Inicio Windows 7, no ejecuta Explorer.exe pero si CMD.exe

Hola! Tengo Windows 7. Cuando lo inicio, explorer.exe no se inicia pero en cambio el MS-Dos (CMD.exe) si. En una ventana pequeña que no puedo hacer mas grande. Solo escribir pero se ve pequeña (3 cm x 4 cm).

He borrado la entrada SHELL (en el Registro, que ya estaba bien) y la he vuelto a poner. Pero no ha funcionado. Es posible que sea un virus? He pasado AVG, ESET Online, Panda Online. También Malwarebytes y CCleaner. No ha encontrado nada. Puede ser un virus que haya cambiado algo y ya está eliminado?

Gracias.

Hola.

En donde has ejecutado Malwarebytes y ESET? Pega los reportes.

Hola. Gracias! En modo normal.

Malwarebytes www.malwarebytes.com

-Detalles del registro- Fecha del análisis: 9/10/19 Hora del análisis: 20:26 Archivo de registro: 5194147c-eac2-11e9-90ce-8416f9005c96.json

-Información del software- Versión: 3.8.3.2965 Versión de los componentes: 1.0.613 Versión del paquete de actualización: 1.0.12829 Licencia: Prueba

-Información del sistema- SO: Windows 7 Service Pack 1 CPU: x64 Sistema de archivos: NTFS Usuario: PC\BY @ello-

-Resumen del análisis- Tipo de análisis: Análisis de amenazas Análisis iniciado por:: Manual Resultado: Completado Objetos analizados: 276395 Amenazas detectadas: 0 Amenazas en cuarentena: 0 Tiempo transcurrido: 2 min, 3 seg

-Opciones de análisis- Memoria: Activado Inicio: Activado Sistema de archivos: Activado Archivo: Activado Rootkits: Desactivado Heurística: Activado PUP: Detectar PUM: Detectar

-Detalles del análisis- Proceso: 0 (No hay elementos maliciosos detectados)

Módulo: 0 (No hay elementos maliciosos detectados)

Clave del registro: 0 (No hay elementos maliciosos detectados)

Valor del registro: 0 (No hay elementos maliciosos detectados)

Datos del registro: 0 (No hay elementos maliciosos detectados)

Secuencia de datos: 0 (No hay elementos maliciosos detectados)

Carpeta: 0 (No hay elementos maliciosos detectados)

Archivo: 0 (No hay elementos maliciosos detectados)

Sector físico: 0 (No hay elementos maliciosos detectados)

WMI: 0 (No hay elementos maliciosos detectados)

(end)

ESET:

09/10/2019 21:37:02
Archivos analizados: 391546
Archivos infectados: 7
Amenazas desinfectadas: 7
Tiempo total de análisis 00:57:51
Estado del análisis: Finalizado
 
C:\Users\BY @ello-\AppData\Local\Temp\7zS8A1308A9\Program Files\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe	Win32/Visicom.C aplicación potencialmente indeseable,una variante de Win32/Toolbar.Visicom.A aplicación potencialmente indeseable,una variante de Win32/Toolbar.Visicom.B aplicación potencialmente indeseable,una variante de Win64/Toolbar.Visicom.A aplicación potencialmente indeseable,una variante de Win32/Toolbar.Visicom.C aplicación potencialmente indeseable,una variante de Win32/Visicom.A aplicación potencialmente indeseable,una variante de Win64/NetFilter.A aplicación potencialmente peligrosa,una variante de Win32/NetFilter.A aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\BY @ello-\AppData\Local\Temp\HYD62C9.tmp.1570554384\HTA\scripts\install.js	Win32/OpenCandy.J aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\BY @ello-\AppData\Local\Temp\HYD62C9.tmp.1570554384\HTA\scripts\uninstall.js	Win32/OpenCandy.J aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\BY @ello-\AppData\Local\Temp\HYD62C9.tmp.1570554384\HTA\shell_scripts\shell_install_offer.js	Win32/OpenCandy.J aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\BY @ello-\AppData\Local\Temp\HYD72DF.tmp.1570554389\HTA\scripts\install.js	Win32/OpenCandy.J aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\BY @ello-\AppData\Local\Temp\HYD72DF.tmp.1570554389\HTA\scripts\uninstall.js	Win32/OpenCandy.J aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\BY @ello-\AppData\Local\Temp\HYD72DF.tmp.1570554389\HTA\shell_scripts\shell_install_offer.js	Win32/OpenCandy.J aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado

Lo hago en modo a prueba de fallos?

Gracias!

Sigue los siguientes pasos.

Nota: Si tiene "Malwarebytes Anti-Malware instalado, lee su manual (incluido en los pasos) para actualizar el programa y su base de datos. El programa AdwCleaner debe volver a ser descargado, y ejecutado y eliminado el anterior si ya estuvo instalado.

Nota 2: Lea atentamente los pasos, las palabras en negro y en rojo

:one: Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO (y NO en otro lugar) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :

:warning: Una vez descargadas, desconectas tu equipo de Internet(apaga el router) :arrow_backward: Muy Importante ,… y Cierras también cualquier otro programa que tengas abierto.

:two: Ejecutas las herramientas de una en una y en el orden indicado :

Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionasEjecutar como Administradorpara TODOS los programas.

CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.
  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM como Administrador
  • Ve a la sección “Analizar” >> click en “Análisis Personalizado” >> click en el botón “Configurar análisis” >> Marcas todas las casilla de la Izquierda (incluyendo la de rootkits), y todas las unidades de la Derecha >> click en “Analizar ahora” para empezar el análisis.
  • Seleccionando “TODOS a Cuarentena” para enviarlo a la cuarentena y Reinicias el sistema.
  • Click en la sección “Informes” >> marca la casilla del informe “Informe de análisis” fijándote que concuerde Fecha y Hora del día del análisis >> click en el botón “Ver Informe” >> “Exportar” >> click “Copiar al portapapeles” >> Pega en tu siguiente Respuesta el contenido del bloc de notas como se muestra en la imagen de abajo, haciendo CTRL+V.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.
  • Pulsamos en el botón Analizar ahora , y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación .
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner en ese orden.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

:warning: Muy Importante :warning: envuelve cada uno de los informes con una etiqueta escrita CODE_Inicial al inicio del informe y otra como este CODE_Final al final del mismo, aquí tienes un ejemplo de como hacerlo :

Hola! Todo echo Aqui los reportes:

Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 10/10/19
Hora del análisis: 13:18
Archivo de registro: b1cdb915-eb4f-11e9-ba94-8416f9005c96.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.629
Versión del paquete de actualización: 1.0.12841
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: PC\BY @ello-

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 490227
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 2 hr, 34 min, 34 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

AdwCleaner:


# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-05-2019
# Database: 2019-08-27.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-10-2019
# Duration: 00:00:01
# OS:       Windows 7 Home Premium
# Cleaned:  16
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\BY @ello-\AppData\Local\DownloadManager
Deleted       C:\Users\BY @ello-\AppData\Roaming\Search Protection

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\Tasks\0116aviUpdateInfo.job
Deleted       C:\Windows\Tasks\0214dUpdateInfo.job
Deleted       C:\Windows\Tasks\0215aviUpdateInfo.job
Deleted       C:\Windows\Tasks\0316aviUpdateInfo.job
Deleted       C:\Windows\Tasks\0415avtUpdateInfo.job
Deleted       C:\Windows\Tasks\0615aviUpdateInfo.job
Deleted       C:\Windows\Tasks\0715aviUpdateInfo.job
Deleted       C:\Windows\Tasks\0915aviUpdateInfo.job
Deleted       C:\Windows\Tasks\1015avtUpdateInfo.job
Deleted       C:\Windows\Tasks\1114aviUpdateInfo.job
Deleted       C:\Windows\Tasks\1214aviUpdateInfo.job
Deleted       C:\Windows\Tasks\1215aviUpdateInfo.job

***** [ Registry ] *****

Deleted       HKCU\Software\SlimWare Utilities Inc
Deleted       HKLM\Software\Wow6432Node\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [11253 octets] - [10/10/2019 16:15:55]
AdwCleaner[S00].txt - [2488 octets] - [10/10/2019 16:16:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Cuando he reiniciado, ha seguido igual. A ver cual es el siguiente paso Muchas gracias!

Hola! Alguna solucion? Es posible que explorer.exe no esté puesto en el sitio adecuado para que se inicie con Windows? Y el virus ya no este, pero este fallo no este arreglado?? Gracias!

Hola que tal, no me llego la notificacion de que me habias respondido, disculpas.

Ve a Inicio >>> en el buscador escribe CMD >>> lo ejecutas como admnistrador >>> ejecutas el siguiente comando:

  • sfc /scannow

Al terminar, reinicia el equipo y nos comentas.

Hola! :wink: Resultado:

Protección de recursos de Windows no encontró ninguna infracción de integridad.

Final: No funciona. Sigue igual.

Gracias. A ver que mas se puede hacer.

Hola, perdón por la tardanza, estuve ocupado estos días, sigue los siguientes pasos por favor, y en el orden de como se indican.

Realiza un escaneo con ESET Online Scanner , leyendo su [manual (Manual de Eset Online Scanner ), y con Kaspersky Virus Removal Tool (Manual de Kaspersky Virus Removal Tool ) y me pegas sus reporte, dentro del manual encontraras donde buscar su reporte.

Hola! Tranquilo, como el fallo es “menor” . Solo al iniciar tengo que hacer algo.

Eset:

18/10/2019 18:42:54
Archivos analizados: 388885
Archivos infectados: 0
Amenazas desinfectadas: 0
Tiempo total de análisis: 01:31:16
Estado del análisis: Finalizado

Kaspersky:

El PC va igual. No se inicia explorer.exe Como podemos saber si el archivo explorer.exe esta en su sitio para que inicie con Windows?

Gracias!

Desinfectaste TODOS los archivos que detecto Kaspersky? Vuelve a pasarlo, y esta vez, desinfecta todo, no selecciones Skip.

Saludos.

Hola chicos y permiso:

@ellodance

Por el momento no ejecutes nuevamente Kaspersky.

Sube en tu próxima respuesta una captura de pantalla de la ventana de CMD que se inicia con Windows.

Realiza lo siguiente:

1.- Descargue la herramienta SystemLook a su escritorio segun la arquitectura de su Sistema Operativo: >>> Como saber si mi Windows es de 32 o 64 bits?.

2.- Haga doble clic al archivo SystemLook.exe para ejecutarlo.

Si usa Windows 7/8 o 10, presione clic derecho y seleccione Ejecutar como Administrador

Copie y pegue tal cual el texto del recuadro de aquí abajo en la ventana del programa y pulse en Look.

:file
C:\WINDOWS\explorer.exe

:filefind  
*explorer.exe*

  • Espere hasta que finalice la búsqueda. (Esta puede demorarse)
  • Al terminar se abrirá el bloc de notas, con un reporte que debe copiar y pegar en su próxima respuesta.

Nota: Ese reporte también se guardará con el nombre SystemLook.txt en su escritorio.

Salu2

1 me gusta

Hola! Gracias! Aqui la imagen CMD que sale, solo ese cuadrado y lo demas negro, hasta que ejecuto yo explorer.exe

Y aqui el reporte de SystemLook:


SystemLook 30.07.11 by jpshortstuff
Log created at 20:43 on 20/10/2019 by BY @ello-
Administrator - Elevation successful

========== file ==========

C:\WINDOWS\explorer.exe - File found and opened.
MD5: 38AE1B3C38FAEF56FE4907922F0385BA
Created at 08:51 on 12/10/2016
Modified at 15:04 on 29/08/2016
Size: 3229696 bytes
Attributes: --a----
FileDescription: Explorador de Windows
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
ProductVersion: 6.1.7600.16385
OriginalFilename: EXPLORER.EXE.MUI
InternalName: explorer
ProductName: Sistema operativo Microsoft® Windows®
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. Reservados todos los derechos.

========== filefind ==========

Searching for "*explorer.exe*"
C:\Windows\explorer.exe	--a---- 3229696 bytes	[08:51 12/10/2016]	[15:04 29/08/2016] 38AE1B3C38FAEF56FE4907922F0385BA
C:\Windows\es-ES\explorer.exe.mui	--a---- 25600 bytes	[09:09 12/04/2011]	[09:09 12/04/2011] FD006A844E4C4C23764E26741164931E
C:\Windows\SysWOW64\explorer.exe	--a---- 2972672 bytes	[08:51 12/10/2016]	[14:55 29/08/2016] 6DDCA324434FFA506CF7DC4E51DB7935
C:\Windows\SysWOW64\es-ES\explorer.exe.mui	--a---- 25600 bytes	[09:09 12/04/2011]	[09:09 12/04/2011] F88DD287C97E5E67185B1BC9A8C86062
C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_61b2d5a88d79c340\explorer.exe.mui	--a---- 25600 bytes	[09:09 12/04/2011]	[09:09 12/04/2011] FD006A844E4C4C23764E26741164931E
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe	--a---- 2872320 bytes	[03:24 21/11/2010]	[03:24 21/11/2010] AC4C51EB24AA95B77F705AB159189E24
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe	--a---- 2871808 bytes	[16:03 22/01/2014]	[06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe	--a---- 2871808 bytes	[16:03 22/01/2014]	[06:14 26/02/2011] 3B69712041F3D63605529BD66DC00C48
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_b0517adca98752cc\explorer.exe	--a---- 3229696 bytes	[08:51 12/10/2016]	[15:04 29/08/2016] 38AE1B3C38FAEF56FE4907922F0385BA
C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6c077ffac1da853b\explorer.exe.mui	--a---- 25600 bytes	[09:09 12/04/2011]	[09:09 12/04/2011] F88DD287C97E5E67185B1BC9A8C86062
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe	--a---- 2616320 bytes	[03:24 21/11/2010]	[03:24 21/11/2010] 40D777B7A95E00593EB1568C68514493
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe	--a---- 2616320 bytes	[16:03 22/01/2014]	[05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe	--a---- 2616320 bytes	[16:03 22/01/2014]	[05:19 26/02/2011] 0FB9C74046656D1579A64660AD67B746
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_baa6252edde814c7\explorer.exe	--a---- 2972672 bytes	[08:51 12/10/2016]	[14:55 29/08/2016] 6DDCA324434FFA506CF7DC4E51DB7935

-= EOF =-

Gracias. A ver cual es el fallo.

Hola @ellodance

Una consulta, tienes Windows Update activado?

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

Hola! Si que tengo activado Windows Update.

Frst.txt:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2019
Ran by BY @ello- (administrator) on PC (22-10-2019 16:55:09)
Running from C:\Users\BY @ello-\Desktop
Loaded Profiles: BY @ello- (Available Profiles: BY @ello-)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\ndp48-x86-x64-allos-esn.exe
(Microsoft Corporation -> Microsoft Corporation) D:\d1ad40e9a48d2525e9fa\Setup.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [522504 2019-10-17] (Bitdefender SRL -> Bitdefender)
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\Run: [Nicequest Premium] => C:\Users\BY @ello-\AppData\Local\Nicequest Premium\Nicequest Premium.exe [1233144 2017-06-23] (Wakoopa B.V. -> Wakoopa)
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {0009afa8-5ad0-11e5-b417-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {1e729162-1af3-11e8-9e47-8416f9005c96} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {294b64be-fb20-11e5-b12d-c86000c5a1a8} - H:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {7a0b1928-07d7-11e7-9acb-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {823bb5fe-6979-11e7-8590-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {861b79f3-ba48-11e8-98ac-8416f9005c96} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {88f0db22-3f2f-11e9-8233-8416f9005c96} - F:\OriginSetup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {97e3d547-82bc-11e3-b616-c86000c5a1a8} - H:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {c4bd01e4-a7dd-11e5-b596-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {c4bd01fc-a7dd-11e5-b596-c86000c5a1a8} - H:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {e2e66e66-e649-11e3-9537-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {f96e8f76-ce29-11e3-91b7-c86000c5a1a8} - F:\index.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist ( start /MIN "" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.120\Installer\chrmstp.exe [2019-10-15] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03E75B9B-A860-4882-B75C-C855AA5C9328} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {0AAABDA5-1D74-47BB-9D92-3D1F99701181} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {181199D0-8E1E-4EE8-B3F9-D47F1AE29CB4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
Task: {2E2EC5FB-A7D5-47CD-B6BA-0186D67E96E7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {34B2D624-27F7-4A64-BEE0-62F99E771585} - System32\Tasks\EOSv3 Scheduler onTime => C:\DVD\esetonlinescanner_esn.exe
Task: {45EF4552-B31B-43A1-93F3-1D715CF22DF0} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\DVD\esetonlinescanner_esn.exe
Task: {4D498A05-FCD2-4B73-9EB0-C260B92D3F1D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {64A241E2-AB73-4204-B539-D6C68D92948A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {69BBF008-7505-4731-BFB6-583ABEF3CD24} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7C28F8E9-EF10-4B5B-AE70-02D13CD9EB91} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
Task: {87563249-2595-437D-AF97-E38FDD6AEFD5} - System32\Tasks\V30-Marquee-TaskPlan => C:\Program Files\KLIM AIM Gaming Mouse\KLIM AIM Gaming Mouse.exe
Task: {91200264-6F3C-4437-83C9-29EA8A4D3574} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {92777347-BB9F-4D59-9165-667A07796E6A} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {93A789D0-7A24-418D-A132-B58D6B15C1AF} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {93C04439-576A-4191-B102-54038BA10F76} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {9D69FC83-6657-4A1F-9398-691CD049C233} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AB3FB64F-1974-4763-885F-CE96F255117E} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ABD7AAA2-2B58-4D0C-A8E3-CABA41A95E94} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AF50A7A4-9814-4EE9-872F-6166CC802BC9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {B15B8DCA-4218-4BB3-84E4-8E1FB9E27AF9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B30A66F9-73F6-4EBC-8B1C-6A6AD25EF485} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [488760 2019-07-15] (Bitdefender SRL -> Bitdefender)
Task: {C1C76BDC-95E4-4D49-BD63-EE695CFD72D3} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {D16EBD72-46C4-4289-8ABE-04B04D2172E6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D81463B6-C4DF-4888-A45A-4E45E6B6480F} - System32\Tasks\Programa de actualización online de Adobe => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {DE80B570-8ECB-453A-AB75-B44FBC878D57} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {E349C8FC-C6FC-4FFB-BDF9-404CCEE8EA66} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E828221F-D45F-4DB9-A689-B5E1307646D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {F8F4FA8D-D508-481F-B49B-A24DCC47682F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {FA1EB3E5-CFD5-4052-9041-1F70E5850066} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.166.211.1 212.166.132.104
Tcpip\..\Interfaces\{63521A92-4C1D-44FE-80A2-4581C64A373D}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{9D25E7FF-4BE3-4585-A124-81601B39B92E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AC38FD2A-9FF0-4BF7-87FA-F6FEB2A90D68}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DB1D2141-C72B-4531-B0B8-4D80412840F4}: [DhcpNameServer] 212.166.211.1 212.166.132.104
Tcpip\..\Interfaces\{DE4EA4B9-1439-4C5B-9DFA-D0184BC1C2A4}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Internet Explorer:
==================
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.es/
DownloadDir: C:\DVD
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2561782135-330884380-1085707065-1000 -> DefaultScope 2EE2F7121C82447497313763497E1782 URL = hxxp://www.google.com/search?q={searchTerms}&rlz=
SearchScopes: HKU\S-1-5-21-2561782135-330884380-1085707065-1000 -> 2EE2F7121C82447497313763497E1782 URL = hxxp://www.google.com/search?q={searchTerms}&rlz=
SearchScopes: HKU\S-1-5-21-2561782135-330884380-1085707065-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2019-09-17] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2019-09-17] (Bitdefender SRL -> Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Nicequest Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\BY @ello-\AppData\Local\Wakoopa Shared\WakoopaBHO-x64.dll [2015-09-07] (Wakoopa -> Wakoopa) [File not signed]
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2019-09-17] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2019-09-17] (Bitdefender SRL -> Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-12-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Nicequest Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\BY @ello-\AppData\Local\Wakoopa Shared\WakoopaBHO.dll [2015-09-07] (Wakoopa -> Wakoopa) [File not signed]
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2019-09-17] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2019-09-17] (Bitdefender SRL -> Bitdefender)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2019-07-12]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2019-09-17]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2019-10-01] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-01] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-01] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-16] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default [2019-10-22]
CHR DownloadDir: C:\DVD
CHR Extension: (Documentos) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Búsqueda de Google) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Nicestats) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\eempehimgjdipjalffmbnmjeanfkjiac [2018-02-21]
CHR Extension: (Adobe Acrobat) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-10-03]
CHR Extension: (Bitdefender Wallet) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2019-10-08]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2014-04-18]
CHR Extension: (Player para ver Movistar+) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenfcfndncbbggmafjjeihkdclggbojn [2019-03-06]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2019-10-08]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2019-02-20]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\BY @ello-\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-24]
CHR HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [786376 2019-09-17] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195320 2018-03-22] (Bitdefender SRL -> Bitdefender)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-11-29] (BattlEye Innovations e.K. -> )
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [125120 2019-09-17] (Bitdefender SRL -> Bitdefender)
S4 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-09-24] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2018-11-29] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S4 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1291888 2019-07-15] (Bitdefender SRL -> Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [146472 2019-09-17] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [786376 2019-09-17] (Bitdefender SRL -> Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S4 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 atc; C:\Windows\System32\DRIVERS\atc.sys [1586784 2019-07-08] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [399824 2019-06-24] (Bitdefender SRL -> Bitdefender)
R0 bdprivmon; C:\Windows\System32\DRIVERS\bdprivmon.sys [46056 2019-06-21] (Bitdefender SRL -> © Bitdefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [96448 2018-04-27] (Bitdefender SRL -> BitDefender)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-03-05] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-03-05] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 Gemma; C:\Windows\System32\DRIVERS\gemma.sys [596632 2019-08-28] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [188384 2018-11-28] (Bitdefender SRL -> BitDefender LLC)
R2 Ignis; C:\Windows\System32\DRIVERS\ignis.sys [196392 2019-07-04] (Bitdefender SRL -> Bitdefender)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [66792 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-07-14] (Realtek Semiconductor Corporation ) [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-12-23] (AnchorFree Inc -> Anchorfree Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [610640 2019-01-14] (Bitdefender SRL -> Bitdefender)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [48424 2018-01-19] (Wondershare Technology Co.,Ltd -> Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-22 16:55 - 2019-10-22 16:55 - 000031418 _____ C:\Users\BY @ello-\Desktop\FRST.txt
2019-10-22 16:55 - 2019-10-22 16:55 - 000000000 ____D C:\FRST
2019-10-22 16:51 - 2019-10-22 16:51 - 001617408 _____ (Farbar) C:\Users\BY @ello-\Desktop\FRST64.exe
2019-10-20 20:52 - 2019-10-20 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-10-20 20:52 - 2019-10-20 20:52 - 000000000 ____D C:\Program Files\iPod
2019-10-18 18:51 - 2019-10-18 18:51 - 000000000 ____D C:\KVRT_Data
2019-10-18 16:53 - 2019-10-18 16:55 - 000000571 _____ C:\Users\BY @ello-\Desktop\ESET Online Scanner.lnk
2019-10-18 16:33 - 2019-10-18 16:33 - 170597160 _____ (AO Kaspersky Lab) C:\Users\BY @ello-\Desktop\KVRT.exe
2019-10-18 16:32 - 2019-10-18 16:32 - 008162616 _____ (ESET spol. s r.o.) C:\Users\BY @ello-\Desktop\esetonlinescanner_esn.exe
2019-10-13 18:27 - 2019-10-13 18:27 - 000000000 ____D C:\Windows\system32\Tasks\Apple
2019-10-13 18:27 - 2019-10-13 18:27 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2019-10-10 16:15 - 2019-10-10 16:16 - 000000000 ____D C:\AdwCleaner
2019-10-10 13:17 - 2019-10-10 13:17 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-10-10 13:17 - 2019-10-10 13:17 - 000001867 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-10-10 13:17 - 2019-10-10 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-10-10 13:17 - 2019-09-30 06:25 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-10-10 13:16 - 2019-10-10 13:16 - 000010626 _____ C:\Users\BY @ello-\Documents\cc_20191010_131635.reg
2019-10-10 13:01 - 2019-10-10 13:01 - 025441808 _____ (Piriform Software Ltd) C:\Users\BY @ello-\Desktop\ccsetup562.exe
2019-10-10 12:59 - 2019-10-10 12:59 - 066518768 _____ (Malwarebytes ) C:\Users\BY @ello-\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.629-1.0.12825.exe
2019-10-10 12:59 - 2019-10-10 12:59 - 007636680 _____ (Malwarebytes) C:\Users\BY @ello-\Desktop\adwcleaner_7.4.1.exe
2019-10-10 00:59 - 2019-10-10 00:59 - 000000000 ____D C:\Windows\CheckSur
2019-10-09 20:25 - 2019-10-10 13:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-09 17:13 - 2019-10-07 08:49 - 000390752 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-10-09 17:13 - 2019-10-07 07:57 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-10-09 17:13 - 2019-10-06 06:12 - 025753088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-10-09 17:13 - 2019-10-06 06:00 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-10-09 17:13 - 2019-10-06 06:00 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-10-09 17:13 - 2019-10-06 05:49 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-10-09 17:13 - 2019-10-06 05:48 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-10-09 17:13 - 2019-10-06 05:47 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-10-09 17:13 - 2019-10-06 05:47 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-10-09 17:13 - 2019-10-06 05:47 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-10-09 17:13 - 2019-10-06 05:46 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-10-09 17:13 - 2019-10-06 05:41 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-10-09 17:13 - 2019-10-06 05:40 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-10-09 17:13 - 2019-10-06 05:38 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-10-09 17:13 - 2019-10-06 05:37 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-10-09 17:13 - 2019-10-06 05:37 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-10-09 17:13 - 2019-10-06 05:36 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-10-09 17:13 - 2019-10-06 05:36 - 000797696 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-10-09 17:13 - 2019-10-06 05:34 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-10-09 17:13 - 2019-10-06 05:32 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-10-09 17:13 - 2019-10-06 05:31 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-10-09 17:13 - 2019-10-06 05:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-10-09 17:13 - 2019-10-06 05:28 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-10-09 17:13 - 2019-10-06 05:23 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-10-09 17:13 - 2019-10-06 05:22 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-10-09 17:13 - 2019-10-06 05:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-10-09 17:13 - 2019-10-06 05:19 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-10-09 17:13 - 2019-10-06 05:19 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-10-09 17:13 - 2019-10-06 05:18 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-10-09 17:13 - 2019-10-06 05:18 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-10-09 17:13 - 2019-10-06 05:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-10-09 17:13 - 2019-10-06 05:17 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-10-09 17:13 - 2019-10-06 05:17 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-10-09 17:13 - 2019-10-06 05:16 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-10-09 17:13 - 2019-10-06 05:16 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-10-09 17:13 - 2019-10-06 05:15 - 002302464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-10-09 17:13 - 2019-10-06 05:12 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-10-09 17:13 - 2019-10-06 05:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-10-09 17:13 - 2019-10-06 05:11 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-10-09 17:13 - 2019-10-06 05:10 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-10-09 17:13 - 2019-10-06 05:10 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-10-09 17:13 - 2019-10-06 05:10 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-10-09 17:13 - 2019-10-06 05:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-10-09 17:13 - 2019-10-06 05:05 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-10-09 17:13 - 2019-10-06 05:05 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-10-09 17:13 - 2019-10-06 05:03 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-10-09 17:13 - 2019-10-06 05:03 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-10-09 17:13 - 2019-10-06 05:03 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-10-09 17:13 - 2019-10-06 05:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-10-09 17:13 - 2019-10-06 05:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-10-09 17:13 - 2019-10-06 04:59 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-10-09 17:13 - 2019-10-06 04:58 - 015413760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-10-09 17:13 - 2019-10-06 04:57 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-10-09 17:13 - 2019-10-06 04:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-10-09 17:13 - 2019-10-06 04:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-10-09 17:13 - 2019-10-06 04:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-10-09 17:13 - 2019-10-06 04:55 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-10-09 17:13 - 2019-10-06 04:53 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-10-09 17:13 - 2019-10-06 04:50 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-10-09 17:13 - 2019-10-06 04:49 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-10-09 17:13 - 2019-10-06 04:48 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-10-09 17:13 - 2019-10-06 04:48 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-10-09 17:13 - 2019-10-06 04:45 - 013808640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-10-09 17:13 - 2019-10-06 04:45 - 001566208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-10-09 17:13 - 2019-10-06 04:35 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-10-09 17:13 - 2019-10-06 04:34 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-10-09 17:13 - 2019-10-06 04:32 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-10-09 17:13 - 2019-10-06 04:30 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-10-09 17:13 - 2019-09-19 06:27 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2019-10-09 17:13 - 2019-09-17 04:32 - 004060896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-10-09 17:13 - 2019-09-17 04:32 - 003966688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-10-09 17:13 - 2019-09-17 04:32 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-10-09 17:13 - 2019-09-17 04:32 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-10-09 17:13 - 2019-09-17 04:31 - 005552864 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-10-09 17:13 - 2019-09-17 04:31 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-10-09 17:13 - 2019-09-17 04:31 - 000263904 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-10-09 17:13 - 2019-09-17 04:31 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-10-09 17:13 - 2019-09-17 04:31 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-10-09 17:13 - 2019-09-17 04:30 - 001670784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 04:04 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-10-09 17:13 - 2019-09-17 04:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-10-09 17:13 - 2019-09-17 04:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-10-09 17:13 - 2019-09-17 04:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-10-09 17:13 - 2019-09-17 04:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-10-09 17:13 - 2019-09-17 03:59 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-10-09 17:13 - 2019-09-17 03:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-10-09 17:13 - 2019-09-17 03:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-10-09 17:13 - 2019-09-17 03:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-10-09 17:13 - 2019-09-17 03:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-10-09 17:13 - 2019-09-17 03:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-10-09 17:13 - 2019-09-17 03:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 03:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-10-09 17:13 - 2019-09-17 03:56 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-10-09 17:13 - 2019-09-17 03:56 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-10-09 17:13 - 2019-09-17 03:55 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-10-09 17:13 - 2019-09-17 03:53 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-10-09 17:13 - 2019-09-17 03:53 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-10-09 17:13 - 2019-09-17 03:52 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-10-09 17:13 - 2019-09-17 03:52 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-10-09 17:13 - 2019-09-17 03:52 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-10-09 17:13 - 2019-09-17 03:52 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-10-09 17:13 - 2019-09-17 03:51 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-10-09 17:13 - 2019-09-17 03:51 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-10-09 17:13 - 2019-09-17 03:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-10-09 17:13 - 2019-09-17 03:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-10-09 17:13 - 2019-09-17 03:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-10-09 17:13 - 2019-09-17 03:51 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-10-09 17:13 - 2019-09-17 03:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-10-09 17:13 - 2019-09-17 02:13 - 000455392 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-10-09 17:13 - 2019-09-11 06:56 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-10-09 17:13 - 2019-09-11 06:56 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-10-09 17:13 - 2019-09-10 04:27 - 000383488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-10-09 17:13 - 2019-09-10 04:27 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-10-09 17:13 - 2019-09-10 04:27 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-10-09 17:13 - 2019-09-10 04:24 - 001281536 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-10-09 17:13 - 2019-09-10 04:24 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-10-09 17:13 - 2019-09-10 04:24 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-10-09 17:13 - 2019-09-10 04:24 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-10-09 17:13 - 2019-09-10 04:24 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-10-09 17:13 - 2019-09-10 04:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-10-09 17:13 - 2019-09-10 04:02 - 006135296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-10-09 17:13 - 2019-09-10 04:00 - 000361472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-10-09 17:13 - 2019-09-10 04:00 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-10-09 17:13 - 2019-09-10 04:00 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-10-09 17:13 - 2019-09-10 04:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-10-09 17:13 - 2019-09-10 04:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-10-09 17:13 - 2019-09-10 03:54 - 003231744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-10-09 17:13 - 2019-09-10 03:53 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-10-09 17:13 - 2019-09-10 03:53 - 000152576 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-10-09 17:13 - 2019-09-10 03:53 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-10-09 17:13 - 2019-09-10 03:53 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-10-09 17:13 - 2019-09-10 03:52 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2019-10-09 17:13 - 2019-09-10 03:49 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-10-09 17:13 - 2019-09-10 02:09 - 007082496 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-10-09 17:13 - 2019-09-10 02:09 - 003187712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-10-09 00:44 - 2019-10-09 00:44 - 000000000 ____D C:\Users\BY\Bitdefender
2019-10-08 22:30 - 2019-10-08 22:30 - 000776772 _____ C:\ProgramData\cl.1570566206.bdinstall.v2.bin
2019-10-08 22:30 - 2019-10-08 22:30 - 000098004 _____ C:\ProgramData\cl.kit.1570566205.bdinstall.v2.bin
2019-10-08 22:30 - 2019-10-08 22:30 - 000063654 _____ C:\ProgramData\dm.1570566651.bdinstall.bin
2019-10-08 22:30 - 2019-10-08 22:30 - 000000000 ____D C:\ProgramData\Gemma
2019-10-08 22:30 - 2019-10-08 22:30 - 000000000 ____D C:\ProgramData\Bitdefender Device Management
2019-10-08 22:30 - 2019-10-08 22:30 - 000000000 ____D C:\ProgramData\Atc
2019-10-08 22:29 - 2019-10-17 16:29 - 000000000 ____D C:\ProgramData\Bitdefender
2019-10-08 22:29 - 2019-10-08 22:30 - 000000000 ____D C:\Users\BY @ello-\AppData\Roaming\Bitdefender
2019-10-08 22:29 - 2019-10-08 22:30 - 000000000 ____D C:\Program Files\Bitdefender
2019-10-08 22:29 - 2019-10-08 22:29 - 000002352 _____ C:\Users\Public\Desktop\Bitdefender VPN.lnk
2019-10-08 22:29 - 2019-10-08 22:29 - 000002352 _____ C:\ProgramData\Desktop\Bitdefender VPN.lnk
2019-10-08 22:29 - 2019-10-08 22:29 - 000002265 _____ C:\Users\Public\Desktop\Bitdefender.lnk
2019-10-08 22:29 - 2019-10-08 22:29 - 000002265 _____ C:\ProgramData\Desktop\Bitdefender.lnk
2019-10-08 22:29 - 2019-10-08 22:29 - 000000000 ____D C:\Windows\system32\elambkup
2019-10-08 22:29 - 2019-10-08 22:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2019-10-08 22:29 - 2019-10-08 22:29 - 000000000 ____D C:\ProgramData\BDLogging
2019-10-08 22:29 - 2019-08-28 09:34 - 000596632 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\gemma.sys
2019-10-08 22:29 - 2019-07-08 14:41 - 001586784 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2019-10-08 22:29 - 2019-07-04 12:15 - 000196392 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2019-10-08 22:29 - 2019-06-24 14:52 - 000399824 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys
2019-10-08 22:29 - 2019-06-21 08:30 - 000046056 _____ (© Bitdefender SRL) C:\Windows\system32\Drivers\bdprivmon.sys
2019-10-08 22:29 - 2019-03-21 01:12 - 000022960 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys
2019-10-08 22:29 - 2019-01-14 17:25 - 000610640 _____ (Bitdefender) C:\Windows\system32\Drivers\trufos.sys
2019-10-08 22:29 - 2018-11-28 06:45 - 000188384 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2019-10-08 22:29 - 2018-04-27 08:45 - 000096448 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2019-10-08 22:29 - 2007-04-11 11:11 - 000511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2019-10-08 22:24 - 2019-10-22 16:38 - 000003648 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2019-10-08 22:23 - 2019-10-08 22:29 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2019-10-08 22:22 - 2019-10-08 22:30 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-10-08 22:22 - 2019-10-08 22:22 - 000106688 _____ C:\ProgramData\agent.1570566154.bdinstall.v2.bin
2019-10-08 22:22 - 2019-10-08 22:22 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2019-10-08 18:53 - 2019-10-08 20:25 - 000000000 ____D C:\Users\BY @ello-\AppData\Roaming\Panda Security
2019-10-08 18:51 - 2019-10-08 20:29 - 000000000 ____D C:\Program Files (x86)\Panda Security
2019-10-08 18:50 - 2019-10-08 20:26 - 000000000 ____D C:\ProgramData\Panda Security
2019-10-08 13:55 - 2019-10-09 21:37 - 000003670 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2019-10-08 13:55 - 2019-10-09 21:37 - 000003230 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2019-10-08 12:39 - 2019-10-18 19:24 - 000000000 ____D C:\Users\BY @ello-\AppData\Local\ESET
2019-10-03 22:20 - 2019-09-12 05:53 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-10-03 22:20 - 2019-09-12 05:52 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-10-03 22:20 - 2019-09-12 05:52 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-10-03 22:20 - 2019-09-12 05:44 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-10-03 22:20 - 2019-09-12 05:44 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-10-03 22:20 - 2019-09-12 05:44 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-10-03 22:20 - 2019-09-12 05:44 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-10-03 22:20 - 2019-09-12 05:44 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-10-03 22:20 - 2019-09-12 05:24 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-09-24 19:02 - 2019-09-24 19:02 - 000001261 _____ C:\Users\Public\Desktop\Prey.lnk
2019-09-24 19:02 - 2019-09-24 19:02 - 000001261 _____ C:\ProgramData\Desktop\Prey.lnk
2019-09-24 19:02 - 2019-09-24 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2019-09-24 18:52 - 2019-09-24 18:52 - 000000000 ____D C:\Program Files (x86)\DAEMON Tools Lite

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-22 16:55 - 2014-01-21 18:51 - 001661284 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-10-22 16:55 - 2011-04-12 11:10 - 000751538 _____ C:\Windows\system32\perfh00A.dat
2019-10-22 16:55 - 2011-04-12 11:10 - 000160562 _____ C:\Windows\system32\perfc00A.dat
2019-10-22 16:54 - 2009-07-14 07:13 - 001661284 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-22 16:54 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2019-10-22 16:52 - 2012-11-11 22:14 - 000000000 ____D C:\DVD
2019-10-22 16:49 - 2016-10-08 19:37 - 000000000 ____D C:\ProgramData\NVIDIA
2019-10-22 16:44 - 2009-07-14 06:45 - 000028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-10-22 16:44 - 2009-07-14 06:45 - 000028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-10-22 16:35 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-21 14:45 - 2014-05-27 23:26 - 000000000 ____D C:\Users\BY @ello-\AppData\Local\ElevatedDiagnostics
2019-10-21 14:09 - 2016-07-21 16:36 - 000000000 ____D C:\Users\BY @ello-\AppData\Roaming\AIMP
2019-10-21 14:09 - 2014-01-21 18:57 - 000033091 _____ C:\Users\BY @ello-\Desktop\buscarMP3.txt
2019-10-20 21:34 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2019-10-20 20:52 - 2018-06-03 17:09 - 000000000 ____D C:\Program Files\iTunes
2019-10-20 20:52 - 2014-01-21 22:19 - 000000000 ____D C:\ProgramData\Apple Computer
2019-10-17 19:56 - 2015-12-18 18:43 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-10-17 19:56 - 2015-08-01 20:53 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2019-10-17 19:54 - 2014-08-18 22:19 - 000000000 ____D C:\Users\BY @ello-\AppData\Local\Adobe
2019-10-17 18:51 - 2015-04-04 22:34 - 000000000 ____D C:\Users\BY @ello-\AppData\Local\CrashDumps
2019-10-17 16:05 - 2014-01-21 19:07 - 000000000 ____D C:\Program Files\CCleaner
2019-10-15 16:34 - 2014-01-21 19:50 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-15 16:34 - 2014-01-21 19:50 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-10-15 16:34 - 2014-01-21 19:50 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-10-13 18:27 - 2014-01-21 19:14 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2019-10-10 17:50 - 2015-02-12 14:41 - 000000000 ____D C:\Windows\rescache
2019-10-10 16:14 - 2017-11-13 16:53 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2019-10-10 13:09 - 2014-01-21 19:07 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-10-10 13:09 - 2014-01-21 19:07 - 000000822 _____ C:\ProgramData\Desktop\CCleaner.lnk
2019-10-10 12:46 - 2009-07-14 06:45 - 000440896 _____ C:\Windows\system32\FNTCACHE.DAT
2019-10-10 12:45 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-10-10 01:13 - 2014-01-21 20:44 - 000000000 ____D C:\Windows\system32\MRT
2019-10-10 01:10 - 2014-12-03 20:09 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-10-10 01:10 - 2014-01-21 20:44 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-10-10 01:10 - 2009-07-14 04:34 - 000000488 _____ C:\Windows\win.ini
2019-10-09 00:44 - 2019-02-19 14:02 - 000000000 ____D C:\Users\BY
2019-10-08 22:06 - 2014-01-21 18:58 - 000114392 _____ C:\Users\BY @ello-\AppData\Local\GDIPFONTCACHEV1.DAT
2019-10-08 22:04 - 2016-08-19 18:33 - 000000000 ____D C:\Users\BY @ello-\AppData\Roaming\AVG
2019-10-08 22:04 - 2014-03-30 21:12 - 000000000 ____D C:\Users\BY @ello-\AppData\Local\AVG
2019-10-08 22:04 - 2014-01-21 20:27 - 000000000 ____D C:\Program Files (x86)\AVG
2019-10-08 20:28 - 2014-01-23 12:00 - 000146560 ____H C:\Windows\SysWOW64\mlfcache.dat
2019-10-08 18:54 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2019-10-08 18:54 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\GroupPolicy
2019-10-08 18:42 - 2014-01-21 19:22 - 000000000 ____D C:\Users\BY @ello-\AppData\Roaming\DAEMON Tools Lite
2019-10-08 17:22 - 2019-05-16 21:14 - 000004146 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-08 17:22 - 2019-05-16 21:14 - 000003940 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-08 17:22 - 2019-05-16 21:14 - 000003798 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-08 17:22 - 2019-05-16 21:14 - 000003792 _____ C:\Windows\system32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-08 17:22 - 2019-05-16 21:14 - 000003792 _____ C:\Windows\system32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-08 17:22 - 2019-05-16 21:14 - 000003792 _____ C:\Windows\system32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-08 17:22 - 2019-05-16 21:14 - 000003790 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-08 17:22 - 2019-05-16 21:14 - 000003738 _____ C:\Windows\system32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-08 17:22 - 2019-05-16 21:14 - 000003738 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-08 17:22 - 2019-05-16 21:14 - 000003730 _____ C:\Windows\system32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-08 17:22 - 2019-05-16 21:14 - 000003494 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-08 17:22 - 2019-03-05 22:27 - 000003326 _____ C:\Windows\system32\Tasks\SidebarExecute
2019-10-08 17:22 - 2018-08-31 16:34 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2019-10-08 17:22 - 2018-02-18 19:51 - 000003592 _____ C:\Windows\system32\Tasks\V30-Marquee-TaskPlan
2019-10-08 17:22 - 2014-12-03 20:11 - 000003758 _____ C:\Windows\system32\Tasks\AutoKMS
2019-10-08 17:22 - 2014-02-11 22:35 - 000003704 _____ C:\Windows\system32\Tasks\Java Update Scheduler
2019-10-08 17:22 - 2014-02-05 21:05 - 000003694 _____ C:\Windows\system32\Tasks\Programa de actualización online de Adobe
2019-10-08 17:22 - 2014-01-21 21:37 - 000003526 _____ C:\Windows\system32\Tasks\CreateChoiceProcessTask
2019-10-08 17:22 - 2014-01-21 19:49 - 000003536 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-08 17:22 - 2014-01-21 19:49 - 000003408 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-08 17:22 - 2014-01-21 19:07 - 000002780 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2019-10-07 18:16 - 2019-06-10 20:40 - 000000000 ____D C:\Users\BY @ello-\AppData\Local\BitTorrentHelper
2019-10-06 21:54 - 2014-08-09 00:02 - 000000000 ____D C:\Users\BY @ello-\AppData\Local\Spotify
2019-10-06 21:54 - 2014-08-08 23:53 - 000000000 ____D C:\Users\BY @ello-\AppData\Roaming\Spotify
2019-10-01 20:19 - 2014-01-21 18:13 - 000000000 ____D C:\Users\BY @ello-
2019-10-01 19:50 - 2014-01-21 19:49 - 000000000 ____D C:\Program Files (x86)\Google
2019-09-24 18:52 - 2018-02-26 14:40 - 000001898 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2019-09-24 18:52 - 2018-02-26 14:40 - 000001898 _____ C:\ProgramData\Desktop\DAEMON Tools Lite.lnk
2019-09-22 21:01 - 2012-11-11 22:19 - 000000000 ____D C:\Fotos

==================== Files in the root of some directories ================

2019-02-19 14:02 - 2019-06-23 22:33 - 000722848 _____ (The Chromium Authors) C:\Users\BY\chrome_elf.dll
2019-02-19 14:02 - 2019-02-19 14:02 - 002108648 _____ (Microsoft Corporation) C:\Users\BY\d3dcompiler_43.dll
2019-02-19 14:02 - 2019-06-23 22:33 - 003650976 _____ (Microsoft Corporation) C:\Users\BY\d3dcompiler_47.dll
2019-02-19 14:02 - 2019-06-23 22:33 - 010326064 _____ () C:\Users\BY\icudtl.dat
2019-02-19 14:02 - 2019-06-23 22:33 - 093477792 _____ () C:\Users\BY\libcef.dll
2019-02-19 14:02 - 2019-06-23 22:33 - 000118176 _____ () C:\Users\BY\libEGL.dll
2019-02-19 14:02 - 2019-06-23 22:33 - 004718496 _____ () C:\Users\BY\libGLESv2.dll
2019-02-19 14:02 - 2019-06-23 22:33 - 025386912 _____ (Spotify Ltd) C:\Users\BY\Spotify.exe
2019-02-19 14:02 - 2019-06-23 22:33 - 000768416 _____ (Spotify Ltd) C:\Users\BY\SpotifyMigrator.exe
2019-02-19 14:02 - 2019-06-23 22:33 - 000137632 _____ (Spotify Ltd) C:\Users\BY\SpotifyStartupTask.exe
2015-05-19 21:57 - 2015-05-19 21:57 - 006420480 _____ () C:\Program Files (x86)\GUTA827.tmp
2018-05-21 17:30 - 2019-04-24 19:57 - 000000002 _____ () C:\Users\BY @ello-\AppData\Roaming\ExplorerFavorites.txt
2014-06-09 22:05 - 2014-06-09 22:05 - 000000415 _____ () C:\Users\BY @ello-\AppData\Roaming\WinInstallFlashLog.ini

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-10-20 23:09
==================== End of FRST.txt ============================

Addition.txt


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2019
Ran by BY @ello- (22-10-2019 16:55:40)
Running from C:\Users\BY @ello-\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-01-21 16:13:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2561782135-330884380-1085707065-500 - Administrator - Disabled)
BY @ello- (S-1-5-21-2561782135-330884380-1085707065-1000 - Administrator - Enabled) => C:\Users\BY @ello-
HomeGroupUser$ (S-1-5-21-2561782135-330884380-1085707065-1002 - Limited - Enabled)
Invitado (S-1-5-21-2561782135-330884380-1085707065-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
FW: Bitdefender Cortafuego (Disabled) {362C5A58-E860-6396-9204-BEEEF20CA463}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACID Loop Collection Bundle Vol. 01 (EDM - Discharge) (HKLM\...\{42CAB8D8-9933-433A-82A0-0363E9B57DA9}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
ACID Loop Collection Bundle Vol. 01 (HipHop - Official) (HKLM\...\{3BDDEC26-CF31-49C6-B0E3-26DACA9FF4FB}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
ACID Loop Collection Bundle Vol. 01 (Metal - Heaven's Call) (HKLM\...\{05291F8F-CB4C-499E-89AF-8DEE8AFC580A}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
ACID Loop Collection Bundle Vol. 01 (Pop Rock - New World) (HKLM\...\{EBE1360D-4A7B-45B2-998E-38177C2D2965}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
ACID Loop Collection Bundle Vol. 01 (Trap - Future Bass Anthem) (HKLM\...\{2ABB5812-5BA1-4EB0-B667-726FC8924407}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
ACID Pro 8.0 (HKLM-x32\...\{ADBA0B61-BCDF-11E8-B40B-001B21B1DCED}) (Version: 8.0.7.233 - MAGIX)
Actualización de NVIDIA 36.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 36.0.0.0 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.021.20048 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.7 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
AIMP (HKLM-x32\...\AIMP) (Version: v4.51.2084, 01.12.2018 - AIMP DevTeam)
Apple Application Support (32 bits) (HKLM-x32\...\{FD52A2FF-4D16-49C4-A2CD-DAC752C18BA2}) (Version: 8.0 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{9B061D60-4E2C-4987-BFFD-423E3D477660}) (Version: 8.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 24.0.1.143 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 24.0.9.46 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 24.0.9.46 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP)
Contenido adicional Vita 2 (HKLM\...\{34EADB06-3156-4B5A-8482-5D7AD4FA6687}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.0948 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Desinstalar impresora EPSON SX510W Series (HKLM\...\EPSON SX510W Series) (Version:  - SEIKO EPSON Corporation)
Eines de correcció del Microsoft Office 2013: català (HKLM-x32\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
eMule MorphXT 12.7 (HKLM-x32\...\eMule MorphXT_is1) (Version:  - Morph team)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON NX510 Series Printer Uninstall (HKLM\...\EPSON NX510 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Exact Audio Copy 1.3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.3 - Andre Wiethoff)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM-x32\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
FIFA 19 (HKLM-x32\...\{3391E07D-8484-4124-817E-FCBDA859FD62}) (Version: 1.0.58.64628 - Electronic Arts)
FileZilla Client 3.42.1 (HKLM-x32\...\FileZilla Client) (Version: 3.42.1 - Tim Kosse)
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
GoldWave v6.37 (HKLM\...\GoldWave v6.37) (Version: 6.37 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.120 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grabadora de Audio Gratis V2.3.2 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 2.3.2 - APOWERSOFT LIMITED)
iMazing 2.8.4.0 (HKLM\...\iMazing_is1) (Version: 2.8.4.0 - DigiDNA)
Instrumentos y loops 1 (ACID Pro 8) (HKLM\...\{FB5E2B0D-9B8C-4707-81F1-348E8DC81E94}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Instrumentos y loops 2 (ACID Pro 8) (HKLM\...\{2F2A3946-AA0C-460F-8967-C81A8B26F2D1}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
iTunes (HKLM\...\{CA95E5B0-7C0B-4913-8127-0C2598E48B06}) (Version: 12.10.0.7 - Apple Inc.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
K-Lite Mega Codec Pack 10.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
MAGIX Contenido y Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Master PDF Editor 5.0.36 (HKLM\...\Master PDF Editor 5_is1) (Version: 5.0.36 - Code Industry Ltd.)
Microsoft .NET Framework 4.8 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{f325f05b-f963-4640-a43b-c8a494cdda0f}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.57 - mIRC Co. Ltd.)
mIRC version 7.5.7 (HKLM-x32\...\mIRC_is1) (Version: 7.5.7 - mIRC)
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.3.4.436 - Native Instruments)
Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S5 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S5 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Pro 3 (HKLM-x32\...\Native Instruments Traktor Pro 3) (Version: 3.1.1.8 - Native Instruments)
Nicequest Premium (HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\Nicequest Premium) (Version: 1.9.9.4 - Wakoopa B.V.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA Controlador de audio HD 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 430.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 430.64 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.18.0.102 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.102 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 430.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 430.64 - NVIDIA Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Prey version 1.0.2 (HKLM-x32\...\Prey_is1) (Version: 1.0.2 - Bethesda Softworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
RescuePRO Deluxe 6.0.3.0 (HKLM-x32\...\{38D9AAB8-116B-40BB-A801-50B71DF82D24}_is1) (Version: 6.0.3.0 - LC Technology International, Inc.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM-x32\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Rhythm and SFX Collection (HKLM\...\{306952CD-ACFB-4B56-BF4B-417E01E7EBE5}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype versión 8.51 (HKLM-x32\...\Skype_is1) (Version: 8.51 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\Spotify) (Version: 1.1.9.383.g9f48828e - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UnderCover10 2.03 (HKLM-x32\...\UnderCover10_is1) (Version:  - Wicked & Wild Inc.)
Update for Skype for Business 2015 (KB4475564) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{14E2D22A-5164-4E35-8239-E2DB5D6B9A09}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4475564) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{14E2D22A-5164-4E35-8239-E2DB5D6B9A09}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4475564) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0C0A-0000-0000000FF1CE}_Office15.PROPLUS_{14E2D22A-5164-4E35-8239-E2DB5D6B9A09}) (Version:  - Microsoft)
VideoMeld v1.62 (HKLM\...\VideoMeld v1.62) (Version: 1.62 - GoldWave Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vita 2 (HKLM\...\{4BA6CAF2-C8C4-4AA9-8A34-476D000C9704}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita 2 common (HKLM\...\{22E31E45-2F2E-4954-9147-38AEE4F62E14}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Analog Synths (HKLM\...\{99697CAA-A1D9-4647-BEDD-27BEC35E178F}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Choir (HKLM\...\{3536E780-ADE5-49E7-AB12-9300C9758A12}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Church Organ (HKLM\...\{3A4382CD-B491-441A-A819-877F41B76709}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Cinematic Synth (HKLM\...\{94262BA1-5679-474A-B8F5-B75E6F10F4C0}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Concert Grand (HKLM\...\{0D97DD52-629E-4E32-A89F-B986652D8974}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Drum Engine (HKLM\...\{81996961-00AC-494D-A3C4-DE0EC2B20F79}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Electric Bass (HKLM\...\{33FDA777-18BD-44DF-82B9-CE7E8981616D}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Electric Piano (HKLM\...\{1F15AF10-5AE4-45BD-9E3B-127D015C40B0}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Jazz Drums (HKLM\...\{EA83C215-6EE3-42BD-8848-76A6FE6BBAC9}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Pop Drums (HKLM\...\{92AEFA0C-5879-4DB5-B34A-68A8DB8F5431}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Rock Drums (HKLM\...\{D9DD86E9-0FE6-4E20-9069-7B42E0EA0085}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Urban Drums (HKLM\...\{D525ACB9-8574-4DB3-A4C5-6E585AF35FE1}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Vintage Organ (HKLM\...\{354B6A10-0167-4817-83BD-3BA5B71BC440}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VTech Download Agent Library (HKLM-x32\...\{DB083AE1-3354-4AAD-BD44-5F2CC4B2ECE6}) (Version: 1.00.0000 - VTech) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2019-03-19] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files (x86)\DAEMON Tools Lite\dtshl64.dll [2019-09-24] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files (x86)\DAEMON Tools Lite\dtshl64.dll [2019-09-24] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2019-03-19] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3554304 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [258560 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [127488 2014-02-06] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3649536 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-02-06] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2016-01-19 18:06 - 2018-05-14 22:34 - 000026112 _____ (Copyright (c) Code Industry Ltd ) [File not signed] C:\Windows\System32\mpelocalmon.dll
2014-01-24 00:12 - 2010-09-13 16:00 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2014-01-24 00:12 - 2008-06-18 12:49 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42143584.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42143584.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-10-22 16:35 - 000000924 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1                   cap.cyberlink.com
127.0.0.1                  activation.cyberlink.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BY @ello-\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 212.166.211.1 - 212.166.132.104
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: EPSON_EB_RPCV4_01 => 2
MSCONFIG\Services: EPSON_PM_RPCV4_01 => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: NIHardwareService => 2
MSCONFIG\Services: NvContainerLocalSystem => 3
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^BY @ello-^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Enviar a OneNote.lnk => C:\Windows\pss\Enviar a OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"                                                                                                                                                                                     
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin                                                                                                                                                                    
MSCONFIG\startupreg: AgentMonitor => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EEventManager => C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
MSCONFIG\startupreg: EPSON SX510W Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S3B2E.tmp" /EF "HKCU"
MSCONFIG\startupreg: iMusicService => C:\Program Files (x86)\Aimersoft\Aimersoft iMusic\iMusicService.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lync => "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PSUAMain => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\BY @ello-\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\BY @ello-\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{7D0F4A11-6A47-451C-99C6-C28E3DE053DF}C:\mirc\mirc\mirc.exe] => (Allow) C:\mirc\mirc\mirc.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [UDP Query User{D0C51FA3-9DEA-4BA8-AF8A-DCACB2C49E42}C:\mirc\mirc\mirc.exe] => (Allow) C:\mirc\mirc\mirc.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [TCP Query User{D2B83C31-227E-4A61-BAAD-C199CA057253}C:\mirc\phanatic\mirc32.exe] => (Allow) C:\mirc\phanatic\mirc32.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [UDP Query User{4530D1EA-DBB6-4919-9D9E-3185FED49F6A}C:\mirc\phanatic\mirc32.exe] => (Allow) C:\mirc\phanatic\mirc32.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [{B5CEE5BE-2E91-44F5-A5B8-2BCB7A648174}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DBE456F1-A0DF-43FE-911A-EC9F27A6645F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{880FCDCE-3661-4E92-B8D4-FC4CB7A6B1FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F8FA1758-FAD2-4FF8-ACD1-B5A8C36F6F7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{396CE55F-9D93-45FC-9B4B-7E87FC3306F3}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{BAAA6AD5-1F93-484A-8506-72E92DC22F1A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{153DDC41-14B5-4849-A6F7-F3150F050882}] => (Allow) C:\Program Files (x86)\eMule\emule.exe (hxxp://emulemorph.sourceforge.net) [File not signed]
FirewallRules: [{8FE973E7-2DAB-4B41-B655-5E73CA4B19EE}] => (Allow) C:\Program Files (x86)\eMule\emule.exe (hxxp://emulemorph.sourceforge.net) [File not signed]
FirewallRules: [{4B492CB0-2DD4-4BE3-BAF6-15E0A66F2A96}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{67DCFB5B-4682-482C-A5CB-69D8EBE9BA49}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{5D2EF860-714B-4EB0-BCFC-5F9F6E098BAE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (Newsoft Technology Company -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{A4723B9E-920A-4913-ABBC-955E164E054D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (Newsoft Technology Company -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{6122618F-E706-437B-9F7D-9E5A9F63FB4F}C:\mirc\phanatic\mirc32.exe] => (Allow) C:\mirc\phanatic\mirc32.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [UDP Query User{33729597-4949-4644-87B4-C965270A75CA}C:\mirc\phanatic\mirc32.exe] => (Allow) C:\mirc\phanatic\mirc32.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [TCP Query User{AD94E287-61B9-40FE-BB15-B9E2C881E727}C:\mirc\mirc\mirc.exe] => (Allow) C:\mirc\mirc\mirc.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [UDP Query User{5E65153A-2471-46DB-9BDB-636027965BC6}C:\mirc\mirc\mirc.exe] => (Allow) C:\mirc\mirc\mirc.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [{5DD8FC17-E1C3-4623-A6B1-25569D344E52}] => (Allow) C:\Users\BY @ello-\AppData\Roaming\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{15E5ED98-2BB1-4D68-ABFB-7916501344C2}] => (Allow) C:\Users\BY @ello-\AppData\Roaming\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5B4385CB-1B05-4CE4-90BD-8C750ADB9DE8}] => (Allow) C:\Users\BY @ello-\AppData\Roaming\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{893A6CB1-B7BC-45FF-9744-DDDFA56D0771}] => (Allow) C:\Users\BY @ello-\AppData\Roaming\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E57FDE0A-1200-4806-BEA1-D2B2AA2A8BF7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9F6B3908-6E1C-44AC-ABF4-DEF57ED9073E}] => (Allow) LPort=2869
FirewallRules: [{8FA9BCC3-34FC-49D3-965F-1638A2814834}] => (Allow) LPort=1900
FirewallRules: [{3B39220A-BA26-4F89-A8C4-3758BA79349B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{344ADA24-E9E2-4567-BA2A-AC075A13634F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2067F0CC-A53D-4988-A7F3-BEDE51E1CB1C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ED5EECA3-7C9B-4774-9D3D-E0CABF9DAAF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{02373611-0733-45AB-AE4C-0D83E164835B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{97B18817-B09C-4B10-BB2F-0846BF8A3293}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{D7B769C0-0F14-48A0-B91F-4286E0EB8061}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (Newsoft Technology Company -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{48459DBA-F5D2-4B77-92D0-C22F8DE69D5E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (Newsoft Technology Company -> SEIKO EPSON CORPORATION)
FirewallRules: [{9B0DA783-543E-46B6-B378-681FEC18D2D2}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{5CFF1ADA-2DBA-4CAB-A9FC-6718C4470F8A}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{1B631596-E562-4FE9-BC34-4A8F13676457}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{0EBB9E82-ADF7-4CB8-AB90-2B89A88816CA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F24F2047-CF23-474F-AC66-1E5257E8838A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{42EFF268-2395-4B8C-B468-07250ACDECF6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{9777DF36-2E9C-407C-B470-0771A39F743D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{11C47A2E-F99F-4147-B8B0-17A0515F496B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8F781C8E-8E03-42C0-A558-15CE2FCBA36A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ACCFBAF4-0E52-475F-8D48-972CDAD007E8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{4B1616B8-1807-4676-B9E0-8E844B736E60}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C29290A8-BC7B-472E-803A-DC029ACC71F3}] => (Allow) D:\Jocs\FIFA19\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{5DF1DD7B-0751-4F2A-B631-641D322B19EE}] => (Allow) D:\Jocs\FIFA19\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{EF728429-7207-473E-8795-A4015AC165DF}D:\jocs\fifa19\fifa19.exe] => (Block) D:\jocs\fifa19\fifa19.exe (Electronic Arts) [File not signed]
FirewallRules: [UDP Query User{F64172F2-6112-43C9-84C9-DF3B15EA728E}D:\jocs\fifa19\fifa19.exe] => (Block) D:\jocs\fifa19\fifa19.exe (Electronic Arts) [File not signed]
FirewallRules: [{36F93528-AF8B-48D1-9787-1469847A876F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6D470F21-F1D2-4E43-B83B-598096D7C500}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A2C6E876-4CF4-4DFA-9CF5-F88B462B4189}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BE4F9615-5230-4609-8D60-8CB4905180D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ACFE787B-4365-499B-AAFC-F6B33FDD4F2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{262BDD37-2919-49C1-BEAD-04B0713F8373}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4CA0C14B-BC92-4FB8-894B-54848DE899A6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4A5E6D8F-94E7-4EB8-AD71-CF9DCF782B3B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E81DBDEB-AC7F-4304-85DC-6FECA2270DF1}] => (Allow) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{A6C47BD2-66F4-49EE-BA25-8099E82AC40C}] => (Allow) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [TCP Query User{936F0464-8F7C-4522-AA2F-27DDA4B18658}D:\jocs\prey\bethesda softworks\prey\binaries\danielle\x64\release\prey.exe] => (Block) D:\jocs\prey\bethesda softworks\prey\binaries\danielle\x64\release\prey.exe (Arkane Studios) [File not signed]
FirewallRules: [UDP Query User{FA632446-690E-417D-88F5-4380FFE58135}D:\jocs\prey\bethesda softworks\prey\binaries\danielle\x64\release\prey.exe] => (Block) D:\jocs\prey\bethesda softworks\prey\binaries\danielle\x64\release\prey.exe (Arkane Studios) [File not signed]
FirewallRules: [{5DE1FDE0-D3F9-41E5-A953-19FE7CA42407}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{995A441B-4DD2-4FA0-8834-2CE009C84904}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

21-10-2019 14:45:02 Punto de control programado
22-10-2019 16:54:36 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2019 04:35:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/21/2019 11:22:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/20/2019 08:52:22 PM) (Source: MsiInstaller) (EventID: 11920) (User: PC)
Description: Producto: iTunes -- Error 1920. Error al iniciar el servicio “Apple Mobile Device Service” (Apple Mobile Device Service). Comprueba que tienes los privilegios necesarios para iniciar servicios del sistema.

Error: (10/20/2019 08:35:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/19/2019 04:08:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/18/2019 07:25:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/18/2019 04:26:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/17/2019 06:51:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: DTShellHlp.exe, versión: 10.11.0.948, marca de tiempo: 0x5d2c52b2
Nombre del módulo con errores: DTShellHlp.exe, versión: 10.11.0.948, marca de tiempo: 0x5d2c52b2
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000020e719
Id. del proceso con errores: 0x15f0
Hora de inicio de la aplicación con errores: 0x01d5850b10e91faf
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
Id. del informe: 4f1f5e9c-f0fe-11e9-90b7-8416f9005c96


System errors:
=============
Error: (10/18/2019 07:21:01 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: No se puede iniciar un servidor DCOM: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. Error 
"5"
al iniciar este comando:
"C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleUpdateOnDemand.exe" -Embedding

Error: (10/18/2019 07:20:39 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: No se puede iniciar un servidor DCOM: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. Error 
"5"
al iniciar este comando:
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (10/18/2019 07:20:39 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: No se puede iniciar un servidor DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. Error 
"5"
al iniciar este comando:
C:\Windows\system32\wbem\wmiprvse.exe -Embedding

Error: (10/18/2019 04:58:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (10/18/2019 04:58:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Se bloqueó la carga de \??\C:\Users\[email protected]~1\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.

Error: (10/18/2019 04:58:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (10/18/2019 04:58:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Se bloqueó la carga de \??\C:\Users\[email protected]~1\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.

Error: (10/18/2019 04:58:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador


CodeIntegrity:
===================================

Date: 2014-10-11 18:16:32.134
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2014-10-11 18:16:32.114
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2014-05-27 22:25:59.651
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2014-05-27 22:25:59.611
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2014-05-27 22:25:59.571
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2014-05-27 22:20:55.406
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appidapi.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2014-05-27 22:20:55.366
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appidapi.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2014-05-27 22:20:55.326
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appidapi.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 0401 02/14/2012
Motherboard: ASUSTeK COMPUTER INC. P8Z77-V LX
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 63%
Total physical RAM: 8147.58 MB
Available physical RAM: 2996.24 MB
Total Virtual: 16293.3 MB
Available Virtual: 10705.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:73.39 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:95.8 GB) NTFS
Drive g: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 68D7D26E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 5F7C6143)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Gracias! Que largo… :stuck_out_tongue:

Hola @ellodance

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {0009afa8-5ad0-11e5-b417-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {1e729162-1af3-11e8-9e47-8416f9005c96} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {294b64be-fb20-11e5-b12d-c86000c5a1a8} - H:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {7a0b1928-07d7-11e7-9acb-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {823bb5fe-6979-11e7-8590-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {861b79f3-ba48-11e8-98ac-8416f9005c96} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {88f0db22-3f2f-11e9-8233-8416f9005c96} - F:\OriginSetup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {97e3d547-82bc-11e3-b616-c86000c5a1a8} - H:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {c4bd01e4-a7dd-11e5-b596-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {c4bd01fc-a7dd-11e5-b596-c86000c5a1a8} - H:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {e2e66e66-e649-11e3-9537-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {f96e8f76-ce29-11e3-91b7-c86000c5a1a8} - F:\index.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist ( start /MIN "" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {34B2D624-27F7-4A64-BEE0-62F99E771585} - System32\Tasks\EOSv3 Scheduler onTime => C:\DVD\esetonlinescanner_esn.exe
Task: {45EF4552-B31B-43A1-93F3-1D715CF22DF0} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\DVD\esetonlinescanner_esn.exe
Task: {C1C76BDC-95E4-4D49-BD63-EE695CFD72D3} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
C:\Program Files (x86)\AVG
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2561782135-330884380-1085707065-1000 -> DefaultScope 2EE2F7121C82447497313763497E1782 URL = hxxp://www.google.com/search?q={searchTerms}&rlz=
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-12-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-17] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
2019-10-18 18:51 - 2019-10-18 18:51 - 000000000 ____D C:\KVRT_Data
2019-10-18 16:32 - 2019-10-18 16:32 - 008162616 _____ (ESET spol. s r.o.) C:\Users\BY @ello-\Desktop\esetonlinescanner_esn.exe
2019-10-08 18:53 - 2019-10-08 20:25 - 000000000 ____D C:\Users\BY @ello-\AppData\Roaming\Panda Security
2019-10-08 18:51 - 2019-10-08 20:29 - 000000000 ____D C:\Program Files (x86)\Panda Security
2019-10-08 18:50 - 2019-10-08 20:26 - 000000000 ____D C:\ProgramData\Panda Security
2019-10-08 12:39 - 2019-10-18 19:24 - 000000000 ____D C:\Users\BY @ello-\AppData\Local\ESET
2019-10-08 22:04 - 2016-08-19 18:33 - 000000000 ____D C:\Users\BY @ello-\AppData\Roaming\AVG
2019-10-08 22:04 - 2014-03-30 21:12 - 000000000 ____D C:\Users\BY @ello-\AppData\Local\AVG
2019-10-08 22:04 - 2014-01-21 20:27 - 000000000 ____D C:\Program Files (x86)\AVG
2019-10-08 17:22 - 2018-08-31 16:34 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2015-05-19 21:57 - 2015-05-19 21:57 - 006420480 _____ () C:\Program Files (x86)\GUTA827.tmp
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3554304 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [258560 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [127488 2014-02-06] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3649536 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-02-06] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Luego de reiniciar actualizas Java a su ultima versión.

Nos comentas .

Salu2.

Hola! Java actualizado. Reporte:


Fix result of Farbar Recovery Scan Tool (x64) Version: 21-10-2019
Ran by BY @ello- (23-10-2019 10:48:01) Run:1
Running from C:\Users\BY @ello-\Desktop
Loaded Profiles: BY @ello- (Available Profiles: BY @ello-)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {0009afa8-5ad0-11e5-b417-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {1e729162-1af3-11e8-9e47-8416f9005c96} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {294b64be-fb20-11e5-b12d-c86000c5a1a8} - H:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {7a0b1928-07d7-11e7-9acb-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {823bb5fe-6979-11e7-8590-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {861b79f3-ba48-11e8-98ac-8416f9005c96} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {88f0db22-3f2f-11e9-8233-8416f9005c96} - F:\OriginSetup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {97e3d547-82bc-11e3-b616-c86000c5a1a8} - H:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {c4bd01e4-a7dd-11e5-b596-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {c4bd01fc-a7dd-11e5-b596-c86000c5a1a8} - H:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {e2e66e66-e649-11e3-9537-c86000c5a1a8} - F:\setup.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\MountPoints2: {f96e8f76-ce29-11e3-91b7-c86000c5a1a8} - F:\index.exe
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist ( start /MIN "" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {34B2D624-27F7-4A64-BEE0-62F99E771585} - System32\Tasks\EOSv3 Scheduler onTime => C:\DVD\esetonlinescanner_esn.exe
Task: {45EF4552-B31B-43A1-93F3-1D715CF22DF0} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\DVD\esetonlinescanner_esn.exe
Task: {C1C76BDC-95E4-4D49-BD63-EE695CFD72D3} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
C:\Program Files (x86)\AVG
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2561782135-330884380-1085707065-1000 -> DefaultScope 2EE2F7121C82447497313763497E1782 URL = hxxp://www.google.com/search?q={searchTerms}&rlz=
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-12-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-17] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
2019-10-18 18:51 - 2019-10-18 18:51 - 000000000 ____D C:\KVRT_Data
2019-10-18 16:32 - 2019-10-18 16:32 - 008162616 _____ (ESET spol. s r.o.) C:\Users\BY @ello-\Desktop\esetonlinescanner_esn.exe
2019-10-08 18:53 - 2019-10-08 20:25 - 000000000 ____D C:\Users\BY @ello-\AppData\Roaming\Panda Security
2019-10-08 18:51 - 2019-10-08 20:29 - 000000000 ____D C:\Program Files (x86)\Panda Security
2019-10-08 18:50 - 2019-10-08 20:26 - 000000000 ____D C:\ProgramData\Panda Security
2019-10-08 12:39 - 2019-10-18 19:24 - 000000000 ____D C:\Users\BY @ello-\AppData\Local\ESET
2019-10-08 22:04 - 2016-08-19 18:33 - 000000000 ____D C:\Users\BY @ello-\AppData\Roaming\AVG
2019-10-08 22:04 - 2014-03-30 21:12 - 000000000 ____D C:\Users\BY @ello-\AppData\Local\AVG
2019-10-08 22:04 - 2014-01-21 20:27 - 000000000 ____D C:\Program Files (x86)\AVG
2019-10-08 17:22 - 2018-08-31 16:34 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2015-05-19 21:57 - 2015-05-19 21:57 - 006420480 _____ () C:\Program Files (x86)\GUTA827.tmp
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3554304 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [258560 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [127488 2014-02-06] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3649536 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-02-06] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H => removed successfully
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0009afa8-5ad0-11e5-b417-c86000c5a1a8} => removed successfully
HKLM\Software\Classes\CLSID\{0009afa8-5ad0-11e5-b417-c86000c5a1a8} => not found
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e729162-1af3-11e8-9e47-8416f9005c96} => removed successfully
HKLM\Software\Classes\CLSID\{1e729162-1af3-11e8-9e47-8416f9005c96} => not found
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{294b64be-fb20-11e5-b12d-c86000c5a1a8} => removed successfully
HKLM\Software\Classes\CLSID\{294b64be-fb20-11e5-b12d-c86000c5a1a8} => not found
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a0b1928-07d7-11e7-9acb-c86000c5a1a8} => removed successfully
HKLM\Software\Classes\CLSID\{7a0b1928-07d7-11e7-9acb-c86000c5a1a8} => not found
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{823bb5fe-6979-11e7-8590-c86000c5a1a8} => removed successfully
HKLM\Software\Classes\CLSID\{823bb5fe-6979-11e7-8590-c86000c5a1a8} => not found
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{861b79f3-ba48-11e8-98ac-8416f9005c96} => removed successfully
HKLM\Software\Classes\CLSID\{861b79f3-ba48-11e8-98ac-8416f9005c96} => not found
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88f0db22-3f2f-11e9-8233-8416f9005c96} => removed successfully
HKLM\Software\Classes\CLSID\{88f0db22-3f2f-11e9-8233-8416f9005c96} => not found
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97e3d547-82bc-11e3-b616-c86000c5a1a8} => removed successfully
HKLM\Software\Classes\CLSID\{97e3d547-82bc-11e3-b616-c86000c5a1a8} => not found
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4bd01e4-a7dd-11e5-b596-c86000c5a1a8} => removed successfully
HKLM\Software\Classes\CLSID\{c4bd01e4-a7dd-11e5-b596-c86000c5a1a8} => not found
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4bd01fc-a7dd-11e5-b596-c86000c5a1a8} => removed successfully
HKLM\Software\Classes\CLSID\{c4bd01fc-a7dd-11e5-b596-c86000c5a1a8} => not found
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e66e66-e649-11e3-9537-c86000c5a1a8} => removed successfully
HKLM\Software\Classes\CLSID\{e2e66e66-e649-11e3-9537-c86000c5a1a8} => not found
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f96e8f76-ce29-11e3-91b7-c86000c5a1a8} => removed successfully
HKLM\Software\Classes\CLSID\{f96e8f76-ce29-11e3-91b7-c86000c5a1a8} => not found
"HKU\S-1-5-21-2561782135-330884380-1085707065-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"HKU\S-1-5-21-2561782135-330884380-1085707065-1000\Software\Microsoft\Command Processor\\AutoRun" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34B2D624-27F7-4A64-BEE0-62F99E771585}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34B2D624-27F7-4A64-BEE0-62F99E771585}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45EF4552-B31B-43A1-93F3-1D715CF22DF0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45EF4552-B31B-43A1-93F3-1D715CF22DF0}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1C76BDC-95E4-4D49-BD63-EE695CFD72D3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1C76BDC-95E4-4D49-BD63-EE695CFD72D3}" => removed successfully
C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance" => removed successfully
C:\Program Files (x86)\AVG => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => removed successfully
HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => not found
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-17] (Oracle America, Inc." => not found
C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-17] (Oracle America, Inc." => not found
C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Google\Chrome\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn => removed successfully
C:\KVRT_Data => moved successfully
C:\Users\BY @ello-\Desktop\esetonlinescanner_esn.exe => moved successfully
C:\Users\BY @ello-\AppData\Roaming\Panda Security => moved successfully
C:\Program Files (x86)\Panda Security => moved successfully
C:\ProgramData\Panda Security => moved successfully
C:\Users\BY @ello-\AppData\Local\ESET => moved successfully
C:\Users\BY @ello-\AppData\Roaming\AVG => moved successfully
C:\Users\BY @ello-\AppData\Local\AVG => moved successfully
"C:\Program Files (x86)\AVG" => not found
C:\Windows\system32\Tasks\AVAST Software => moved successfully
C:\Program Files (x86)\GUTA827.tmp => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.LAGS" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.X264" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.XVID" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FFDS" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.ac3acm" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.LAGS" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.X264" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.XVID" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FFDS" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.ac3acm" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FMVC" => not found
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully
"BVTFilter" => removed successfully
"BVTConsumer" => removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local mientras los medios
est‚n desconectados.

Adaptador de Ethernet Conexi¢n de  rea local 3:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::43a:e000:e9a0:c1a2%15
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.21
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

Adaptador de Ethernet Conexi¢n de  rea local:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{DB1D2141-C72B-4531-B0B8-4D80412840F4}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{AC38FD2A-9FF0-4BF7-87FA-F6FEB2A90D68}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{8DD6650E-DF7D-4BBB-8CF9-327CD139EA78} canceled.
Unable to cancel {16D8B217-ED23-4ACA-A177-76158CA18A18}.
Unable to cancel {D6A3EC32-1123-4CD9-B23F-DCF2443A427D}.
Unable to cancel {59B01191-D3F0-4DC4-BA41-5F40DC665ABC}.
Unable to cancel {D1A4541A-1B6D-44AA-B58F-0DF99022C452}.
Unable to cancel {D567DFB3-6E5A-41EC-9832-EB9D86DBD353}.
Unable to cancel {CB38CE3F-54FD-4A29-A92F-EA2A0C6EA453}.
1 out of 7 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2561782135-330884380-1085707065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45890012 B
Java, Flash, Steam htmlcache => 53014645 B
Windows/system/drivers => 11330387 B
Edge => 0 B
Chrome => 435710790 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 132712 B
LocalService => 132712 B
NetworkService => 132712 B
BY @ello- => 366346507 B

RecycleBin => 0 B
EmptyTemp: => 878.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:48:36 ====

Ya funciona! CMD.exe no se abre y explorer.exe si!!! Cuando ha reiniciado despues de frst.exe ya ha funcionado. Luego he apagado el PC y ha funcionado de nuevo. Muchas Gracias!!! Gracias por todo este tiempo que me habéis dedicado.

Donde estaba el fallo???

1 me gusta