 13:01 - 2010-06-21 18:28 - 000010824 ____A [959FD626C3EF3183AA4DDECA4ECF63A6] () C:\Rybka\arena_2.5_beta\TB\gtb.cp4\gtb3\krk.gtb.cp4
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\TB\gtb.cp4\gtb4
2018-11-04 13:01 - 2010-11-18 23:51 - 000000878 ____A [CFA6B8888C1D88E458943C3326EEAC96] () C:\Rybka\arena_2.5_beta\TB\gtb.cp4\gtb4\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\TB\gtb.cp4\gtb5
2018-11-04 13:01 - 2010-11-18 23:51 - 000000878 ____A [E793CA750055936EAD4FC2FE71F08023] () C:\Rybka\arena_2.5_beta\TB\gtb.cp4\gtb5\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\arena_2.5_beta\Tournaments
2018-11-04 13:01 - 2003-07-14 20:49 - 000000091 ____A [38A27E6E80AA783CCDE5F67F91B89DC2] () C:\Rybka\arena_2.5_beta\Tournaments\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Books
2018-11-04 13:01 - 2003-11-26 09:00 - 000000077 ____A [048A0CF6ABD7AD206506D4415C243868] () C:\Rybka\Books\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\DeRybImSt 4
2018-11-04 13:01 - 2010-05-01 09:20 - 000102052 ____A [69A6C5BFC9671B210C99A43EF7EFA32B] () C:\Rybka\DeRybImSt 4\DeRybImSt 4.ctb
2018-11-04 13:01 - 2010-11-22 17:29 - 013529009 ____A [09848C29A893AF322BFE12F45A9A1881] () C:\Rybka\DeRybImSt 4\DeRybImSt 4.ctg
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\ELOStat
2018-11-04 13:01 - 2005-01-26 14:56 - 000000465 ____A [CAC6D67E2E47FA12A27DB4AA01F0B66D] () C:\Rybka\ELOStat\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Engines
2018-11-04 13:01 - 2002-03-06 21:32 - 000000208 ____A [A3631744D12A0D5563A4AB9B1CE95FA3] () C:\Rybka\Engines\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Flags
2018-11-04 13:01 - 2010-11-22 17:25 - 000000889 ____A [F866144FE07282B4C7481A1713D4D28E] () C:\Rybka\Flags\Colombia.GIF
2018-11-04 13:01 - 2002-04-24 21:06 - 000000111 ____A [814B5607A11D0FF44191BFB041BF2737] () C:\Rybka\Flags\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Fonts
2018-11-04 13:01 - 2005-01-04 23:27 - 000005136 ____A [127E4D8B4E27B6C18304D40BC9839AE2] () C:\Rybka\Fonts\ARFIG08.FON
2018-11-04 13:01 - 2005-01-10 21:49 - 000006384 ____A [A3713A412CE5F87D8AA2CB40C8B0227F] () C:\Rybka\Fonts\ARFIG10.FON
2018-11-04 13:01 - 2005-01-04 23:29 - 000008832 ____A [944511A2618554039C26B878B7B86ED8] () C:\Rybka\Fonts\ARFIG12.FON
2018-11-04 13:01 - 2005-01-04 23:30 - 000011696 ____A [E91A0E95306003EF3B964821935184B9] () C:\Rybka\Fonts\ARFIG14.FON
2018-11-04 13:01 - 2005-12-22 23:04 - 000000259 ____A [AE1F5A12854E3553DE829567DC63E585] () C:\Rybka\Fonts\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\FROM CHESS COM
2018-11-04 13:01 - 2010-03-28 00:23 - 001846315 ____A [CBE155E233CCEEB74F94C34C073483B6] () C:\Rybka\FROM CHESS COM\primes6.zip
2018-11-04 13:01 - 2010-03-27 17:23 - 000029032 ____A [C90554B76A17273E5456B199087AD89D] () C:\Rybka\FROM CHESS COM\ARMANDO TORRES.htm
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\FROM CHESS COM\ARMANDO TORRES_files
2018-11-04 13:01 - 2010-03-27 17:23 - 000004529 ____A [596D5842D6911E74278FC69817E77781] () C:\Rybka\FROM CHESS COM\ARMANDO TORRES_files\1370827.css
2018-11-04 13:01 - 2010-03-27 17:23 - 000022080 ____A [458D530C9D8203E7F8E3B2F9D05CCBD0] () C:\Rybka\FROM CHESS COM\ARMANDO TORRES_files\all_main_functions.js
2018-11-04 13:01 - 2010-03-27 17:23 - 000000454 ____A [51D99A9BA615AEB668D25E2201CC725D] () C:\Rybka\FROM CHESS COM\ARMANDO TORRES_files\chart_bar.png
2018-11-04 13:01 - 2010-03-27 17:23 - 000062590 ____A [5C139AFCD69002404946E3D11E273932] () C:\Rybka\FROM CHESS COM\ARMANDO TORRES_files\chess.css
2018-11-04 13:01 - 2010-03-27 17:23 - 000024074 ____A [5E1A641EE27E0ACFA6976FB4D9EDCBDF] () C:\Rybka\FROM CHESS COM\ARMANDO TORRES_files\ga.js
2018-11-04 13:01 - 2010-03-27 17:23 - 000000204 ____A [DA8A05674B8AC18D7E8CC5D961897FEA] () C:\Rybka\FROM CHESS COM\ARMANDO TORRES_files\listbox.js
2018-11-04 13:01 - 2010-03-27 17:23 - 000010205 ____A [497E3A2D2C0B8ECF8F0DE1B6D071581D] () C:\Rybka\FROM CHESS COM\ARMANDO TORRES_files\pie_graph.png
2018-11-04 13:01 - 2010-03-27 17:23 - 000011353 ____A [C52C06C3105BE6228777F9C0CB9126A6] () C:\Rybka\FROM CHESS COM\ARMANDO TORRES_files\play.css
2018-11-04 13:01 - 2010-03-27 17:23 - 000045114 ____A [EFC54D2FDAC659AF8E52BF7B48972C25] () C:\Rybka\FROM CHESS COM\ARMANDO TORRES_files\qcodo_all.js
2018-11-04 13:01 - 2010-03-27 17:23 - 000005337 ____A [7133450E36F02FAFC07E16424AA33B2E] () C:\Rybka\FROM CHESS COM\ARMANDO TORRES_files\rating_line_graph.png
2018-11-04 13:01 - 2010-03-27 17:23 - 000000737 ____A [AA6C24D78D1883D3D7EBFB01EE5D6691] () C:\Rybka\FROM CHESS COM\ARMANDO TORRES_files\spinner_14.gif
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Graphics
2018-11-04 13:01 - 2002-03-25 19:21 - 000000296 ____A [A0A52E0744E888015EEFB21AC18214EF] () C:\Rybka\Graphics\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Graphics\Players
2018-11-04 13:01 - 2006-03-09 21:38 - 000000163 ____A [264ACD1C03AE4B3F5554578305652ADA] () C:\Rybka\Graphics\Players\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Graphics\Schemes
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Graphics\Schemes\BirchTauari
2018-11-04 13:01 - 2006-11-07 22:09 - 000008649 ____A [CFA30BD33D243F834D9D868AA8A7B4A2] () C:\Rybka\Graphics\Schemes\BirchTauari\background.jpg
2018-11-04 13:01 - 2006-11-07 22:11 - 000008628 ____A [92EF282A48E9EEE5B4B40FFFA7DCC735] () C:\Rybka\Graphics\Schemes\BirchTauari\black.jpg
2018-11-04 13:01 - 2006-11-07 22:10 - 000008818 ____A [F2244BB88C0852E8AB631DCA718BA40C] () C:\Rybka\Graphics\Schemes\BirchTauari\board.jpg
2018-11-04 13:01 - 2006-11-07 22:11 - 000008412 ____A [0AF5B6F9D9C2A9D56687377E18A410E8] () C:\Rybka\Graphics\Schemes\BirchTauari\clockslogos.jpg
2018-11-04 13:01 - 2006-11-07 22:08 - 000001577 ____A [1B4D895B81F41EDC994C474DE3CEF5D8] () C:\Rybka\Graphics\Schemes\BirchTauari\toolbar.jpg
2018-11-04 13:01 - 2005-09-26 20:47 - 000004216 ____A [40F5DAB9C8800254A7CE7845B339D900] () C:\Rybka\Graphics\Schemes\BirchTauari\white.jpg
2018-11-04 13:01 - 2013-01-02 13:24 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Graphics\Schemes\gold
2018-11-04 13:01 - 2013-01-02 13:24 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Graphics\Schemes\Ice
2018-11-04 13:01 - 2013-01-02 13:24 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Graphics\Schemes\Light blue
2018-11-04 13:01 - 2013-01-02 13:24 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Graphics\Schemes\metall
2018-11-04 13:01 - 2013-01-02 13:24 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Graphics\Schemes\red sand
2018-11-04 13:01 - 2013-01-02 13:24 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Graphics\Schemes\Winboard
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Graphics\Schemes\Wood
2018-11-04 13:01 - 2005-09-26 21:44 - 000007133 ____A [76F05EC83D3D4A77D5DD8827F4E2EAA6] () C:\Rybka\Graphics\Schemes\Wood\background.jpg
2018-11-04 13:01 - 2005-09-26 21:34 - 000023164 ____A [1E0BD4EBFFDC0345B1622662B9C01569] () C:\Rybka\Graphics\Schemes\Wood\black.jpg
2018-11-04 13:01 - 2005-09-26 21:34 - 000004954 ____A [0F1D08B1C5A978C91F1038BD4163231E] () C:\Rybka\Graphics\Schemes\Wood\board.jpg
2018-11-04 13:01 - 2005-09-26 21:44 - 000007133 ____A [76F05EC83D3D4A77D5DD8827F4E2EAA6] () C:\Rybka\Graphics\Schemes\Wood\clockslogos.jpg
2018-11-04 13:01 - 2005-11-21 19:58 - 000006376 ____A [9B769A9053EAF61872CE245083260D40] () C:\Rybka\Graphics\Schemes\Wood\toolbar.jpg
2018-11-04 13:01 - 2005-09-26 21:33 - 000020746 ____A [67F31FABD200D135DF560DDB8594D696] () C:\Rybka\Graphics\Schemes\Wood\white.jpg
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\GUI PROGRAMS
2018-11-04 13:01 - 2010-11-22 19:58 - 005629711 ____A [18338D3C34793BEE091B99C110EC70E6] () C:\Rybka\GUI PROGRAMS\winboard-4_2_7a.exe
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Languages
2018-11-04 13:01 - 2008-02-09 20:52 - 000148903 ____A [40D5C012FCDF3E9E70D84C74B0A2D238] () C:\Rybka\Languages\English.lng
2018-11-04 13:01 - 2010-07-09 08:20 - 000187058 ____A [0CBE00CE96E52592C855956D33A3001B] () C:\Rybka\Languages\Spanish.lng
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Logos
2018-11-04 13:01 - 2003-11-26 09:00 - 000000084 ____A [185A73E7CA16290207748EF8F543BD0F] () C:\Rybka\Logos\info.txt
2018-11-04 13:01 - 2019-10-31 17:16 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\MATCHES
2018-11-04 13:01 - 2010-03-31 14:25 - 000000763 ____A [C8A4A2DE2DE88ED7912D43081E396639] () C:\Rybka\MATCHES\abardian celada a sangre fuego y muerte el mate a 13 pasos.pgn
2019-10-24 10:34 - 2019-10-24 10:34 - 000004875 ____A [194EC0C257B93CA1EBA352D02F95EAC9] () C:\Rybka\MATCHES\Acribillamiento a quemarropa con tenaza caballo alfil.fch
2018-11-04 13:01 - 2011-03-18 11:40 - 000006750 ____A [DC49F06633174A7200A5544A69574AC4] () C:\Rybka\MATCHES\AlicePandoravsARMANDO TORRES.fch
2018-11-04 13:01 - 2012-07-08 23:30 - 000005190 ____A [58CB1B6445B7836736A28DC44E537AEB] () C:\Rybka\MATCHES\Analizar el Cambio de Caballo x Alfil.fch
2018-11-04 13:01 - 2010-10-22 00:20 - 000004084 ____A [7CD7CFA6C841AA4BE0D912A7AF6B8563] () C:\Rybka\MATCHES\anotherblitzshit.fch
2018-11-04 13:01 - 2010-11-16 14:27 - 000001965 ____A [8919D7561429D9CCFBC2AE5844A03308] () C:\Rybka\MATCHES\Anseume - ENDLESSDARKNESS.fch
2018-11-04 13:01 - 2011-05-20 14:42 - 000006554 ____A [B06F9C5D1CC90B31C9F5932CE4DBBF27] () C:\Rybka\MATCHES\Ataque constatado.fch
2018-11-04 13:01 - 2012-09-30 11:31 - 000015303 ____A [034C6DA99EB86AD3F2AE1B75101A65DA] () C:\Rybka\MATCHES\Bad stone wall ending.fch
2018-11-04 13:01 - 2010-04-20 23:20 - 000003977 ____A [816DF1DB21FC653444F89FFEF94327FC] () C:\Rybka\MATCHES\Bien jugado Campeonato Colombia 2010.fch
2018-11-04 13:01 - 2011-03-09 15:31 - 000007915 ____A [DD4E1F70A80F8B835D824CBE1D51EBBD] () C:\Rybka\MATCHES\Bilis999vsARMANDO TORRES.fch
2018-11-04 13:01 - 2018-09-28 18:26 - 000004985 ____A [61B936F1ABC98A89CEE366CA4366F81A] () C:\Rybka\MATCHES\Brutal Cold Attack.fch
2019-05-17 19:35 - 2019-05-17 19:35 - 000003650 ____A [F21D0250834AB4015C8FA9CC28504066] () C:\Rybka\MATCHES\Caballos escalados.fch
2019-10-22 16:37 - 2019-10-22 16:37 - 000004344 ____A [E9B705D5226473118BC76373F47F5CAA] () C:\Rybka\MATCHES\cadena de peones defensivos.fch
2018-11-04 13:01 - 2009-11-25 00:20 - 000003569 ____A [3E78BFCA78DD66336BBF7EA7CC04F6B3] () C:\Rybka\MATCHES\Burzum Arellano vs ARMANDO TORRES.fch
2018-11-04 13:01 - 2009-11-30 22:42 - 000000485 ____A [A9AE6CC290965DA9F407004A36E37ECE] () C:\Rybka\MATCHES\caliche616_vs_ARMANDO TORRES_2009_11_15.pgn
2018-11-04 13:01 - 2009-11-24 14:06 - 000003238 ____A [58DA2EA229A145D40E28E2931B78F2E9] () C:\Rybka\MATCHES\charlie0909_vs_ARMANDO TORRES_2009_11_13.fch
2018-11-04 13:01 - 2009-11-20 11:59 - 000000394 ____A [0D8F5B0DAB9BCB605ACDEE344693E901] () C:\Rybka\MATCHES\charlie0909_vs_ARMANDO TORRES_2009_11_13.pgn
2018-11-04 13:01 - 2011-05-24 01:29 - 000000339 ____A [9532A8C82F4664D4DC0A4AB30B90EDD7] () C:\Rybka\MATCHES\Chess Somberlain.pgn
2018-11-04 13:01 - 2010-03-23 21:16 - 000005090 ____A [0419A328053F737863E4CD4ECA0CCED6] () C:\Rybka\MATCHES\chess_com_games_(1370827)-2010_03_23_8_14_am.pgn
2018-11-04 13:01 - 2009-11-29 14:40 - 000003937 ____A [F16DFA0FC9F303F3650925914812FF89] () C:\Rybka\MATCHES\Confusedalot vs ARMANDO TORRES FTW 002.fch
2018-11-04 13:01 - 2010-05-16 15:21 - 000000925 ____A [65AD37BC76BE5227D5894A7E2F351CAB] () C:\Rybka\MATCHES\coronacion.fch
2018-11-04 13:01 - 2010-03-27 20:59 - 000003920 ____A [BD1AA04071CE042237653D5E275C8135] () C:\Rybka\MATCHES\CRAVED.fch
2018-11-04 13:01 - 2012-10-20 16:16 - 000003519 ____A [F0D486A82382A3C282758536BCD3AFD9] () C:\Rybka\MATCHES\CREATORRR.fch
2018-11-04 13:01 - 2013-06-19 17:34 - 000004726 ____A [5733C6E0433D6B8E86AF057A2940441A] () C:\Rybka\MATCHES\CURIOUS MATE.fch
2018-11-04 13:01 - 2009-12-03 16:57 - 000000526 ____A [1BC0A03BF717D69B01F9F7ED613AF2A8] () C:\Rybka\MATCHES\d4,Nf6,c4,c6-FreePGNChessGames-chessopeningsdatabase.com.pgn
2018-11-04 13:01 - 2009-12-03 17:01 - 000083847 ____A [C98DC3FCD741A2D7BD69B8B70DAE55B2] () C:\Rybka\MATCHES\d4,Nf6,c4,g6-FreePGNChessGames-chessopeningsdatabase.com.pgn
2018-11-04 13:01 - 2012-07-06 13:56 - 000003605 ____A [AF060238A74DF92E7465D12814272028] () C:\Rybka\MATCHES\deliciosa muerte.fch
2018-11-04 13:01 - 2011-03-17 16:33 - 000000286 ____A [9050771D219220A50A4756B1D81E8832] () C:\Rybka\MATCHES\Elegance de Paris.pgn
2018-11-04 13:01 - 2011-03-17 16:33 - 000000286 ____A [9050771D219220A50A4756B1D81E8832] () C:\Rybka\MATCHES\Elegance de Paris.txt
2018-11-04 13:01 - 2014-11-09 13:05 - 000010823 ____A [9A5381DCA0E127A7B6A4E1F7B4430CA8] () C:\Rybka\MATCHES\EXCELENT MATCH WITH XOTZE GERMAN.fch
2018-11-04 13:01 - 2013-07-11 20:18 - 000003376 ____A [473B7F6D6FF82D9B36C15B59F2B518B0] () C:\Rybka\MATCHES\EXCELENT MATCH METIENDOLA DURA HASTA EL FONDO Y SIN ANESTESIA.fch
2018-11-04 13:01 - 2009-11-25 15:42 - 000001674 ____A [D537A431B996825AD22B2C5454D54383] () C:\Rybka\MATCHES\Fischer Spassky.fch
2018-11-04 13:01 - 2011-03-17 11:23 - 000005824 ____A [1BAF4FB81F240F9AF1C2969593CDCC99] () C:\Rybka\MATCHES\FuckUvsARMANDO TORRES.fch
2018-11-04 13:01 - 2014-10-28 18:10 - 000006314 ____A [2BAA3FF63F6CB405E76A8BDBD1680630] () C:\Rybka\MATCHES\GARY KASPAROV ITALIANO JAJA.fch
2018-11-04 13:01 - 2011-03-17 14:18 - 000005315 ____A [F7DFC59ECDA50533FE3788E8AFAA5EFF] () C:\Rybka\MATCHES\Good bishop.fch
2018-11-04 13:01 - 2010-11-03 10:51 - 000004447 ____A [3C63D6293E78175ACA31F3161565B3F8] () C:\Rybka\MATCHES\Good pawn determination.fch
2018-11-04 13:01 - 2010-04-01 17:20 - 000004816 ____A [0B9DB49F3BD7446F82591FDCF737D198] () C:\Rybka\MATCHES\goodd.fch
2018-11-04 13:01 - 2013-09-04 11:00 - 000008857 ____A [2E433F8BA3A9AE86C7F307BDEA438CD4] () C:\Rybka\MATCHES\Guest Alcatel Smartphone 10L 2.fch
2018-11-04 13:01 - 2013-07-25 10:14 - 000005907 ____A [88292846BEF8265B63311DC9A8E625BB] () C:\Rybka\MATCHES\Guest Alcatel Smartphone 10L.fch
2018-11-04 13:01 - 2013-07-25 10:18 - 000003124 ____A [FBCC3CE8DFA412683D9CBC96F667C197] () C:\Rybka\MATCHES\Guest Alcatel Smartphone 1L.fch
2018-11-04 13:01 - 2013-02-01 18:58 - 000010535 ____A [60B694D9C7867E3BC03E89DF3796FA10] () C:\Rybka\MATCHES\hard game.fch
2018-11-04 13:01 - 2010-04-03 21:58 - 000006088 ____A [823A1FD2D11B7651B047D59B2A3BF90A] () C:\Rybka\MATCHES\Heinous Murderer.fch
2018-11-04 13:01 - 2011-04-01 14:54 - 000003656 ____A [71BB370DEB318B7F014BDE7282BE0FE2] () C:\Rybka\MATCHES\Horseforce ARMANDO TORRES.fch
2018-11-04 13:01 - 2012-09-04 18:51 - 000006653 ____A [20A5DB3AAF8CEEC306329020FB029AFC] () C:\Rybka\MATCHES\Interesting Resolution.fch
2018-11-04 13:01 - 2014-12-08 23:36 - 000010705 ____A [D47CBD80ABCB55E3E595BB8D33AB970A] () C:\Rybka\MATCHES\INTERESTING STRONG.fch
2018-11-04 13:01 - 2011-08-17 21:29 - 000006142 ____A [45CC1939939ACBC85B069CD3939B87B0] () C:\Rybka\MATCHES\interestingt.fch
2018-11-04 13:01 - 2010-03-27 11:02 - 000006497 ____A [B24B5F3763CE08721A3A204C15A45BA5] () C:\Rybka\MATCHES\iotherruse.fch
2018-11-04 13:01 - 2009-12-01 14:49 - 000005337 ____A [EFB3B8629436B80CEA4BB47F1FBB8E08] () C:\Rybka\MATCHES\java vs Mournful livechess.fch
2018-11-04 13:01 - 2009-12-01 15:51 - 000003358 ____A [973FAEF5170677BB46CC3519736DD191] () C:\Rybka\MATCHES\jfante vs Mournful.fch
2018-11-04 13:01 - 2011-04-27 21:50 - 000011594 ____A [7350450C1D16F6B5723A5E75763AF97A] () C:\Rybka\MATCHES\Juan864 with ARMANDO TORRES.fch
2018-11-04 13:01 - 2014-07-10 23:13 - 000005026 ____A [B354E1016A233B9D2A977525AA07C990] () C:\Rybka\MATCHES\JUEGO FUERTE Y A MUERTE.fch
2018-11-04 13:01 - 2009-12-05 21:57 - 000013557 ____A [B4A1AC901B42E67AE053490EFEC262C5] () C:\Rybka\MATCHES\KEANDRIS.fch
2018-11-04 13:01 - 2010-02-28 09:28 - 000000915 ____A [F9602FC4C7FE62F85715060F67AA1339] () C:\Rybka\MATCHES\Kelbo1976 Vs ARMANDO TORRES.fch
2018-11-04 13:01 - 2010-03-03 09:49 - 000005694 ____A [3F08DFA555BE80C4BA0CC63DDB86D38A] () C:\Rybka\MATCHES\Kelvo vs ARMANDO TORRES.fch
2018-11-04 13:01 - 2010-03-03 09:42 - 000000814 ____A [26B20163089FAD999BE1480BC4FE2208] () C:\Rybka\MATCHES\kelvo1976_vs_ARMANDO TORRES_2009_12_08.pgn
2019-05-17 20:00 - 2019-05-17 20:00 - 000006565 ____A [86F00444C4295705F4B6618256B85F04] () C:\Rybka\MATCHES\La maldicion de la reina.fch
2018-11-04 13:01 - 2010-03-27 10:34 - 000005601 ____A [308205D51FA2C7D155B87E1127BBE055] () C:\Rybka\MATCHES\La Rusa Reti.fch
2018-11-04 13:01 - 2010-11-02 18:36 - 000002535 ____A [960797ECCD5A20EEB3758A3885303B5E] () C:\Rybka\MATCHES\Magistrales de ARMANDO TORRES 02.fch
2018-11-04 13:01 - 2010-10-21 23:24 - 000004269 ____A [1712B4F472568A634C107C3C6A8D84DB] () C:\Rybka\MATCHES\Magistrales de ARMANDO TORRES.fch
2018-11-04 13:01 - 2010-11-14 16:18 - 000006137 ____A [7520761E35292E6344512A214DF68A5E] () C:\Rybka\MATCHES\Mariusz.fch
2018-11-04 13:01 - 2011-04-28 12:21 - 000001412 ____A [E939B2519C496183BBAC66D33655BCEE] () C:\Rybka\MATCHES\Mate solo con el Rey, problem.fch
2019-10-31 17:16 - 2019-10-31 17:16 - 000007363 ____A [2FED18E9AD96187A4EB36819780AA8EF] () C:\Rybka\MATCHES\McGyver Pure Art with Black.fch
2018-11-04 13:01 - 2012-08-19 13:07 - 000005108 ____A [FA06E2FB9CAFC8360890D9B6A3EC8237] () C:\Rybka\MATCHES\Memorable.fch
2018-11-04 13:01 - 2009-12-01 16:15 - 000002164 ____A [835B904D8F4CAFCA8BEE7AF71EBFDF62] () C:\Rybka\MATCHES\Mkirk vs Mournful.fch
2018-11-04 13:01 - 2009-11-26 14:05 - 000001108 ____A [89E6F2D8C8789EC61D034FE6E2261935] () C:\Rybka\MATCHES\mkirk.fch
2018-11-04 13:01 - 2011-03-18 11:26 - 000006608 ____A [08B38BFBA5C8E107BADA5120E1396447] () C:\Rybka\MATCHES\nemogevsARMANDO TORRES.fch
2018-11-04 13:01 - 2010-03-07 09:22 - 000001886 ____A [9C4DCE6476FA99446677408A1319C88A] () C:\Rybka\MATCHES\New kelbo.fch
2018-11-04 13:01 - 2009-11-25 23:56 - 000003440 ____A [88DBA3236A9CA34B5A77EA81D61201B9] () C:\Rybka\MATCHES\Nosna vs ARMANDO TORRES FTW 001.fch
2018-11-04 13:01 - 2010-03-09 11:20 - 000002067 ____A [FECAA5C98C86E2B4C57B3B64E8F3BB0E] () C:\Rybka\MATCHES\othershit.fch
2018-11-04 13:01 - 2013-10-16 15:20 - 000004062 ____A [A745646DDC8D05560ACE028826CCFF50] () C:\Rybka\MATCHES\otro grande derrotado soy imparable.fch
2018-11-04 13:01 - 2012-10-04 16:06 - 000009713 ____A [4C8DE03E849DEAB88E72E4A77084F474] () C:\Rybka\MATCHES\Pawn Mastering.fch
2018-11-04 13:01 - 2011-04-05 21:18 - 000008814 ____A [D428E1A58635F603BE6FA2D04E288FC5] () C:\Rybka\MATCHES\pawns end with ARMANDO TORRES.fch
2018-11-04 13:01 - 2010-03-09 11:14 - 000001590 ____A [448933270ED7649380BD38DC25FB255B] () C:\Rybka\MATCHES\posible desenlace Redneck .pgn
2018-11-04 13:01 - 2012-08-18 11:14 - 000003242 ____A [EBC5AF38800EB4EBDA6391554A7C8C28] () C:\Rybka\MATCHES\Posible Empate.fch
2018-11-04 13:01 - 2010-09-14 13:22 - 000002206 ____A [9635A3839B3BAD28546642D0E18FBF26] () C:\Rybka\MATCHES\Queen Sacrifice.fch
2018-11-04 13:01 - 2014-12-19 23:26 - 000012201 ____A [EA6133E705F9145F1E7D6ED7EE07C5AE] () C:\Rybka\MATCHES\Recuoerada brutal.fch
2018-11-04 13:01 - 2010-03-11 20:44 - 000005258 ____A [B75DBDAA275E3FFE17A2B611CA9B3A5B] () C:\Rybka\MATCHES\Redneck vs ARMANDO TORRES.fch
2018-11-04 13:01 - 2010-03-09 11:06 - 000000732 ____A [ECBB4C3905D3AC8E56B292C32A48AE08] () C:\Rybka\MATCHES\redneck04_vs_ARMANDO TORRES_2009_12_08.pgn
2018-11-04 13:01 - 2010-05-11 23:40 - 000000630 ____A [30B24E7FF077D431BC45117D41D9A42A] () C:\Rybka\MATCHES\ARMANDO TORRES last against Ziryab.pgn
2018-11-04 13:01 - 2009-11-24 23:50 - 000011232 ____A [B54C5550A538D81F9D34AC70CF9C941D] () C:\Rybka\MATCHES\ARMANDO TORRES vs BobbyFischer.fch
2018-11-04 13:01 - 2009-11-20 12:41 - 000001947 ____A [F38A93F15A5CD94EF0EBF1C484643787] () C:\Rybka\MATCHES\ARMANDO TORRES vs ComputerMedium.pgn
2018-11-04 13:01 - 2009-11-25 16:16 - 000002007 ____A [4EB0608975736C1F61098C0CF1BE39FE] () C:\Rybka\MATCHES\ARMANDO TORRES vs Felo802.fch
2018-11-04 13:01 - 2009-12-01 15:31 - 000008336 ____A [35515857DDA7898DA17DB7F64300E4E1] () C:\Rybka\MATCHES\ARMANDO TORRES vs Hard Opponent.pgn
2018-11-04 13:01 - 2010-03-19 14:28 - 000008512 ____A [803655D3CE198EEBAF1F0052C5979CCE] () C:\Rybka\MATCHES\ARMANDO TORRES VS Kelvo1976.fch
2018-11-04 13:01 - 2010-02-21 15:01 - 000006322 ____A [59FC1BE154E849FFB204BCD9AB70ED58] () C:\Rybka\MATCHES\ARMANDO TORRES vs Redneck.fch
2018-11-04 13:01 - 2011-02-23 19:00 - 000006203 ____A [56B87805E5FA90E69737BBEED31BDEE7] () C:\Rybka\MATCHES\ARMANDO TORRES vs Sparkchess .fch
2018-11-04 13:01 - 2009-11-24 20:54 - 000000268 ____A [F1DA68A9F0584CBA1BE40963163849E9] () C:\Rybka\MATCHES\ARMANDO TORRES_vs_felo802_2009_11_13.pgn
2018-11-04 13:01 - 2010-03-03 09:40 - 000000721 ____A [C0C45D74955B470698A1DE8B9ECB60BD] () C:\Rybka\MATCHES\ARMANDO TORRES_vs_kelvo1976_2009_12_08.pgn
2018-11-04 13:01 - 2010-03-03 09:41 - 000000721 ____A [C0C45D74955B470698A1DE8B9ECB60BD] () C:\Rybka\MATCHES\ARMANDO TORRES_vs_kelvo1976_2010_03_03.pgn
2018-11-04 13:01 - 2009-11-20 14:21 - 000016882 ____A [F6437AFC71026F301C7D248112FABBF2] () C:\Rybka\MATCHES\Rybka vs Rybka.fch
2018-11-04 13:01 - 2011-06-30 11:06 - 000004865 ____A [F17A4CBA5D97A3CCD6D45395227F2C57] () C:\Rybka\MATCHES\Sacrificio de la Torre.fch
2018-11-04 13:01 - 2012-07-07 10:29 - 000006047 ____A [5E4EDBB9B65B1AE87C840D88C86EC66F] () C:\Rybka\MATCHES\Solucion al Nivel 8 con Apertura Reki.fch
2018-11-04 13:01 - 2009-12-01 16:15 - 000002700 ____A [FEB5C38DB59FDC4787F2CF7339AD56CF] () C:\Rybka\MATCHES\Sqwost vs Mournful rematch.fch
2018-11-04 13:01 - 2009-11-26 14:03 - 000001021 ____A [86358B02478CAF040992B46DEAC556A8] () C:\Rybka\MATCHES\sqwost.fch
2018-11-04 13:01 - 2011-05-31 16:02 - 000024447 ____A [8131A12060F1ADFC870B68A8C6255CF2] () C:\Rybka\MATCHES\Stronger than Rybka.fch
2018-11-04 13:01 - 2009-12-21 10:09 - 000000226 ____A [27163C011BAD60BE00EF3BF5C2E0571E] () C:\Rybka\MATCHES\Team Colombia_vs_Team Peru_2009_11_08.pgn
2018-11-04 13:01 - 2009-12-11 08:13 - 000000248 ____A [568B39FF47158212F19EF97CD91C75E6] () C:\Rybka\MATCHES\Team Colombia_vs_Team Spain_2009_11_08.pgn
2018-11-04 13:01 - 2013-07-01 23:34 - 000006146 ____A [B8A2F26AF05DF79AEBC7D684DAFD0010] () C:\Rybka\MATCHES\Took tooker.fch
2018-11-04 13:01 - 2013-07-24 13:46 - 000005684 ____A [B6BC594EA94D45315DFCC2E3413755E2] () C:\Rybka\MATCHES\Un Mate Fulminante.fch
2018-11-04 13:01 - 2014-12-19 22:02 - 000003683 ____A [ECD4EC98B16046CD81BB36A24A4D71B7] () C:\Rybka\MATCHES\UN MATE REALMENTE FULMINANTE.fch
2018-11-04 13:01 - 2010-03-21 18:03 - 000014276 ____A [37E361B79E67251246A24BFA7EA90232] () C:\Rybka\MATCHES\Una partida realmente dura.fch
2018-11-04 13:01 - 2010-03-21 18:03 - 000002232 ____A [72460B6294754509427B9B20ECE9B12A] () C:\Rybka\MATCHES\Una Partida Realmente dura.pgn
2018-11-04 13:01 - 2011-06-30 10:20 - 000000478 ____A [245398FE4B6C81CDA6DC4D5C422E7A88] () C:\Rybka\MATCHES\Werty74 Game.pgn
2018-11-04 13:01 - 2010-04-09 13:52 - 000008349 ____A [020AB929F87461E639AE0242FE7A18E5] () C:\Rybka\MATCHES\Ziryab Final Death propose.fch
2018-11-04 13:01 - 2010-05-25 11:54 - 000002681 ____A [510085F1D1A9804FB68177D5F62733A7] () C:\Rybka\MATCHES\Ziryab vs ARMANDO TORRES New Final Match.fch
2018-11-04 13:01 - 2010-05-30 23:09 - 000002789 ____A [F55B22BC6C521623F79BAE41CD67B57D] () C:\Rybka\MATCHES\Ziryab vs ARMANDO TORRES New Final Match2.fch
2018-11-04 13:01 - 2009-12-04 07:47 - 000001430 ____A [F85593F7B24497E664CC2FB75DF32601] () C:\Rybka\MATCHES\Ziryab vs ARMANDO TORRES.fch
2018-11-04 13:01 - 2010-04-19 10:52 - 000007499 ____A [7EB1655279AD2A013F52AF1A1F7CC0E1] () C:\Rybka\MATCHES\zYRYAB.fch
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Readme
2018-11-04 13:01 - 2007-03-28 20:33 - 000008810 ____A [1873A41C6006EB93E3B68DAA90CE3307] () C:\Rybka\Readme\copyright.txt
2018-11-04 13:01 - 2006-11-07 22:40 - 000000133 ____A [B30867F121CF4898F53AE4FE0564163D] () C:\Rybka\Readme\info.txt
2018-11-04 13:01 - 2008-02-09 21:12 - 000000930 ____A [D866C3A4EA0A74EE93EA2CD4CEC0AD8B] () C:\Rybka\Readme\Liesmich-Beta.txt
2018-11-04 13:01 - 2008-02-09 21:13 - 000000779 ____A [8315578E5876F9641A0B54D388E9D5BA] () C:\Rybka\Readme\Readme-Beta.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Sounds
2018-11-04 13:01 - 2003-11-26 09:00 - 000000108 ____A [C4DEA6BD2CFF68362D57C02593206005] () C:\Rybka\Sounds\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\stockfish-191-win
2018-11-04 13:01 - 2011-09-17 13:53 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\stockfish-191-win\Windows
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\stockfish-9-win
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\stockfish-9-win\stockfish-9-win
2018-11-04 13:01 - 2018-02-01 01:58 - 000002483 ____A [9172DA7F8D1944970860728CD82D5A7A] () C:\Rybka\stockfish-9-win\stockfish-9-win\.travis.yml
2018-11-04 13:01 - 2018-02-01 01:58 - 000002071 ____A [67E6099EBE3CFA2E53C6533A8B3DAEB6] () C:\Rybka\stockfish-9-win\stockfish-9-win\appveyor.yml
2018-11-04 13:01 - 2018-02-01 01:58 - 000001635 ____A [F51A01FF68BDC4BB083DCA9BD14610E7] () C:\Rybka\stockfish-9-win\stockfish-9-win\AUTHORS
2018-11-04 13:01 - 2018-02-01 01:58 - 000035821 ____A [3C34AFDC3ADF82D2448F12715A255122] () C:\Rybka\stockfish-9-win\stockfish-9-win\Copying.txt
2018-11-04 13:01 - 2018-02-01 01:58 - 000005880 ____A [481C1FF1A1B449783A51EC34D44E0A5E] () C:\Rybka\stockfish-9-win\stockfish-9-win\Readme.md
2018-11-04 13:01 - 2018-02-01 01:58 - 000005619 ____A [9F7E9085D68B2DC857E268E41778E811] () C:\Rybka\stockfish-9-win\stockfish-9-win\Top CPU Contributors.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\stockfish-9-win\stockfish-9-win\src
2018-11-04 13:01 - 2018-02-01 01:58 - 000005896 ____A [568373E25C8DC43344D7F1E2EC206ACE] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\benchmark.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000006234 ____A [317BAE91A9BE9B7F962A643D04C6FE14] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\bitbase.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000010724 ____A [5BB8381FB92E1B686FB19D0C336D946B] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\bitboard.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000009826 ____A [65771D3686A2725A036C499F5D6B5E59] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\bitboard.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000030663 ____A [8F92DD93242CC3F302B5D76C4BFCD9E6] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\endgame.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000003523 ____A [EA92A41FB68D314793021C3AB145D54E] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\endgame.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000036983 ____A [C6E7F676E10387EEBA0BBDC7A533E90D] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\evaluate.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000001245 ____A [430997C425FB4D38F3C949C9D7521378] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\evaluate.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000001536 ____A [8A159CB959FB4A9FFC30198EE50C2A2A] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\main.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000014199 ____A [65A2DD8721ABAA589EE944487BCE30DE] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\Makefile
2018-11-04 13:01 - 2018-02-01 01:58 - 000008642 ____A [BC2938609FAFEA75765C7254D18D33B1] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\material.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000002967 ____A [3A891BF0A6F7D26107D7ADF946B5E82F] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\material.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000008967 ____A [3DD700192E7695453B6BFFEB12F07A8A] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\misc.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000003400 ____A [A550B427CB45C5C92CA41CAAFBE1548D] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\misc.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000014273 ____A [462261E7B403F630F32DD6A0F9BC0927] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\movegen.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000002162 ____A [DEF9D7EE296420B27EC80DF018E50001] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\movegen.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000009932 ____A [1418B99114A7C5F477F02A8CB2A59E4F] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\movepick.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000005657 ____A [B0E0653F3F4C1B4B9BDCE45136D066AE] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\movepick.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000011437 ____A [059C60EB355AAC1477F59632A9B01B1E] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\pawns.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000002959 ____A [3CE6232B1009400B4A434FC21624C4C1] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\pawns.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000038699 ____A [F4567D8CDA43295C96A9C7EBFA370F86] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\position.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000012728 ____A [061D5C28558BD056C180B15CB03DEC1E] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\position.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000004895 ____A [72954FBBDFD61B75E9D4F7F94F5EB147] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\psqt.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000059891 ____A [C3AF94EBDD5DD9147F5B8AAA426906D7] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\search.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000003156 ____A [B75CD4FCCCB0543ADD4A942EF853C4CE] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\search.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000005938 ____A [2281660116C63AB23797F8C6EDE3A46C] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\thread.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000003460 ____A [344B082B5E54CFC9C51C899CF70703EF] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\thread.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000002523 ____A [A02B37EA61307631DAC510F39AD24973] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\thread_win32.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000005173 ____A [EC93E44E14736518BCA41A5F1ECD409A] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\timeman.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000001668 ____A [41750BEAA0F29F3D16B351EED41971A0] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\timeman.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000004285 ____A [C2484CF3C84F6EF18650E528BF84AC42] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\tt.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000003809 ____A [D3150D25072CE321E8D37994BA55681B] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\tt.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000013567 ____A [27C17C6F28EA98A65CB705FEB6094B63] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\types.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000010451 ____A [F2133E0EF6692D94576D2F32B78176AB] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\uci.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000002341 ____A [4CD9D168E11962445A8206F31FABE450] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\uci.h
2018-11-04 13:01 - 2018-02-01 01:58 - 000005257 ____A [8706512485F0CF325F420C17E02D6744] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\ucioption.cpp
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\syzygy
2018-11-04 13:01 - 2018-02-01 01:58 - 000061479 ____A [64C54345FE9DCF177BEF9CAA1AF72AA7] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\syzygy\tbprobe.cpp
2018-11-04 13:01 - 2018-02-01 01:58 - 000002527 ____A [15391CC6DFD9CE512A096F77D745B28A] () C:\Rybka\stockfish-9-win\stockfish-9-win\src\syzygy\tbprobe.h
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\stockfish-9-win\stockfish-9-win\tests
2018-11-04 13:01 - 2018-02-01 01:58 - 000002464 ____A [088ED01B6B382073355198530834677A] () C:\Rybka\stockfish-9-win\stockfish-9-win\tests\instrumented.sh
2018-11-04 13:01 - 2018-02-01 01:58 - 000001083 ____A [DC8AD253A29C720448663B7A994F48CA] () C:\Rybka\stockfish-9-win\stockfish-9-win\tests\perft.sh
2018-11-04 13:01 - 2018-02-01 01:58 - 000001277 ____A [4A7AD540A9A7E466300ED7C699044FDA] () C:\Rybka\stockfish-9-win\stockfish-9-win\tests\reprosearch.sh
2018-11-04 13:01 - 2018-02-01 01:58 - 000000620 ____A [2E241DAC7AF65F8ED3618824F991BAB8] () C:\Rybka\stockfish-9-win\stockfish-9-win\tests\signature.sh
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\stockfish-9-win\stockfish-9-win\Windows
2018-11-04 13:01 - 2018-02-01 00:31 - 001322510 ____A [80BC3B0E0A487B14D166AB73DCD50221] () C:\Rybka\stockfish-9-win\stockfish-9-win\Windows\stockfish_9_x32.exe
2018-11-04 13:01 - 2018-01-30 19:11 - 001154048 ____A [710E536A2648FA2F00CFD7E878106D85] () C:\Rybka\stockfish-9-win\stockfish-9-win\Windows\stockfish_9_x64.exe
2018-11-04 13:01 - 2018-01-31 19:26 - 001138688 ____A [F256DCF3B6930CCE77C521CC80DFA2D2] () C:\Rybka\stockfish-9-win\stockfish-9-win\Windows\stockfish_9_x64_bmi2.exe
2018-11-04 13:01 - 2018-01-30 19:11 - 001147392 ____A [EE3E84E70E5E5E238B02E190C7709FB1] () C:\Rybka\stockfish-9-win\stockfish-9-win\Windows\stockfish_9_x64_popcnt.exe
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Tarrasch
2018-11-04 13:01 - 2009-04-07 17:23 - 001983878 ____A [5A4E568101A3D8FF34273D0FFEBEFAD1] () C:\Rybka\Tarrasch\book.pgn
2018-11-04 13:01 - 2009-04-07 17:32 - 005393045 ____A [D9F718E89F54F27D38583AF16FDBB130] () C:\Rybka\Tarrasch\book.pgn_compiled
2018-11-04 13:01 - 2010-11-22 19:52 - 000000303 ____A [34034DB153ACA44EE98A2537BB51858D] () C:\Rybka\Tarrasch\log.pgn
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\Tournaments
2018-11-04 13:01 - 2003-07-14 20:49 - 000000091 ____A [38A27E6E80AA783CCDE5F67F91B89DC2] () C:\Rybka\Tournaments\info.txt
2018-11-04 13:01 - 2018-11-04 13:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Rybka\w32
2018-11-04 13:01 - 2008-07-29 07:29 - 002588672 ____A [98C1E014928CFA3C301F61CCE0D598A3] () C:\Rybka\w32\Rybka 3 960 w32.exe
2018-11-04 13:01 - 2008-07-29 07:41 - 002588672 ____A [AF7D3C6E9525CA0850AD9A1EA8C2BB72] () C:\Rybka\w32\Rybka 3 Dynamic w32.exe
2018-11-04 13:01 - 2008-07-29 09:10 - 002592768 ____A [70E018404690FD18CFDA4E40DF8BC51F] () C:\Rybka\w32\Rybka 3 Human w32.exe
2018-11-04 13:01 - 2008-07-29 07:14 - 002580480 ____A [9F3266D7B32E0F27AD2BBB4093074880] () C:\Rybka\w32\Rybka 3 w32.exe

====== End 1 Folder: ======


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End 1 CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::b149:69ae:d1c8:d549%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.2
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

Adaptador de t£nel isatap.{11B91CD8-D2EC-4BAC-AAC5-B32E7E2A8F9C}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End 1 CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {20445617-C795-4980-9816-3AC3F96605C4}.
Unable to cancel {40766AB3-06D9-42B0-8448-39ABB10E0E54}.
Unable to cancel {3CEC5018-B445-4CA1-AC40-B33626E22063}.
0 out of 3 jobs canceled.

========= End 1 CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End 1 CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End 1 CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End 1 CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End 1 CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End 1 CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11202019173756351\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11202019173756351\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11202019173759221\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11202019173759221\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End 1 RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6612134 B
Java, Flash, Steam htmlcache => 1154 B
Windows/system/drivers => 234002 B
Edge => 0 B
Chrome => 139264 B
Firefox => 46846814 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
systemprofile32 => 66116 B
LocalService => 132344 B
NetworkService => 132344 B
HOMEPC => 192680145 B
OFICINA => 194975590 B

RecycleBin => 0 B
EmptyTemp: => 429.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End 1 Fixlog 21:58:47 ====

Efectivamente allí estuvo el problema.

Reinicia, como mínimo tres veces el equipo, no elimines nada, vuelves comentas como siguen los problemas.

Salu2

Hola nuevamente @SanMar,

Gracias por toda esa labor de soporte. Luego de varios inicios, no volvieron a aparecer las carpetas, ni las entradas, ni los archivos maliciosos. El doble acento fue eliminado.

Sin embargo, algo pasó con el controlador de pantalla pero no está claro que fue. Al iniciar las sesiones del equipo en la fase pre-sistema operativo siguen saliendo estas pantallas de colores… Toca reiniciar dos veces el equipo y desaparecen… Es lo único raro que ha quedado, o se ha generado…

El resto parece estar bien…

Que opinas de la situación ?

Gracias

Server 007

Hola @SERVER007

Disculpa la demora.

Ya veremos vuelve a ejecutar FRST como la primera vez que te lo indique y me pegas los reportes frescos.

Adjuntalos al tema con el Método 4. para que te sea mas fácil.

Salu2

Hola nuevamente @SanMar

No hay problema. Gracias nuevamente por el soporte.

El tema del pantallazo inicial con esas líneas en la pantalla del pc hasta reiniciar nuevamente se mantiene. De resto no hay novedad.

Aquí está el nuevo reporte de la herramienta FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-11-2019
Ran by HOMEPC (administrator) on INTEL (INTEL_ DH67BL__) (22-11-2019 20:15:33)
Running from C:\Users\HOMEPC\Desktop
Loaded Profiles: HOMEPC (Available Profiles: HOMEPC & OFICINA)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Windows\Samsung\PanelMgr\caller64.exe
() [File not signed] C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Windows Hardware Compatibility Publisher -> Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(SafeNet Canada, Inc. -> SafeNet, Inc.) C:\Windows\System32\hasplms.exe
(SafeNet Canada, Inc. -> SafeNet, Inc.) C:\Windows\System32\hasplmv.exe
(Samsung Electronics Co., Ltd.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(WDC) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Western Digital Technologies, Inc.) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.) C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe
(WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.) C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Incorporation)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1702400 2009-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2019-11-20] (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [180736 2019-10-03] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [626688 2010-12-01] () [File not signed]
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103156560\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103156560\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103156560\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103156560\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159087\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159087\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159087\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159087\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159742\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159742\...\MountPoints2: {9932e0ef-7f02-11e7-bff7-e06995c86974} - J:\unlock.exe autoplay=true
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159742\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2019-10-05]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.) [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A620582-0826-4429-BEFC-A5E23362F9D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-06-04] (Google Inc -> Google Inc.)
Task: {0FE7741B-3D6B-4CA7-9117-5A1B5504A0B9} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3487624 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {10FDE71F-AEBF-41B9-9157-BB5EF00592A1} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950664 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1118F867-EEB5-4955-863A-C856A2D623F8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [995208 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1B1CEDCD-DBD9-4BBC-9CD2-F6D7F15A499A} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950664 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1B597BF4-1FCB-46E7-AF35-BCB3BC1A5B5A} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {27C003BD-B521-4621-8DE7-23D86382C99B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773512 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {32222A69-546D-433C-A1E5-7D5D3C4642E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {42802A00-4AB4-4E0C-8F17-9B4C3A0B8491} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\HOMEPC\Downloads\esetonlinescanner_enu.exe [8149816 2019-11-20] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {56736E4B-FFA4-49CF-A449-713A883BE496} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\HOMEPC\Downloads\esetonlinescanner_enu.exe [8149816 2019-11-20] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {5896E73F-2FB5-4EFC-9B5A-D990CBAC69AE} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950664 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5A042955-A611-43C2-B005-1EC49FB47925} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-06-04] (Google Inc -> Google Inc.)
Task: {60647C02-7626-4C44-BC4A-F9AD6685B932} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [696200 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {818B6FF4-7C89-442C-8A4F-84647A5D59C0} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773512 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9496EBDB-ADFD-48F5-B41E-8811DEE63346} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950664 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AB42B71A-0A95-463D-9324-68696EF7CFA3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855944 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E81EED5F-D43C-42EB-BC5A-A73807777141} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E88BBDF9-FA94-4552-94E3-D2380946EB90} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855944 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E94980B8-9057-4B6F-ACAD-AF027973B2EA} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {F832B810-3CF1-4CEA-A98B-A3880CB20EE9} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-09-25] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 190.157.8.108 190.157.8.46 100.70.133.50
Tcpip\..\Interfaces\{11B91CD8-D2EC-4BAC-AAC5-B32E7E2A8F9C}: [DhcpNameServer] 190.157.8.108 190.157.8.46 100.70.133.50

Internet Explorer:
==================
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/ncr
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103156560\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/ncr
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159087\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/ncr
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159742\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ncr
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]

FireFox:
========
FF DefaultProfile: afwwtnm8.default
FF ProfilePath: C:\Users\HOMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\oue5zdrp.default-release-1567798430190 [2019-11-22]
FF Homepage: Mozilla\Firefox\Profiles\oue5zdrp.default-release-1567798430190 -> www.google.com/ncr
FF ProfilePath: C:\Users\HOMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\afwwtnm8.default [2019-11-20]
FF Homepage: Mozilla\Firefox\Profiles\afwwtnm8.default -> hxxps://www.google.com/ncr
FF Extension: (ImTranslator: Traductor, Diccionario, Voz) - C:\Users\HOMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\afwwtnm8.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2019-08-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-09-25] (Adobe Inc. -> )
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-25] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC)

Chrome: 
=======
CHR Profile: C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default [2019-11-20]
CHR Extension: (Presentaciones) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-04]
CHR Extension: (Documentos) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-04]
CHR Extension: (Google Drive) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-04]
CHR Extension: (YouTube) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-04]
CHR Extension: (Hojas de cálculo) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-04]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-28]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-15]
CHR Extension: (Gmail) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-30]
CHR Extension: (Chrome Media Router) - C:\Users\HOMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2243136 2019-10-03] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2243136 2019-10-03] (ESET, spol. s r.o. -> ESET)
R2 hasplms; C:\Windows\system32\hasplms.exe [4295208 2017-07-07] (SafeNet Canada, Inc. -> SafeNet, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-19] (Malwarebytes Inc -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773512 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773512 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [216576 2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] (Western Digital Technologies, Inc. -> )
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] (Western Digital Technologies, Inc. -> )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2019-11-20] (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 cvintdrv; C:\Windows\SysWow64\Drivers\cvintdrv.sys [4096 2006-04-10] () [File not signed]
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-02-10] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [149944 2019-10-03] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [103264 2019-10-03] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [189512 2019-10-03] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50712 2019-10-03] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [77184 2019-10-03] (ESET, spol. s r.o. -> ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61640 2019-10-03] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [114136 2019-10-03] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2019-11-19] (Malwarebytes Corporation -> Malwarebytes)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [110912 2016-02-16] (Future Technology Devices International Ltd -> FTDI Ltd.)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [95168 2016-02-16] (Future Technology Devices International Ltd -> FTDI Ltd.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [1296160 2017-07-07] (SafeNet, Inc. -> SafeNet, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [216544 2019-11-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-11-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-11-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [278344 2019-11-22] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [106344 2019-11-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69544 2018-06-07] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Inc.)
S3 PAC207; C:\Windows\SysWOW64\DRIVERS\PFC027.SYS [162176 2005-02-24] () [File not signed]
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Inc.)
R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2019-11-20] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2019-11-20] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-22 20:15 - 2019-11-22 20:16 - 000028824 _____ C:\Users\HOMEPC\Desktop\FRST.txt
2019-11-22 20:15 - 2019-11-22 20:15 - 000000000 ____D C:\Users\HOMEPC\Desktop\FRST-OlderVersion
2019-11-22 20:12 - 2019-11-22 20:13 - 000000000 ____D C:\Users\HOMEPC\Desktop\reportes al foro
2019-11-22 10:32 - 2019-11-22 10:32 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-11-22 10:32 - 2019-11-22 10:32 - 000106344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-11-22 10:32 - 2019-11-22 10:32 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-11-22 10:31 - 2019-11-22 10:31 - 000278344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-11-20 21:48 - 2019-11-20 21:48 - 000000261 _____ C:\DelFix.txt
2019-11-20 21:48 - 2019-11-20 21:48 - 000000000 ____D C:\Windows\ERUNT
2019-11-20 21:46 - 2019-11-20 21:46 - 000797760 _____ C:\Users\HOMEPC\Desktop\delfix.exe
2019-11-20 21:44 - 2019-11-22 20:15 - 002261504 _____ (Farbar) C:\Users\HOMEPC\Desktop\FRST64.exe
2019-11-20 19:10 - 2019-11-20 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2019-11-20 19:10 - 2019-11-20 19:10 - 000000000 ____D C:\ProgramData\ESET
2019-11-20 19:10 - 2019-11-20 19:10 - 000000000 ____D C:\Program Files\ESET
2019-11-20 19:00 - 2019-11-20 19:00 - 000003728 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2019-11-20 19:00 - 2019-11-20 19:00 - 000003288 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2019-11-20 18:56 - 2019-11-20 18:56 - 000005334 _____ C:\Users\HOMEPC\Desktop\ESET ONLINE LOG REPORT.txt
2019-11-20 17:42 - 2019-11-20 23:07 - 000000754 _____ C:\Users\HOMEPC\Desktop\ESET Online Scanner.lnk
2019-11-20 17:42 - 2019-11-20 19:11 - 000000000 ____D C:\Users\HOMEPC\AppData\Local\ESET
2019-11-20 17:41 - 2019-11-20 17:41 - 008149816 _____ (ESET spol. s r.o.) C:\Users\HOMEPC\Downloads\esetonlinescanner_enu.exe
2019-11-20 17:31 - 2019-02-10 11:41 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-11-20 17:31 - 2019-02-10 11:41 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2019-11-20 17:31 - 2019-02-10 11:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-11-20 17:31 - 2019-02-10 11:29 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-11-20 17:31 - 2019-02-10 11:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-11-20 17:31 - 2019-02-10 11:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-11-20 17:31 - 2019-02-10 11:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-11-20 17:31 - 2019-02-10 11:28 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-11-20 17:31 - 2019-02-10 11:10 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-11-20 17:31 - 2019-02-10 11:09 - 014635520 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-11-20 17:31 - 2019-02-10 11:09 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-11-20 17:31 - 2019-02-10 11:09 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-11-20 17:31 - 2019-02-10 11:09 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-11-20 17:31 - 2019-02-10 11:09 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-11-20 17:31 - 2019-02-10 11:09 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-11-20 17:31 - 2019-02-10 11:09 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-11-20 17:31 - 2019-02-10 11:09 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-11-20 17:31 - 2019-02-10 11:09 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-11-20 17:31 - 2019-02-10 11:09 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-11-20 17:31 - 2019-02-10 11:09 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-11-20 17:31 - 2019-02-10 11:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-11-20 17:31 - 2019-02-10 11:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-11-20 17:31 - 2019-02-10 11:08 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-11-20 17:31 - 2019-02-10 11:07 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-11-20 17:31 - 2019-02-10 11:07 - 000680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-11-20 17:31 - 2019-02-10 11:07 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-11-20 17:31 - 2019-02-10 11:07 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-11-20 17:31 - 2019-02-10 11:02 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-11-20 17:31 - 2019-02-10 10:50 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-11-20 17:31 - 2019-02-10 10:49 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-11-20 17:31 - 2019-02-10 10:49 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-11-20 17:31 - 2019-02-10 10:38 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-11-20 17:31 - 2019-02-10 10:38 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-11-20 17:26 - 2019-02-16 00:32 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-11-20 17:26 - 2019-02-16 00:30 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-11-20 17:22 - 2019-11-20 17:22 - 005504824 _____ (ESET) C:\Users\HOMEPC\Downloads\eset_internet_security_live_installer.exe
2019-11-20 15:40 - 2019-11-20 21:38 - 000002134 _____ C:\Users\HOMEPC\Downloads\nombre conexion saliente no autorizada.txt
2019-11-20 15:19 - 2019-11-22 20:16 - 000253171 _____ C:\Windows\ZAM.krnl.trace
2019-11-20 15:19 - 2019-11-22 20:16 - 000062596 _____ C:\Windows\ZAM_Guard.krnl.trace
2019-11-20 15:19 - 2019-11-20 15:19 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2019-11-20 15:19 - 2019-11-20 15:19 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2019-11-20 15:19 - 2019-11-20 15:19 - 000001190 _____ C:\Users\Public\Desktop\MalwareFox AntiMalware.lnk
2019-11-20 15:19 - 2019-11-20 15:19 - 000001190 _____ C:\ProgramData\Desktop\MalwareFox AntiMalware.lnk
2019-11-20 15:19 - 2019-11-20 15:19 - 000000000 ____D C:\Users\HOMEPC\AppData\Local\Zemana
2019-11-20 15:19 - 2019-11-20 15:19 - 000000000 ____D C:\Users\HOMEPC\AppData\Local\Wolf of Webstreet OPC Private Limited
2019-11-20 15:19 - 2019-11-20 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareFox AntiMalware
2019-11-20 15:19 - 2019-11-20 15:19 - 000000000 ____D C:\Program Files (x86)\MalwareFox AntiMalware
2019-11-20 15:18 - 2019-11-20 15:18 - 006617512 _____ (Zemana Ltd. ) C:\Users\HOMEPC\Downloads\MalwareFox.exe
2019-11-20 15:16 - 2019-11-20 16:12 - 000000000 ____D C:\Windows\pss
2019-11-20 09:49 - 2019-11-20 09:49 - 000073035 _____ C:\Users\HOMEPC\Downloads\Shortcut.txt
2019-11-20 09:48 - 2019-11-20 10:11 - 000001955 _____ C:\Users\HOMEPC\Desktop\Ultimo malwarebytes.txt
2019-11-20 03:04 - 2019-11-20 03:04 - 000000000 ____D C:\Users\OFICINA\AppData\Local\Western Digital
2019-11-20 00:46 - 2019-11-20 09:49 - 000034567 _____ C:\Users\HOMEPC\Downloads\Addition.txt
2019-11-20 00:39 - 2019-11-20 09:49 - 000068278 _____ C:\Users\HOMEPC\Downloads\FRST.txt
2019-11-20 00:11 - 2019-11-20 16:52 - 000002675 _____ C:\Users\HOMEPC\Desktop\ZHPCleaner (R).txt
2019-11-20 00:00 - 2019-11-20 23:27 - 000002025 _____ C:\Users\HOMEPC\Desktop\ZHPCleaner (S).txt
2019-11-19 23:49 - 2019-11-20 01:26 - 000107992 _____ C:\Users\HOMEPC\Desktop\REPORTE FOROSPYWARE.txt
2019-11-19 23:38 - 2019-11-22 20:15 - 000000000 ____D C:\FRST
2019-11-19 23:38 - 2019-11-19 23:38 - 002260480 _____ (Farbar) C:\Users\HOMEPC\Downloads\FRST64.exe
2019-11-19 23:37 - 2019-11-19 23:37 - 000216544 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-11-19 23:37 - 2019-11-19 23:37 - 000000000 ____D C:\Users\HOMEPC\AppData\Local\cache
2019-11-19 23:19 - 2019-11-20 23:27 - 000000000 ____D C:\Users\HOMEPC\AppData\Roaming\ZHP
2019-11-19 23:19 - 2019-11-19 23:19 - 000000794 _____ C:\Users\HOMEPC\Desktop\ZHPCleaner.lnk
2019-11-19 23:19 - 2019-11-19 23:19 - 000000000 ____D C:\Users\HOMEPC\AppData\Local\ZHP
2019-11-19 23:18 - 2019-11-19 23:18 - 003332992 _____ (Nicolas Coolman) C:\Users\HOMEPC\Downloads\ZHPCleaner.exe
2019-11-19 23:18 - 2019-11-19 23:18 - 001883976 _____ (Malwarebytes) C:\Users\HOMEPC\Downloads\MBSetup.exe
2019-11-19 23:03 - 2019-11-19 23:04 - 000002842 _____ C:\Users\HOMEPC\Desktop\Rkill.txt
2019-11-19 23:03 - 2019-11-19 23:03 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\HOMEPC\Downloads\rkill.exe
2019-11-19 22:58 - 2019-11-19 22:58 - 000002019 _____ C:\Users\HOMEPC\Desktop\REPORTE MALWARE 19112019.txt
2019-11-19 21:56 - 2019-11-19 21:56 - 000001808 _____ C:\Users\HOMEPC\Documents\AdwCleaner[C00].txt
2019-11-19 21:42 - 2019-11-19 21:42 - 000000064 _____ C:\Users\HOMEPC\Documents\infospyware account.txt
2019-11-19 21:38 - 2019-11-19 21:38 - 007622344 _____ (Malwarebytes) C:\Users\HOMEPC\Downloads\adwcleaner_7.4.2.exe
2019-11-19 18:22 - 2019-11-19 18:22 - 000075639 _____ C:\Users\HOMEPC\Desktop\Opciones_Robocopy.pdf
2019-11-19 17:47 - 2019-11-22 10:38 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-11-19 17:47 - 2019-11-22 10:38 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2019-11-19 17:47 - 2019-11-19 17:47 - 000003446 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2019-11-19 17:41 - 2019-11-19 17:41 - 000002532 _____ C:\Users\HOMEPC\Documents\install original instructions.txt
2019-11-19 17:36 - 2019-11-19 17:36 - 000001055 _____ C:\Users\HOMEPC\Documents\hosts.txt
2019-11-19 17:22 - 2019-11-19 18:33 - 000000410 _____ C:\Users\HOMEPC\Documents\Acrobatt Installed Codes.txt
2019-11-19 17:20 - 2019-11-20 17:14 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2019-11-19 17:12 - 2019-11-19 17:12 - 000000040 ____H C:\76A9D7A3D9B0
2019-11-19 17:12 - 2018-09-19 23:32 - 000195888 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_2.dll
2019-11-19 17:06 - 2019-11-19 20:44 - 000154969 _____ C:\Users\HOMEPC\Documents\Profile Contact linkedin.pdf
2019-11-19 16:57 - 2019-11-19 16:58 - 000000000 ____D C:\Users\HOMEPC\Desktop\Adobe Acrobat
2019-11-19 16:41 - 2015-07-02 22:00 - 000005104 _____ C:\Users\HOMEPC\Desktop\x-force.nfo
2019-11-19 16:31 - 2016-12-12 22:22 - 000061286 _____ C:\Users\HOMEPC\Desktop\painter.nfo
2019-11-19 15:53 - 2019-11-20 19:28 - 000000000 ____D C:\Users\HOMEPC\Downloads\uTorrent
2019-11-19 15:53 - 2019-11-20 11:12 - 000000000 ____D C:\Users\HOMEPC\AppData\LocalLow\uTorrent
2019-11-18 17:07 - 2019-11-18 17:07 - 000000000 ____D C:\Users\HOMEPC\AppData\Roaming\Google
2019-11-18 16:23 - 2019-11-18 16:24 - 000266581 _____ C:\Users\HOMEPC\Downloads\123541415.jpeg
2019-11-18 16:20 - 2019-11-18 16:20 - 000328550 _____ C:\Users\HOMEPC\Downloads\2834865827.jpeg
2019-11-18 08:40 - 2019-11-18 08:40 - 000411448 _____ C:\Users\HOMEPC\Downloads\ControlAsistencia.pdf
2019-11-17 01:48 - 2019-11-18 22:05 - 000001750 _____ C:\Users\HOMEPC\Documents\LISTAS DE REPROD YOUTUBE 2.txt
2019-11-15 01:44 - 2019-11-16 00:11 - 000000000 ____D C:\Users\HOMEPC\AppData\Local\SecondLife
2019-11-15 01:44 - 2019-11-15 20:27 - 000000000 ____D C:\Users\HOMEPC\AppData\Roaming\SecondLife
2019-11-15 01:44 - 2019-11-15 01:44 - 000001856 _____ C:\Users\Public\Desktop\Second Life Viewer.lnk
2019-11-15 01:44 - 2019-11-15 01:44 - 000001856 _____ C:\ProgramData\Desktop\Second Life Viewer.lnk
2019-11-15 01:44 - 2019-11-15 01:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
2019-11-15 01:44 - 2019-11-15 01:44 - 000000000 ____D C:\Program Files\SecondLifeViewer
2019-11-15 01:41 - 2019-11-15 01:41 - 115595640 _____ C:\Users\HOMEPC\Downloads\Second_Life_6_3_4_532299_x86_64_Setup.exe
2019-11-14 15:36 - 2019-11-14 15:36 - 000119585 _____ C:\Users\HOMEPC\Documents\ohgo5glp45epzdrzjizibcbw20191114033611.pdf
2019-11-14 15:28 - 2019-11-14 15:28 - 000116187 _____ C:\Users\HOMEPC\Documents\ohgo5glp45epzdrzjizibcbw20191114032240.pdf
2019-11-14 10:48 - 2019-11-18 22:04 - 000005438 _____ C:\Users\HOMEPC\Documents\PRUEBA WAIS ONLINE.ods
2019-11-14 02:11 - 2019-11-14 02:11 - 000000419 _____ C:\Users\HOMEPC\Documents\LISTAS DE REPROD YOUTUBE.txt
2019-11-07 13:30 - 2019-11-07 13:30 - 000011066 _____ C:\Users\HOMEPC\Documents\NUEVO EGREGASTOS PROJECT 2019.ods
2019-11-06 23:44 - 2019-11-06 23:47 - 000000000 ____D C:\Users\HOMEPC\Downloads\Chad Hurley - YouTube_files
2019-11-06 23:44 - 2019-11-06 23:44 - 002637498 _____ C:\Users\HOMEPC\Downloads\Chad Hurley - YouTube.htm
2019-11-04 15:52 - 2019-11-04 15:52 - 000033094 _____ C:\Users\HOMEPC\Downloads\welcomeOption.jspx.htm
2019-11-04 15:52 - 2019-11-04 15:52 - 000000000 ____D C:\Users\HOMEPC\Downloads\welcomeOption.jspx_files
2019-11-04 11:31 - 2019-11-04 11:31 - 000003943 _____ C:\Users\HOMEPC\Documents\BEST AND WORST LIFE YEARS.ods
2019-11-03 16:30 - 2019-11-03 16:30 - 000259590 _____ C:\Users\HOMEPC\Downloads\3q-c-Nry08McVFeDU_PVKhEp6jriWF5yjRyL2YqXfswqeBBKNZicq3GgHe_ksV17PGKmI0uA=w2120-fcrop64=1,00000000ffffffff-k-c0xffffffff-no-nd-rj.htm
2019-11-01 23:08 - 2019-11-03 14:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-31 18:12 - 2019-11-02 00:38 - 000001013 _____ C:\Users\HOMEPC\Desktop\AUTORIZACION.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-22 20:01 - 2009-07-13 23:45 - 000020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-22 20:01 - 2009-07-13 23:45 - 000020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-22 17:55 - 2018-11-04 13:01 - 000000000 ____D C:\Rybka
2019-11-22 14:14 - 2017-08-03 01:46 - 000000000 ____D C:\ProgramData\NVIDIA
2019-11-22 13:33 - 2017-08-03 00:07 - 000000000 ____D C:\Users\HOMEPC\AppData\LocalLow\Mozilla
2019-11-22 10:38 - 2011-04-12 04:10 - 000747208 _____ C:\Windows\system32\perfh00A.dat
2019-11-22 10:38 - 2011-04-12 04:10 - 000158680 _____ C:\Windows\system32\perfc00A.dat
2019-11-22 10:38 - 2009-07-14 00:13 - 001676126 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-22 10:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-11-22 10:31 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-21 08:37 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2019-11-20 21:58 - 2019-03-08 18:48 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2019-11-20 17:40 - 2019-03-08 19:57 - 000110640 _____ C:\Users\HOMEPC\AppData\Local\GDIPFONTCACHEV1.DAT
2019-11-20 17:36 - 2019-03-09 00:46 - 000552048 _____ C:\Windows\system32\FNTCACHE.DAT
2019-11-20 17:33 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-11-20 17:33 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Dism
2019-11-20 17:19 - 2017-12-11 00:39 - 000000000 ____D C:\Users\HOMEPC\AppData\Roaming\uTorrent
2019-11-20 17:15 - 2017-08-03 00:04 - 000000000 ____D C:\ProgramData\Adobe
2019-11-20 16:19 - 2017-07-27 13:51 - 000000000 ____D C:\Users\HOMEPC
2019-11-20 15:56 - 2017-08-02 22:29 - 000000979 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-11-20 15:56 - 2017-08-02 22:29 - 000000979 _____ C:\ProgramData\Desktop\CCleaner.lnk
2019-11-20 15:03 - 2017-08-02 22:58 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-11-20 03:04 - 2019-03-29 09:00 - 000111032 _____ C:\Users\OFICINA\AppData\Local\GDIPFONTCACHEV1.DAT
2019-11-20 03:04 - 2018-04-30 11:41 - 000000000 ____D C:\Users\OFICINA\AppData\Local\Adobe
2019-11-19 23:37 - 2019-09-05 22:10 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-11-19 23:37 - 2019-09-05 22:10 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-11-19 23:37 - 2019-09-05 22:09 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-11-19 21:51 - 2018-03-08 09:25 - 000000000 ____D C:\AdwCleaner
2019-11-19 21:09 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-11-19 20:44 - 2017-08-02 22:58 - 000000000 ____D C:\Users\HOMEPC\AppData\Roaming\Adobe
2019-11-19 18:56 - 2017-08-03 02:04 - 000000000 ____D C:\Users\HOMEPC\AppData\Local\Adobe
2019-11-19 17:15 - 2017-09-15 23:39 - 000000000 ____D C:\Users\HOMEPC\AppData\LocalLow\Adobe
2019-11-19 17:06 - 2017-08-03 00:04 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-11-19 16:27 - 2017-08-02 22:25 - 000000000 ____D C:\Program Files\WinRAR
2019-11-18 17:50 - 2018-06-04 11:01 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-18 17:50 - 2018-06-04 11:01 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-18 17:50 - 2018-06-04 11:01 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-15 09:03 - 2019-10-14 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-11-11 00:18 - 2018-10-16 19:55 - 000000000 ____D C:\Users\HOMEPC\AppData\Local\CrashDumps
2019-11-06 19:30 - 2017-08-02 23:01 - 000011344 _____ C:\Users\HOMEPC\AppData\Roaming\SmarThruOptions.xml
2019-11-06 19:08 - 2019-10-13 14:13 - 000000000 ____D C:\Users\HOMEPC\Desktop\October Discoveries
2019-11-04 19:42 - 2018-06-04 11:01 - 000003536 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-04 19:42 - 2018-06-04 11:01 - 000003408 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-04 19:42 - 2018-06-04 11:01 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-03 14:20 - 2019-09-06 14:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-10-30 23:14 - 2019-10-12 17:01 - 000001025 _____ C:\Users\HOMEPC\Desktop\lista mk oct 11.txt
2019-10-28 23:47 - 2018-05-04 11:12 - 000000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories ========

2017-08-02 23:01 - 2019-11-06 19:30 - 000011344 _____ () C:\Users\HOMEPC\AppData\Roaming\SmarThruOptions.xml
2019-11-19 17:10 - 2019-11-19 17:10 - 000000410 _____ () C:\Users\HOMEPC\AppData\Local\oobelibMkey.log
2008-02-05 13:28 - 2008-02-05 13:28 - 000000051 _____ () C:\Users\HOMEPC\AppData\Local\setup.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-11-19 10:44
==================== End of FRST.txt ========================

Y el addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-11-2019
Ran by HOMEPC (22-11-2019 20:16:40)
Running from C:\Users\HOMEPC\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2017-07-27 18:51:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2535146315-3776577491-2254638198-500 - Administrator - Disabled)
OFICINA (S-1-5-21-2535146315-3776577491-2254638198-1001 - Administrator - Enabled) => C:\Users\OFICINA
Invitado (S-1-5-21-2535146315-3776577491-2254638198-501 - Limited - Disabled)
ORACLEWORK (S-1-5-21-2535146315-3776577491-2254638198-1003 - Limited - Enabled)
HOMEPC (S-1-5-21-2535146315-3776577491-2254638198-1000 - Administrator - Enabled) => C:\Users\HOMEPC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Disabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Disabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Cortafuegos (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actualización de NVIDIA 33.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 33.2.0.0 - NVIDIA Corporation) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
BioExplorer (HKLM-x32\...\{EAA13E3E-31B9-4A1F-84D1-0D772F81FB3D}) (Version: 1.00.10413 - CyberEvolution, Inc)
BMrMMP Audio Add-Ons (HKLM-x32\...\{05EEDB6B-6201-4032-AE5C-08C461D1789D}) (Version: 1.00.0000 - BrainMaster Technologies, Inc.)
BMrMMP Video Add-Ons (HKLM-x32\...\{D843B090-07F7-458F-B5C6-46C24DB8321E}) (Version: 1.00.0000 - BrainMaster Technologies, Inc.)
BrainMaster 3.0 Series Software (HKLM-x32\...\{2E33CD70-546B-4291-AC70-37F91DE6A0FD}) (Version: 3.70.1000 - BrainMaster Technologies, Inc.)
BrainMaster BrainAvatar (HKLM-x32\...\{96FBC5D4-3DA5-491E-B2BF-FC64E4E70653}) (Version: 4.6.4.792 - BrainMaster Technologies, Inc.)
BrainMaster Demo Package Suite For the 2.5 & 3.0 Series Software (HKLM-x32\...\{F0E1DBEB-F7FE-4DD4-9AC7-7DE43FDAB923}) (Version: 1.00.0000 - BrainMaster Technologies, Inc.)
BrainMaster EEGPro Package Suite For the 2.5 & 3.0 Series Software (HKLM-x32\...\{DFC8F88E-A33A-4ED3-A74C-2DDAB495154C}) (Version: 1.00.0000 - BrainMaster Technologies, Inc.)
BrainMaster Peripheral Package Suite For the 2.5 & 3.0 Series Software (HKLM-x32\...\{8E33B183-D8FF-47B6-8DD2-C55DCA3F2F51}) (Version: 1.00.0000 - BrainMaster Technologies, Inc.)
BrainMaster Z-Score Package Suite For the 2.5 & 3.0 Series Software (HKLM-x32\...\{3333A8A4-594F-414C-927B-CEE82660A8E0}) (Version: 1.00.0000 - BrainMaster Technologies, Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
CoolSoft VirtualMIDISynth 1.15.0 (HKLM-x32\...\CoolSoft VirtualMIDISynth) (Version: 1.15.0.0 - CoolSoft)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DScaler 5 Mpeg Decoders (HKLM-x32\...\DScaler 5 Mpeg Decoders_is1) (Version:  - )
EDFbrowser (HKLM-x32\...\EDFbrowser) (Version: 1.67 - Teunis van Beelen)
ESET Security (HKLM\...\{6D46484B-0BE2-4060-9CD3-FA87ED960ED9}) (Version: 13.0.22.0 - ESET, spol. s r.o.)
FFmpeg (Windows) for Audacity versión 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel(R) Desktop Utilities (HKLM-x32\...\{F01CBA59-B5BD-4608-A834-1CBE8C292A71}) (Version: 1.0.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
K-Lite Mega Codec Pack 10.4.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
MalwareFox AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Wolf of Webstreet OPC Private Limited)
Mantenimiento Samsung SCX-4623 Series (HKLM-x32\...\Samsung SCX-4623 Series) (Version:  - Samsung Electronics CO.,LTD)
Merge Version 2.5 (HKLM-x32\...\merge_is1) (Version:  - )
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 70.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 70.0.1 (x64 es-ES)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0 - Mozilla)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version:  - )
NI EULA Depot (HKLM-x32\...\{7732868A-6A12-45CA-AC21-F381F498B81B}) (Version: 2.10.130 - National Instruments) Hidden
NI LabWindows/CVI 8.0.1 Run-Time Engine (HKLM-x32\...\{889BF4A8-E783-46C4-8FB8-97A0B977C32A}) (Version: 8.0.1356 - National Instruments) Hidden
NI Math Kernel Libraries (HKLM-x32\...\{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}) (Version: 1.0.861.0 - National Instruments) Hidden
NI MDF Support (HKLM-x32\...\{C3623389-6333-41D2-BF85-9450306EFDEB}) (Version: 2.10.130 - National Instruments) Hidden
NI Uninstaller (HKLM-x32\...\{C7BBA061-1EFA-41D9-9C15-E4320284F693}) (Version: 2.10.130 - National Instruments) Hidden
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.11 - NVIDIA Corporation) Hidden
NVIDIA Controlador de 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.15.0.186 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.15.0.186 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Panel de control de NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
PC Camera (HKLM-x32\...\{088B7BF8-AC95-4348-B77B-619AEB3A74A5}) (Version: 0.1.3.73.1 - PC Camera) Hidden
PC Camera (HKLM-x32\...\InstallShield_{088B7BF8-AC95-4348-B77B-619AEB3A74A5}) (Version: 0.1.3.73.1 - PC Camera)
PerformanceTest v9.0 (HKLM\...\PerformanceTest 9_is1) (Version: 9.0.1031.0 - Passmark Software)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
RW-Everything v1.7 (HKLM\...\RW-Everything_is1) (Version:  - )
Samsung Network PC Fax (HKLM-x32\...\{80078570-6C67-486C-8CF0-B0D778FC69B5}) (Version: 1.4.29.0 - Samsung Electronics Co., Ltd.)
SecondLifeViewer (HKLM\...\SecondLifeViewer) (Version: 6.3.4.532299 - Linden Research, Inc.)
Skype versión 8.54 (HKLM-x32\...\Skype_is1) (Version: 8.54 - Skype Technologies S.A.)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
Telegram Desktop version 1.8.8 (HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.8 - Telegram FZ-LLC)
Telegram Desktop version 1.8.8 (HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103156560\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.8 - Telegram FZ-LLC)
Telegram Desktop version 1.8.8 (HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159087\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.8 - Telegram FZ-LLC)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6718864 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4220304 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [!NetFax0] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [!NetFax1] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [!NetFax2] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [!NetFax3] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [!NetFax4] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [!NetFax5] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [!NetFax6] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [!NetFax7] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2010-05-27] (Samsung Electronics Co., Ltd.) [File not signed]
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2019-11-20] (Zemana Ltd. -> )
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-10-03] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-10-03] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2019-11-20] (Zemana Ltd. -> )
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-10-03] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [midi1] => VirtualMIDISynth\VirtualMIDISynth.dll
HKLM\...\Drivers32-x32: [midi1] => VirtualMIDISynth\VirtualMIDISynth.dll
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3649536 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [839680 2008-09-24] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [wave3] => C:\Windows\SysWOW64\serwvdrv.dll [18432 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-03-24] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\HOMEPC\Desktop\Download Intel(R) Desktop Utilities.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.intel.com/go/idu/

==================== Loaded Modules (Whitelisted) =============

2017-08-02 23:25 - 2010-09-13 18:28 - 000058880 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-03-05 09:24 - 2010-03-05 09:24 - 000886272 _____ () [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2019-03-27 06:47 - 2019-03-27 06:47 - 000169984 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\fc20ffcedaa7ff2f475520f5e26ea5b5\IsdiInterop.ni.dll
2017-08-02 22:59 - 2008-11-11 07:23 - 000027648 _____ () [File not signed] C:\Windows\System32\sso2ml6.dll
2017-08-02 23:24 - 2010-10-05 07:43 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2019-03-27 06:47 - 2019-03-27 06:47 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4ded45704f10c739b65154d1a8db33d6\IAStorCommon.ni.dll
2017-08-02 23:24 - 2010-10-05 07:38 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2017-08-02 23:25 - 2010-09-13 18:29 - 000006656 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IAStorDataMgr.resources.dll
2017-08-02 23:25 - 2010-09-13 18:29 - 000032768 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IAStorIcon.resources.dll
2017-08-02 23:25 - 2010-09-13 18:29 - 000004608 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IntelVisualDesign.resources.dll
2017-08-02 23:25 - 2010-09-13 18:28 - 000165376 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll
2017-08-02 23:25 - 2010-09-13 18:28 - 001108480 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll
2017-08-02 23:25 - 2010-09-13 18:25 - 000275456 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll
2019-03-27 06:47 - 2019-03-27 06:47 - 000219136 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\ab0fd4ffae76faf75b1e9ffc18863beb\IAStorDataMgr.ni.dll
2019-03-27 06:47 - 2019-03-27 06:47 - 000474624 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1015e7abe9eea3484ce585e968404791\IAStorUtil.ni.dll
2008-07-29 02:51 - 2008-07-29 02:51 - 000245760 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\msvcm90.dll
2008-07-29 03:54 - 2008-07-29 03:54 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\msvcm90.dll
2018-03-26 12:58 - 2018-03-26 12:58 - 000112128 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2010-11-20 22:24 - 2009-07-14 03:41 - 000014848 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\slwga.dll
2019-03-27 07:12 - 2018-03-23 18:05 - 000880024 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2019-03-27 07:12 - 2018-03-23 18:05 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2017-08-02 23:01 - 2010-05-27 02:46 - 000229888 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Windows\System32\NetFaxPort64.dll
2017-08-02 23:01 - 2010-05-27 02:47 - 000187904 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll
2017-08-02 23:01 - 2010-05-27 02:47 - 000199680 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Windows\system32\spool\drivers\x64\3\NetFaxUser64.dll
2011-03-09 11:11 - 2011-03-09 11:11 - 000111104 _____ (Western Digital Corp.) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WdNetworkDiscovery.DLL
2011-03-09 11:15 - 2011-03-09 11:15 - 000105472 _____ (Western Digital) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Vista\Shadow.dll
2017-08-02 23:00 - 2008-11-11 07:23 - 000033792 _____ (Windows (R) Server 2003 DDK provider) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\sso2mpc.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103156560\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159087\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2019-11-20 21:58 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\DMIX
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103156560\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159087\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159742\Control Panel\Desktop\\Wallpaper -> C:\Users\OFICINA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 190.157.8.108 - 190.157.8.46
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

29-10-2019 16:35:25 Punto de control programado
06-11-2019 10:01:32 Punto de control programado
14-11-2019 16:44:11 Punto de control programado
19-11-2019 17:03:27 Installed Adobe Acrobat DC.
20-11-2019 17:13:52 Removed Adobe Acrobat DC.
20-11-2019 17:26:17 Windows Update
20-11-2019 17:30:46 Windows Update
20-11-2019 21:58:03 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/20/2019 09:57:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {385d50a3-f597-48c6-8f23-0c26703721d0}

Error: (11/20/2019 09:57:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a 

través de este filtro hasta que se corrija este problema.

Error: (11/20/2019 05:37:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a 

través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (11/22/2019 06:48:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 80.

Error: (11/22/2019 06:48:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (11/22/2019 11:35:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 80.

Error: (11/22/2019 11:35:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (11/22/2019 11:03:07 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 80.

Error: (11/22/2019 11:03:07 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (11/22/2019 10:47:07 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 80.

Error: (11/22/2019 10:47:07 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.


Windows Defender:
===================================
Date: 2017-08-23 11:50:06.262
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{2FE6BC49-CF48-43AC-8076-8E2D66E58229}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:NT AUTHORITY\Servicio de red

==================== Memory info =========================== 

BIOS: Intel Corp. BLH6710H.86A.0160.2012.1204.1156 12/04/2012
Motherboard: Intel Corporation DH67BL
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 44%
Total physical RAM: 16336.94 MB
Available physical RAM: 4493.36 MB
Total Virtual: 16336.94 MB
Available Virtual: 10999.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:256.74 GB) (Free:168.98 GB) NTFS
Drive d: () (Fixed) (Total:1606.18 GB) (Free:1605.66 GB) NTFS
Drive f: () (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive g: () (Fixed) (Total:73.35 GB) (Free:66.24 GB) NTFS
Drive h: () (Fixed) (Total:24.32 GB) (Free:24.23 GB) NTFS
Drive i: () (Fixed) (Total:55.62 GB) (Free:6.57 GB) NTFS
Drive l: (My Passport) (Fixed) (Total:931.48 GB) (Free:212.46 GB) NTFS

\\?\Volume{2f7009ef-72bb-11e7-a7eb-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 92ED979E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=256.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1606.2 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 153.4 GB) (Disk ID: 58FD58FD)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=153.3 GB) - (Type=42)

==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Hola @SERVER007

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
RestoreQuarantine: C:\Windows\system32\drivers\rdvgkmd.sys
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159742\...\MountPoints2: {9932e0ef-7f02-11e7-bff7-e06995c86974} - J:\unlock.exe autoplay=true
Task: {56736E4B-FFA4-49CF-A449-713A883BE496} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\HOMEPC\Downloads\esetonlinescanner_enu.exe [8149816 2019-11-20] (ESET, spol. s r.o. -> ESET spol. s r.o.)
SearchScopes: HKLM -> DefaultScope value is missing
2019-11-20 21:58 - 2019-03-08 18:48 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
Tcpip\Parameters: [DhcpNameServer] 190.157.8.108 190.157.8.46 100.70.133.50
Tcpip\..\Interfaces\{11B91CD8-D2EC-4BAC-AAC5-B32E7E2A8F9C}: [DhcpNameServer] 190.157.8.108 190.157.8.46 100.70.133.50

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: netsh winsock reset
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas si al reiniciar continua el problema.

Salu2.

Hola nuevamente @SanMar

He aplicado nuevamente el procedimiento tal cual como dices y este es el reporte del Log de Frst… La desconfiguración de rayas de colores al reiniciar el equipo durante la carga del bios y el arranque del sistema windows continua. Se ve prácticamente igual que las fotos que publiqué arriba. Sin embargo al reiniciar nuevamente el sistema en el pc la imagen se arregla. Toca reiniciarlo siempre dos veces para que de imagen clara . :neutral_face: ¿?:woozy_face:

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-11-2019
Ran by HOMEPC (24-11-2019 10:27:24) Run:1
Running from C:\Users\HOMEPC\Desktop
Loaded Profiles: HOMEPC (Available Profiles: HOMEPC & OFICINA)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
RestoreQuarantine: C:\Windows\system32\drivers\rdvgkmd.sys
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159742\...\MountPoints2: {9932e0ef-7f02-11e7-bff7-e06995c86974} - J:\unlock.exe autoplay=true
Task: {56736E4B-FFA4-49CF-A449-713A883BE496} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\HOMEPC\Downloads\esetonlinescanner_enu.exe [8149816 2019-11-20] (ESET, spol. s r.o. -> ESET spol. s r.o.)
SearchScopes: HKLM -> DefaultScope value is missing
2019-11-20 21:58 - 2019-03-08 18:48 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
Tcpip\Parameters: [DhcpNameServer] 190.157.8.108 190.157.8.46 100.70.133.50
Tcpip\..\Interfaces\{11B91CD8-D2EC-4BAC-AAC5-B32E7E2A8F9C}: [DhcpNameServer] 190.157.8.108 190.157.8.46 100.70.133.50

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: netsh winsock reset
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
"C:\Windows\system32\drivers\rdvgkmd.sys"=> path not found.
HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019103159742\...\MountPoints2: {9932e0ef-7f02-11e7-bff7-e06995c86974} - J:\unlock.exe autoplay=true => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56736E4B-FFA4-49CF-A449-713A883BE496}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56736E4B-FFA4-49CF-A449-713A883BE496}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
C:\Windows\system32\Tasks\Avast Software => moved successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11B91CD8-D2EC-4BAC-AAC5-B32E7E2A8F9C}\\DhcpNameServer" => removed successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::b149:69ae:d1c8:d549%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.2
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

Adaptador de t£nel isatap.{11B91CD8-D2EC-4BAC-AAC5-B32E7E2A8F9C}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh int ipv4 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2535146315-3776577491-2254638198-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019205459369\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2535146315-3776577491-2254638198-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019205459369\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019205500836\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019205500836\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019205502427\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2535146315-3776577491-2254638198-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11222019205502427\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7895751 B
Java, Flash, Steam htmlcache => 1140 B
Windows/system/drivers => 107079 B
Edge => 0 B
Chrome => 36028572 B
Firefox => 22111108 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1248 B
HOMEPC => 9634998 B
OFICINA => 9634998 B

RecycleBin => 0 B
EmptyTemp: => 89.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:28:24 ====

Hola @SERVER007

Tuve un error en una linea (disculpas por ello) , así que repite este paso:

Abre un nuevo archivo Notepad y copia y pega este contenido:

Start
CloseProcesses:
CreateRestorePoint:
RestoreQuarantine: C:\FRST\Quarantine\C\Windows\System32\Drivers\rdvgkmd.sys

EmptyTemp:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas.

Salu2.

Hola @SanMar

Nuevamente gracias por tu atención.

No hay problema.

Apliqué la corrección que has precisado. Pero no sucedió nada nuevo. Aquí está el reporte del Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-11-2019
Ran by HOMEPC (25-11-2019 00:09:37) Run:2
Running from C:\Users\HOMEPC\Desktop
Loaded Profiles: HOMEPC (Available Profiles: HOMEPC & OFICINA)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
RestoreQuarantine: C:\FRST\Quarantine\C\Windows\System32\Drivers\rdvgkmd.sys

EmptyTemp:
END
*****************

Processes closed successfully.
Restore point was successfully created.
"C:\FRST\Quarantine\C\Windows\System32\Drivers\rdvgkmd.sys"=> path not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5795517 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 43151 B
Edge => 0 B
Chrome => 0 B
Firefox => 18478231 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
HOMEPC => 445497 B
OFICINA => 445497 B

RecycleBin => 0 B
EmptyTemp: => 32 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:10:36 ====