La computadora se tilda sin causa aparente

Emiliano_Pardo_Guenz · 17 Abril, 2020 14:55

Estoy usando la computadora normalmente, con el uso de oficina habitual y cada cierto tiempo se traba por completo y tengo que apagarla y encenderla manualmente. Ya me ha pasado varias veces pero no veo la causa puntual previa a que todo se quede trabado. no abro ningun programa pesado ni mas pestañas en el navegador, probe dejar de usar chrome y usar opera o firefox y me pasa lo mismo. probe sin abrir por unas horas el navegador y usarla desconectada al wifi y me pasa igual, cada cierto tiempo se traba por completo.

JavierHF · 17 Abril, 2020 15:15

Hola @Emiliano_Pardo_Guenz y Bienvenido al nuevo Foro…!!

Esos problemas pueden ser por distintas causas.

Es un portátil o un sobremesa…??

Que version de Windows tienes en el equipo…??

Esa version es la original o se cambio-actualizo a otra version, cual…??

Cuántos años hace que tienes ese equipo…??

El disco duro es el original o se cambio en alguna ocasión…??

Saludos.

Emiliano_Pardo_Guenz · 17 Abril, 2020 15:43

Hola, te cuento. Es un portatil, windows 10 se cambió- actualizó, era el windows que tenia originalmente pero luego de un formateo el tecnico me instaló nuevamente el windows y ya no el original. el equipo tiene unos 3 años. el disco duro es relativamente nuevo tiene unos 8 meses. hasta hace alrededor de un mes y medio todo funcionaba bien, luego empezó a fallar esporadicamente y ahora es casi permanente

JavierHF · 17 Abril, 2020 15:50

Hola.

Bien… y ese disco es mecánico(HDD) o es uno nuevo de formato memoria(SSD)…??

Hiciste alguna verificación de infecciones en el equipo, tienes informes…??

Emiliano_Pardo_Guenz · 17 Abril, 2020 16:16

hice pero no guardé los informes me recomendas algun antivirus particular para hacerlo? usaba el panda, no detectó nada. el disco es mecánico

JavierHF · 17 Abril, 2020 16:27

Bien… pues para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado.

Desactiva temporalmente el Antivirus Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar ) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :

CCleaner + Manual.
Malwarebytes’ Anti-Malware + Manual. revisa en detalle el manual, para que sepas usarlo y configurarlo correctamente.
AdwCleaner + Manual.
Junkware Removal Tool.
Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. Como saber si Mi Windows es de 32 o 64 Bits ?.

Ejecutas las herramientas de una en una y en el orden indicado :

CCleaner.-

Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.
Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.
Realiza un Análisis Personalizado.
Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.
En el apartado del programa Historial de detecciones encontrarás el informe de MBAM, que debes copiar y pegar en tu próxima respuesta, para poder analizarlo.

AdwCleaner.-

Ejecuta Adwcleaner.exe.
Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.
Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.
El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

Ejecuta JRT.exe.
Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.
Si en algún momento te pide Reiniciar hazlo.
Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer/Responsabilidad, pulsamos Sí/Yes
En la ventana principal pulsamos en el botón Analizar/Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Poner los informes en tu próxima respuesta de :

Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(más de 64.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado.

Saludos.

Emiliano_Pardo_Guenz · 17 Abril, 2020 23:25

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 17/4/20
Hora del análisis: 18:30
Archivo de registro: a1b47a48-80f2-11ea-9b6d-9c5c8ed70ede.json

-Información del software-
Versión: 4.1.0.56
Versión de los componentes: 1.0.875
Versión del paquete de actualización: 1.0.22586
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 18362.778)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-CESQG9F\Emiliano

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 625341
Amenazas detectadas: 1
Amenazas en cuarentena: 1
Tiempo transcurrido: 57 min, 46 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 1
Trojan.PasswordStealer.GM, C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\USERS\EMILIANO\DOWNLOADS\THE SIMS 4 [MULTI17][PCDVD][ESPECIAL GT][EXTRAS][P2P][WWW.GAMESTORRENTS.COM]\P2P-S4IMSALL\THE SIMS 4 - CRACK V2 & UPDATE\CRACK\GAME\BIN\3DMGAME.DLL, En cuarentena, 9827, 147575, 1.0.22586, , ame, 

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Emiliano_Pardo_Guenz · 17 Abril, 2020 23:27

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-17-2020
# Duration: 00:00:13
# OS:       Windows 10 Home
# Cleaned:  19
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\SecuritySuite
Deleted       C:\ProgramData\TotalAV

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\SSProtect
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.ASUSSmartGesture   Folder   C:\Program Files (x86)\ASUS\ASUS SMART GESTURE
Deleted       Preinstalled.ASUSSmartGesture   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E3A8135-62FD-4EE5-857A-C6FAD69862F1} 
Deleted       Preinstalled.ASUSSmartGesture   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Smart Gesture Launcher
Deleted       Preinstalled.ASUSSmartGesture   Registry   HKLM\Software\Classes\CLSID\{F31B5912-07D6-4895-B4BA-5486CF3B18B1}
Deleted       Preinstalled.ASUSSmartGesture   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}
Deleted       Preinstalled.ASUSSmartGesture   Task   C:\Windows\System32\Tasks\ASUS SMART GESTURE LAUNCHER
Deleted       Preinstalled.HPCoolSense   Folder   C:\Users\Emiliano\AppData\Local\HP\HP COOLSENSE
Deleted       Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HP\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\HP\SUPPORT
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Emiliano\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}
Deleted       Preinstalled.HPSureConnect   Folder   C:\Program Files\HPCOMMRECOVERY


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3265 octets] - [17/04/2020 19:40:57]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Emiliano_Pardo_Guenz · 17 Abril, 2020 23:28

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by Emiliano (Administrator) on vie. 17/04/2020 at 19:49:25,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2 

Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\Users\Public\asr.dat (File) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on vie. 17/04/2020 at 20:08:10,84
End of JRT log

Emiliano_Pardo_Guenz · 17 Abril, 2020 23:32

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2020
Ran by Emiliano (administrator) on DESKTOP-CESQG9F (ASUSTeK COMPUTER INC. X540LA) (17-04-2020 20:10:33)
Running from C:\Users\Emiliano\Desktop
Loaded Profiles: Emiliano (Available Profiles: Emiliano)
Platform: Windows 10 Home Version 1903 18362.778 (X64) Language: Inglés (Estados Unidos)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Users\Emiliano\AppData\Local\Google\Chrome\Application\chrome.exe <10>
(Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(MAGIX AG) [File not signed] C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Emiliano\Desktop\MBAMWsc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20022.11011.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20270739-F0D7-4CAA-824A-D270832638EA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DDBF744-64BE-4170-97E8-2AAFC477B09B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2554443758-3275583905-1075851082-1001UA1d577ef4a5c741f => C:\Users\Emiliano\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2018-11-24] (Google Inc -> Google Inc.)
Task: {3A3CD896-B7A9-4EEF-A93B-DB820F15421C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2554443758-3275583905-1075851082-1001Core => C:\Users\Emiliano\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2018-11-24] (Google Inc -> Google Inc.)
Task: {4E435573-075B-4923-B877-515F91CFCACC} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {6D0D0100-5F8F-4772-AAE3-903ED4290564} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7A99D76D-3E92-4223-A5EF-5FDCF831BE23} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18227896 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7BA3B3C9-E665-41F4-B63C-AD086519AC17} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [668464 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {7EFFBE5D-EB00-4A9A-A170-6C14FFBA1184} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Emiliano\Desktop\esetonlinescanner.exe
Task: {858252A8-6E9F-48F3-9CDC-166D73742182} - System32\Tasks\Opera scheduled Autoupdate 1543096825 => C:\Users\Emiliano\AppData\Local\Programs\Opera\launcher.exe [1538584 2020-03-27] (Opera Software AS -> Opera Software)
Task: {930D407B-14C6-4179-B3F5-0C335CAE3D3B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2554443758-3275583905-1075851082-1001Core1d577ef4a46ffcc => C:\Users\Emiliano\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2018-11-24] (Google Inc -> Google Inc.)
Task: {98B9CDEB-9649-4F88-838E-3AE4F2F653EB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9D515AD0-3196-4695-A76C-91B342424529} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-04-02] (Adobe Inc. -> Adobe)
Task: {AE0671F5-434A-41AC-927A-4FE52320222A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BBBA54C1-4D05-40C8-9E06-A21748DBCE3E} - System32\Tasks\NCH Software\DoxillionDowngrade => C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe [1501264 2018-12-13] (NCH Software Pty Ltd -> NCH Software)
Task: {CF0E2B5F-39F6-4728-8B68-D68D5D97B998} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407736 2015-11-16] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {D8DB1D40-53A5-4670-935F-C79CF7AED0D6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {D8F1426A-4AE9-4059-A7B8-3C98AA99D1AA} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Emiliano\Desktop\esetonlinescanner.exe
Task: {D96AB6DB-E5A0-4F48-9531-A38A7EE0FF9C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2015-11-16] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {E21DF3FA-A723-4E8C-B664-1C9637D263D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E7ECC55A-0D86-4DC8-BC46-2AAF00700CFE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2554443758-3275583905-1075851082-1001UA => C:\Users\Emiliano\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2018-11-24] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.49.130.52 200.42.4.203
Tcpip\..\Interfaces\{3849e469-9e9a-4d78-868d-6e03505a4f7c}: [DhcpNameServer] 20.0.1.5 20.0.1.7
Tcpip\..\Interfaces\{670f0800-8bad-4ff2-844e-ae0710d7507a}: [DhcpNameServer] 20.0.1.5 20.0.1.7
Tcpip\..\Interfaces\{6b499093-07f3-4c8f-9002-8d42a7db6656}: [DhcpNameServer] 200.49.130.52 200.42.4.203
Tcpip\..\Interfaces\{7a9a06e3-9036-4107-9b9f-21dbf944f7c0}: [DhcpNameServer] 200.42.4.207 200.49.130.51

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2554443758-3275583905-1075851082-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Emiliano\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-08] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538: @zoom.us/ZoomVideoPlugin -> C:\Users\Emiliano\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-08] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522: @zoom.us/ZoomVideoPlugin -> C:\Users\Emiliano\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-08] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default [2020-04-17]
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: Default -> "hxxp://google.com.ar/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Presentaciones) - C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-01]
CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2020-03-01]
CHR Extension: (Safe Torrent Scanner) - C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2020-03-01]
CHR Extension: (Documentos) - C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-01]
CHR Extension: (Google Drive) - C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-03-01]
CHR Extension: (YouTube) - C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-01]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-06]
CHR Extension: (Hojas de cálculo) - C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-01]
CHR Extension: (Cloud SWF Player with Drive) - C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhhaadihgfcgmlefioblaahpnglnkbk [2020-03-01]
CHR Extension: (EditThisCookie) - C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2020-03-01]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-10]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-01]
CHR Extension: (Gmail) - C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-03-01]
CHR Extension: (Chrome Media Router) - C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-11]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [382712 2019-09-04] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd -> Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [1700968 2017-06-12] (Intel Corporation -> Intel Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2019-12-26] (Huawei Technologies Co., Ltd. -> ) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-12-01] (Intel(R) pGFX -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-06-06] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2018-11-24] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-04-10] (Intel Corporation-Wireless Connectivity Solutions -> )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2475312 2019-12-29] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3352376 2019-12-29] (Electronic Arts, Inc. -> Electronic Arts)
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [974848 2019-03-01] (Microsoft Windows -> )
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [290816 2020-03-14] (Microsoft Windows -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12001112 2019-08-07] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-04-10] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
R3 AsusSGDrv; C:\WINDOWS\System32\drivers\AsusSGDrv.sys [140032 2019-08-19] (ASUSTek Computer Inc. -> ASUS Corporation)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2019-03-19] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-03-07] (Bluestack Systems, Inc -> Bluestack System Inc. )
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69560 2017-06-12] (Intel Corporation -> Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2015-08-13] (Intel(R) Software -> Intel Corporation)
R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [33592 2020-03-16] (DEV47 APPS -> Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [229432 2020-03-16] (DEV47 APPS -> Dev47Apps)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-11-24] (Disc Soft Ltd -> Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [382392 2017-06-12] (Intel Corporation -> Intel Corporation)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-02-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2019-12-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-10] (Intel(R) Software -> Intel Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [60504 2017-05-16] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [64600 2017-05-16] (Synaptics Incorporated -> Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Emiliano_Pardo_Guenz · 17 Abril, 2020 23:32

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-17 20:10 - 2020-04-17 20:12 - 000022142 _____ C:\Users\Emiliano\Desktop\FRST.txt
2020-04-17 20:10 - 2020-04-17 20:11 - 000000000 ____D C:\FRST
2020-04-17 20:08 - 2020-04-17 20:08 - 000000668 _____ C:\Users\Emiliano\Desktop\JRT.txt
2020-04-17 19:39 - 2020-04-17 19:43 - 000000000 ____D C:\AdwCleaner
2020-04-17 19:37 - 2020-04-17 20:08 - 000000000 ____D C:\Users\Emiliano\Desktop\para reparar compu
2020-04-17 17:19 - 2020-04-17 19:56 - 000000000 ____D C:\Users\Emiliano\Desktop\sdk
2020-04-17 17:18 - 2020-04-17 17:18 - 006009816 _____ (Malwarebytes) C:\Users\Emiliano\Desktop\MBAMInstallerService.exe
2020-04-17 17:18 - 2020-04-17 17:18 - 002376736 _____ (Malwarebytes) C:\Users\Emiliano\Desktop\MBAMWsc.exe
2020-04-17 17:18 - 2020-04-17 17:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-04-17 17:18 - 2020-04-17 13:39 - 001965536 _____ (Malwarebytes) C:\Users\Emiliano\Desktop\mbuns.exe
2020-04-17 14:51 - 2020-04-17 14:51 - 001214392 _____ C:\Users\Emiliano\Desktop\000 - Material para Envios a Delegaciones.zip
2020-04-17 14:00 - 2020-04-17 14:00 - 000013226 _____ C:\Users\Emiliano\Documents\cc_20200417_140049.reg
2020-04-17 13:48 - 2020-04-17 19:48 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-04-17 13:48 - 2020-04-17 13:48 - 000002894 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-04-17 13:48 - 2020-04-17 13:48 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-04-17 13:48 - 2020-04-17 13:48 - 000000870 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-04-17 13:48 - 2020-04-17 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-04-17 13:48 - 2020-04-17 13:48 - 000000000 ____D C:\Program Files\CCleaner
2020-04-17 13:43 - 2020-04-17 13:43 - 002281472 _____ (Farbar) C:\Users\Emiliano\Desktop\FRST64.exe
2020-04-17 13:42 - 2020-04-17 13:42 - 008196784 _____ (Malwarebytes) C:\Users\Emiliano\Desktop\adwcleaner_8.0.4.exe
2020-04-17 13:40 - 2020-04-17 13:40 - 001790024 _____ (Malwarebytes) C:\Users\Emiliano\Desktop\JRT.exe
2020-04-17 13:39 - 2020-04-17 13:39 - 022267336 _____ (Piriform Software Ltd) C:\Users\Emiliano\Desktop\ccsetup565.exe
2020-04-17 13:39 - 2020-04-17 13:39 - 001965536 _____ (Malwarebytes) C:\Users\Emiliano\Desktop\MBSetup.exe
2020-04-17 09:42 - 2020-04-17 09:42 - 000003812 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-04-17 09:42 - 2020-04-17 09:42 - 000003370 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-04-16 23:42 - 2020-04-16 23:42 - 000000753 _____ C:\Users\Emiliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-04-16 23:28 - 2020-04-16 23:28 - 011284138 _____ C:\Users\Emiliano\Desktop\rvn_c0y0t3_rvn_-_01x12_-__m720p.LAT.mkv.crdownload
2020-04-16 18:07 - 2020-04-16 20:10 - 749888210 _____ C:\Users\Emiliano\Desktop\rvn_c0y0t3_rvn_-_01x13_-__m720p.LAT.mkv
2020-04-16 13:36 - 2020-04-16 13:36 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-16 13:36 - 2020-04-16 13:36 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-16 13:36 - 2020-04-16 13:36 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-16 13:36 - 2020-04-16 13:36 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-16 13:36 - 2020-04-16 13:36 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-16 13:36 - 2020-04-16 13:36 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-16 13:36 - 2020-04-16 13:36 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-16 13:36 - 2020-04-16 13:36 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-16 13:36 - 2020-04-16 13:36 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-16 13:36 - 2020-04-16 13:36 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-16 13:36 - 2020-04-16 13:36 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-16 13:36 - 2020-04-16 13:36 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-16 13:36 - 2020-04-16 13:36 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-16 13:36 - 2020-04-16 13:36 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-16 13:36 - 2020-04-16 13:36 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-16 13:36 - 2020-04-16 13:36 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-16 13:36 - 2020-04-16 13:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-16 13:36 - 2020-04-16 13:36 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-16 13:36 - 2020-04-16 13:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-16 13:36 - 2020-04-16 13:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-16 13:36 - 2020-04-16 13:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-16 13:36 - 2020-04-16 13:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-16 13:36 - 2020-04-16 13:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-16 13:36 - 2020-04-16 13:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-16 13:36 - 2020-04-16 13:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-16 13:36 - 2020-04-16 13:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-16 13:36 - 2020-04-16 13:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-16 13:36 - 2020-04-16 13:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-16 13:36 - 2020-04-16 13:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-16 13:36 - 2020-04-16 13:36 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-16 13:35 - 2020-04-16 13:35 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-16 13:35 - 2020-04-16 13:35 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-16 13:35 - 2020-04-16 13:35 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-16 13:35 - 2020-04-16 13:35 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-16 13:35 - 2020-04-16 13:35 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-16 13:35 - 2020-04-16 13:35 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-16 13:35 - 2020-04-16 13:35 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-16 13:35 - 2020-04-16 13:35 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-16 13:35 - 2020-04-16 13:35 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-16 13:35 - 2020-04-16 13:35 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-16 13:35 - 2020-04-16 13:35 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-16 13:35 - 2020-04-16 13:35 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-16 13:35 - 2020-04-16 13:35 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-16 13:35 - 2020-04-16 13:35 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-16 13:35 - 2020-04-16 13:35 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-16 13:35 - 2020-04-16 13:35 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-16 13:35 - 2020-04-16 13:35 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-16 13:35 - 2020-04-16 13:35 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-16 13:34 - 2020-04-16 13:34 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-16 13:34 - 2020-04-16 13:34 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-16 13:34 - 2020-04-16 13:34 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-16 13:34 - 2020-04-16 13:34 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-16 13:34 - 2020-04-16 13:34 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-16 13:34 - 2020-04-16 13:34 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-16 13:34 - 2020-04-16 13:34 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-16 13:34 - 2020-04-16 13:34 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-16 13:34 - 2020-04-16 13:34 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-16 13:34 - 2020-04-16 13:34 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-16 13:34 - 2020-04-16 13:34 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-16 13:34 - 2020-04-16 13:34 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-16 13:34 - 2020-04-16 13:34 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-16 13:34 - 2020-04-16 13:34 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-16 13:34 - 2020-04-16 13:34 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-16 13:34 - 2020-04-16 13:34 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-16 13:34 - 2020-04-16 13:34 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-16 13:09 - 2020-03-17 00:57 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-16 13:09 - 2020-03-17 00:56 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-16 12:05 - 2020-04-16 12:05 - 000011746 _____ C:\Users\Emiliano\Documents\cc_20200416_120504.reg
2020-04-15 14:49 - 2020-04-15 14:49 - 000179290 _____ C:\Users\Emiliano\Documents\cc_20200415_144943.reg
2020-04-14 16:42 - 2020-04-14 16:43 - 000000035 _____ C:\ProgramData\droidcam-settings
2020-04-14 16:40 - 2020-04-14 16:40 - 000001102 _____ C:\Users\Emiliano\Desktop\DroidCamApp.lnk
2020-04-14 16:40 - 2020-04-14 16:40 - 000000000 ____D C:\Users\Emiliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam
2020-04-14 16:39 - 2020-04-14 16:40 - 000000000 ____D C:\Program Files (x86)\DroidCam
2020-04-13 17:57 - 2020-04-13 17:58 - 001306629 _____ C:\Users\Emiliano\Desktop\Formación Full Coaching 2020.pdf
2020-04-13 02:30 - 2020-04-13 02:30 - 000000165 ____H C:\Users\Emiliano\Desktop\~$cobrado cdh.xlsx
2020-04-13 00:43 - 2020-04-15 04:00 - 000009318 _____ C:\Users\Emiliano\Desktop\cobrado cdh.xlsx
2020-04-11 19:02 - 2020-04-11 19:02 - 000016147 _____ C:\Users\Emiliano\Desktop\consultaaliascbu20200319120518.pdf
2020-04-11 14:16 - 2020-04-11 14:16 - 005433803 _____ C:\Users\Emiliano\Desktop\Grabación (15).m4a
2020-04-08 18:48 - 2020-04-08 18:48 - 000000000 ____D C:\Users\Emiliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-04-06 20:36 - 2020-04-06 20:36 - 000080047 _____ C:\Users\Emiliano\Desktop\CD AACOP 2020-2022.jpeg
2020-04-06 17:22 - 2020-04-06 17:22 - 000000165 ____H C:\Users\Emiliano\Desktop\~$Listado Asociados incriptos habilitados a votar ASAMBELA 2020.xlsx
2020-04-05 12:41 - 2020-04-05 12:45 - 000000000 ____D C:\Users\Emiliano\Documents\Image-Line
2020-04-04 00:32 - 2020-04-16 12:47 - 000000000 ____D C:\Users\Emiliano\Desktop\Canciones con Pablo
2020-04-04 00:10 - 2020-04-04 00:10 - 000000000 ____D C:\Users\Emiliano\Desktop\inteligencia-emocional-recursos-adicionales
2020-04-03 22:21 - 2020-04-03 22:21 - 000698119 _____ C:\Users\Emiliano\Desktop\Invitacion a CD 2020 - 2022 Emiliano Pardo Guenzatti.pdf
2020-04-02 20:34 - 2020-04-02 20:35 - 022267336 _____ (Piriform Software Ltd) C:\Users\Emiliano\Downloads\ccsetup565.exe
2020-04-02 17:51 - 2020-04-02 20:38 - 000003808 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-02 17:50 - 2020-04-02 17:51 - 000000000 ____D C:\Users\Emiliano\AppData\Local\Adobe
2020-04-02 16:21 - 2020-04-07 12:59 - 000022347 ____H C:\Users\Emiliano\Desktop\~WRL1008.tmp
2020-04-02 10:39 - 2020-04-02 10:39 - 000001419 _____ C:\Users\Emiliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2020-04-02 01:09 - 2020-04-02 01:09 - 000001889 _____ C:\Users\Public\Desktop\FL Studio 20.lnk
2020-04-02 01:09 - 2020-04-02 01:09 - 000001889 _____ C:\ProgramData\Desktop\FL Studio 20.lnk
2020-04-02 01:09 - 2020-04-02 01:09 - 000000000 ____D C:\Users\Emiliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2020-04-02 01:09 - 2020-04-02 01:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2020-04-02 01:09 - 2020-04-02 01:09 - 000000000 ____D C:\Program Files\Common Files\VST2
2020-04-02 01:09 - 2020-04-02 01:09 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2020-04-02 01:09 - 2020-04-02 01:09 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2020-04-02 01:02 - 2020-04-02 01:10 - 000000000 ____D C:\Program Files\Image-Line
2020-04-02 00:52 - 2020-04-02 00:52 - 000000000 ____D C:\Program Files (x86)\MSXML 4.0
2020-04-01 23:29 - 2020-04-01 23:29 - 000000000 ___HD C:\OneDriveTemp
2020-04-01 22:51 - 2020-04-01 22:51 - 000000000 ____D C:\Users\Emiliano\Documents\Descargas MAGIX
2020-04-01 22:50 - 2020-04-01 23:23 - 000000000 ____D C:\Users\Emiliano\AppData\Local\MusicMaker
2020-04-01 22:48 - 2020-04-01 22:48 - 000000000 ____D C:\Users\Public\Documents\MAGIX
2020-04-01 22:48 - 2020-04-01 22:48 - 000000000 ____D C:\ProgramData\Documents\MAGIX
2020-04-01 22:47 - 2020-04-02 00:52 - 000000000 ___RD C:\Users\Emiliano\Documents\MAGIX
2020-04-01 22:47 - 2020-04-01 22:47 - 000001241 _____ C:\Users\Public\Desktop\Music Maker.lnk
2020-04-01 22:47 - 2020-04-01 22:47 - 000001241 _____ C:\ProgramData\Desktop\Music Maker.lnk
2020-04-01 22:47 - 2020-04-01 22:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2020-04-01 22:46 - 2020-04-02 00:55 - 000000000 ____D C:\ProgramData\MAGIX
2020-04-01 22:46 - 2020-04-02 00:55 - 000000000 ____D C:\Program Files (x86)\MAGIX
2020-04-01 21:52 - 2020-04-01 22:48 - 000000000 ____D C:\Users\Emiliano\AppData\Roaming\MAGIX
2020-04-01 21:52 - 2020-04-01 21:52 - 000000000 ____D C:\Users\Emiliano\Documents\MAGIX Downloads
2020-04-01 21:47 - 2020-04-01 21:47 - 003032920 _____ (MAGIX Software GmbH) C:\Users\Emiliano\Desktop\trial_musicmaker2015_dlm.exe
2020-04-01 14:47 - 2020-04-01 14:48 - 010518528 _____ C:\Users\Emiliano\Desktop\run coyote run.mp4.crdownload
2020-03-28 23:37 - 2020-03-28 23:37 - 000012721 ____H C:\Users\Emiliano\Desktop\~WRL0004.tmp
2020-03-27 19:52 - 2020-03-27 19:52 - 000000000 ____D C:\Users\Emiliano\Documents\Zoom
2020-03-22 15:11 - 2020-04-02 20:38 - 000003026 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper
2020-03-22 14:51 - 2020-03-22 14:51 - 000002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2020-03-22 14:51 - 2020-03-22 14:51 - 000001771 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk
2020-03-22 14:48 - 2020-03-22 15:07 - 000000000 ____D C:\ProgramData\BlueStacks
2020-03-22 14:48 - 2020-03-22 14:48 - 000000000 ____D C:\Program Files\BlueStacks
2020-03-22 14:44 - 2020-03-22 14:48 - 000000000 ____D C:\Users\Public\BlueStacks
2020-03-22 14:44 - 2020-03-22 14:48 - 000000000 ____D C:\Users\Emiliano\AppData\Local\BlueStacks
2020-03-22 14:44 - 2020-03-22 14:47 - 000000000 ____D C:\Users\Emiliano\AppData\Local\BlueStacksSetup

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-17 20:09 - 2019-03-19 01:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-17 19:56 - 2019-03-19 01:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-04-17 19:46 - 2018-11-24 09:05 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-04-17 19:46 - 2018-11-24 09:05 - 000000000 __SHD C:\Users\Emiliano\IntelGraphicsProfiles
2020-04-17 19:45 - 2020-01-27 00:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-17 19:45 - 2019-08-21 22:02 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-04-17 19:44 - 2019-03-19 01:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-04-17 19:43 - 2020-01-26 23:37 - 000000000 ____D C:\Program Files (x86)\ASUS
2020-04-17 19:43 - 2018-11-24 20:47 - 000000000 ____D C:\Users\Emiliano\AppData\Local\HP
2020-04-17 19:43 - 2018-11-24 19:32 - 000000000 ____D C:\Users\Emiliano\AppData\Roaming\Hewlett-Packard
2020-04-17 19:43 - 2017-07-10 07:01 - 000000000 ____D C:\ProgramData\HP
2020-04-17 19:43 - 2017-07-10 07:00 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2020-04-17 19:43 - 2017-06-19 22:12 - 000000000 ___HD C:\hp
2020-04-17 19:31 - 2020-01-27 00:06 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2020-04-17 18:28 - 2020-01-26 23:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-17 11:39 - 2018-11-24 19:08 - 000000000 ____D C:\Users\Emiliano\Desktop\Emi
2020-04-16 19:04 - 2019-03-19 01:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-16 18:03 - 2018-11-24 11:21 - 000000000 ____D C:\Users\Emiliano\AppData\Roaming\vlc
2020-04-16 14:13 - 2020-01-27 03:37 - 000828514 _____ C:\WINDOWS\system32\perfh00A.dat
2020-04-16 14:13 - 2020-01-27 03:37 - 000173814 _____ C:\WINDOWS\system32\perfc00A.dat
2020-04-16 14:13 - 2020-01-26 23:56 - 001931892 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-16 14:07 - 2020-01-26 23:32 - 000547528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-16 14:04 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2020-04-16 14:04 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-16 14:04 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-16 14:04 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-16 14:04 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2020-04-16 14:04 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-16 14:04 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-16 14:04 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-16 13:44 - 2019-03-19 01:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-16 13:21 - 2019-07-21 18:44 - 000000000 ____D C:\Program Files (x86)\RAPoker
2020-04-16 01:09 - 2019-03-19 01:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-16 01:09 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-15 18:49 - 2019-09-29 21:00 - 000000000 ____D C:\Users\Emiliano\Desktop\Centro de desarrollo humano
2020-04-14 21:17 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-04-08 18:48 - 2018-12-03 13:03 - 000000000 ____D C:\Users\Emiliano\AppData\Roaming\Zoom
2020-04-07 18:37 - 2018-11-24 11:15 - 000000000 ____D C:\Users\Emiliano\Desktop\Romi
2020-04-07 12:59 - 2018-11-24 11:09 - 000000000 ____D C:\Users\Emiliano\Desktop\coaching
2020-04-05 16:52 - 2020-02-20 15:05 - 000000081 _____ C:\Users\Emiliano\AppData\Local\.bidstack.fault
2020-04-05 16:29 - 2020-01-23 15:52 - 000000000 ____D C:\Program Files (x86)\Steam
2020-04-04 00:32 - 2018-12-12 22:06 - 000000000 ____D C:\Users\Emiliano\AppData\Roaming\audacity
2020-04-02 20:45 - 2018-11-24 18:58 - 000000000 ____D C:\Users\Emiliano\AppData\Roaming\DAEMON Tools Lite
2020-04-02 20:44 - 2019-08-12 02:02 - 000000000 ___DC C:\WINDOWS\Panther
2020-04-02 20:38 - 2020-01-27 00:03 - 000003600 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1543096825
2020-04-02 20:38 - 2020-01-27 00:03 - 000002922 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2554443758-3275583905-1075851082-1001
2020-04-02 19:42 - 2019-06-18 02:42 - 000000000 ____D C:\Users\Emiliano\AppData\Local\FullTilt
2020-04-02 17:51 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-02 17:51 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-02 10:31 - 2018-11-23 22:44 - 000000000 ___RD C:\Users\Emiliano\OneDrive
2020-04-02 01:33 - 2018-11-24 11:03 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-04-02 00:52 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\Help
2020-04-01 22:46 - 2017-07-10 06:58 - 000000000 ____D C:\ProgramData\Package Cache
2020-03-31 12:51 - 2018-11-27 23:28 - 000000000 ____D C:\Users\Emiliano\AppData\Local\PlaceholderTileLogoFolder
2020-03-31 12:51 - 2018-11-23 22:35 - 000000000 ____D C:\Users\Emiliano\AppData\Local\Packages
2020-03-25 17:40 - 2019-01-28 16:39 - 000000000 ____D C:\Users\Emiliano\Documents\Archivos de Outlook
2020-03-25 10:27 - 2018-11-24 11:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-03-24 16:37 - 2019-08-21 22:02 - 000000000 ____D C:\Users\Emiliano\AppData\Roaming\TeamViewer
2020-03-24 01:08 - 2018-12-17 15:41 - 000025666 _____ C:\Users\Emiliano\Desktop\Pelis, libros y musica para tener en cuenta.xlsx
2020-03-24 00:20 - 2018-11-23 22:35 - 000000000 ____D C:\Users\Emiliano\AppData\Local\ConnectedDevicesPlatform
2020-03-23 18:49 - 2020-02-15 18:20 - 000000000 ____D C:\Users\Emiliano\Desktop\modo indigo
2020-03-20 21:35 - 2020-01-27 00:03 - 000003858 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2554443758-3275583905-1075851082-1001UA1d577ef4a5c741f
2020-03-20 21:35 - 2020-01-27 00:03 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2554443758-3275583905-1075851082-1001Core1d577ef4a46ffcc

==================== Files in the root of some directories ========

2018-07-28 10:51 - 2018-07-28 10:51 - 001388448 _____ () C:\Users\Public\GROUP.dat
2020-02-20 15:05 - 2020-04-05 16:52 - 000000081 _____ () C:\Users\Emiliano\AppData\Local\.bidstack.fault

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Emiliano_Pardo_Guenz · 17 Abril, 2020 23:33

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2020
Ran by Emiliano (17-04-2020 20:13:39)
Running from C:\Users\Emiliano\Desktop
Windows 10 Home Version 1903 18362.778 (X64) (2020-01-27 03:04:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2554443758-3275583905-1075851082-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2554443758-3275583905-1075851082-503 - Limited - Disabled)
Emiliano (S-1-5-21-2554443758-3275583905-1075851082-1001 - Administrator - Enabled) => C:\Users\Emiliano
Guest (S-1-5-21-2554443758-3275583905-1075851082-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2554443758-3275583905-1075851082-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.344 - Adobe)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.180.10.1006 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.65 - Piriform)
Commandos 3 - Destination Berlin (HKLM-x32\...\{C270BC04-1540-4673-960F-A546B2C860CD}) (Version:  - )
Compresor WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.0.0.0054 - Disc Soft Ltd)
Doxillion, convertidor de documentos (HKLM-x32\...\Doxillion) (Version: 3.13 - NCH Software)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Full Tilt (HKLM-x32\...\Full Tilt) (Version:  - Full Tilt)
Google Chrome (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\Google Chrome) (Version: 81.0.4044.113 - Google LLC)
Google Chrome (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\Google Chrome) (Version: 81.0.4044.113 - Google LLC)
Google Chrome (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\Google Chrome) (Version: 81.0.4044.113 - Google LLC)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 10.0.1.100 - )
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10203.4295 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4691 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1713.2 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.1.22 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{98970ddc-844d-4ec3-b93e-52f5f693b305}) (Version: 3.10.100.3429 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{227fd89d-2205-499a-8b73-9ec775789c4d}) (Version: 19.70.0 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{9315B8DE-B183-4126-A69E-150B8ABF3690}) (Version: 3.10.100.3429 - Intel Corporation) Hidden
MAGIX Contenido y Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Goya burnR (MSI) (HKLM\...\{CBA26318-2E11-4A07-BB6D-81D5B9516555}) (Version: 4.3.1.6 - MAGIX Software GmbH) Hidden
MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{CBA26318-2E11-4A07-BB6D-81D5B9516555}) (Version: 4.3.1.6 - MAGIX Software GmbH)
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{62ED0962-0942-4859-8448-D350614BF248}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Video Editor Plus 2020 (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\Movavi Video Editor Plus 2020) (Version: 20.1.0 - Movavi)
Movavi Video Editor Plus 2020 (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\Movavi Video Editor Plus 2020) (Version: 20.1.0 - Movavi)
Movavi Video Editor Plus 2020 (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\Movavi Video Editor Plus 2020) (Version: 20.1.0 - Movavi)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Music Maker (HKLM\...\{DC21CFD5-02AC-4C89-8D35-85506A9FEB55}) (Version: 28.0.2.43 - MAGIX Software GmbH) Hidden
Music Maker (HKLM-x32\...\MX.{DC21CFD5-02AC-4C89-8D35-85506A9FEB55}) (Version: 28.0.2.43 - MAGIX Software GmbH)
Nero 7.10.1.0 (HKLM-x32\...\Nero7_is1) (Version: 7.10.1.0 - Nero AG)
Opera Stable 67.0.3575.115 (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\Opera 67.0.3575.115) (Version: 67.0.3575.115 - Opera Software)
Opera Stable 67.0.3575.115 (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\Opera 67.0.3575.115) (Version: 67.0.3575.115 - Opera Software)
Opera Stable 67.0.3575.115 (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\Opera 67.0.3575.115) (Version: 67.0.3575.115 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.57.35162 - Electronic Arts, Inc.)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
PokerStars.es (HKLM-x32\...\PokerStars.es) (Version:  - PokerStars.es)
RAPoker (HKLM-x32\...\RAPoker 0) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7661 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.5.1691 - TeamViewer)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
uTorrent Web (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\utweb) (Version: 0.21.0 - BitTorrent, Inc.)
uTorrent Web (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\utweb) (Version: 0.21.0 - BitTorrent, Inc.)
uTorrent Web (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\utweb) (Version: 0.21.0 - BitTorrent, Inc.)
VideoPad, editor de vídeo (HKLM-x32\...\VideoPad) (Version: 6.26 - NCH Software)
Vita Concert Grand LE (HKLM\...\{57C401B8-C121-462E-A2B1-9E9EE57875A8}) (Version: 2.4.0.96 - MAGIX Software GmbH) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2017 (HKLM-x32\...\{3CC29C1A-B5FE-457B-1234-32A2557A92C7}}_is1) (Version:  - winmoviemaker)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Zoom (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)
Zoom (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)
Zoom (HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

Packages:
=========
¡Solitario! -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.18.78.0_x64__kx24dqmazqk8j [2020-03-05] (Random Salad Games LLC) [MS Ad]
Complemento de motor multimedia para Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-31] (Microsoft Corporation)
Dropbox - promoción -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-15] (Dropbox Inc.)
EdgeDevtoolsPlugin -> C:\WINDOWS\SystemApps\Microsoft.EdgeDevtoolsPlugin_cw5n1h2txyewy [2020-04-16] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.728.0_x64__v10z8vjag6ke6 [2020-04-15] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.4030.0_x64__8wekyb3d8bbwe [2020-04-15] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-11] (Netflix, Inc.)
Trio Office -> C:\Program Files\WindowsApps\64343GTDocStudio.OfficeDocOpener_3.2.16.0_x86__3h5nez1g3qt2c [2020-03-13] (GT Office PDF Studio)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-06-01] (WinZip Computing)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2554443758-3275583905-1075851082-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Emiliano\AppData\Local\Google\Chrome\Application\81.0.4044.113\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2554443758-3275583905-1075851082-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Emiliano\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2554443758-3275583905-1075851082-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\Emiliano\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-09-14] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-09-14] () [File not signed]
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-09-14] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-09-14] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-09-14] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-09-14] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 18:03 - 2017-03-18 18:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2019-07-24 22:58 - 2019-07-24 23:05 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194539647\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542084\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540303\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542319\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AACEB386-C3CE-4DA5-BD72-D33D2DB31736}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2020\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [{003DB968-2EAB-4318-A56E-C05E9F9C702D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2020\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [{D8C26640-C625-4481-8663-A973E9E35E28}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BA2188A0-330B-4D49-B9E3-B4067DD24BBF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{03484BE3-20B1-47C7-9CF9-ACBC42B8E47B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{1842EA38-A43B-4A22-8DF2-8DEC873CC41D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{426B02C9-4348-4FA4-9DE3-1E5ED01A614B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{CB285EEF-A78A-42C9-91F7-F2F9C9E856EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [UDP Query User{FB900949-687B-4C72-BDFF-712BC9493740}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{AA9C7FCC-EEAA-4019-BCF9-5117EF9BDFA9}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{2626BDDA-3D28-40C4-A41F-10B4247F1BBD}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{D2A3AECB-CBAF-423E-AFFF-8D29446AC7C4}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [UDP Query User{8E67A450-407F-40AF-9001-5A65C654D917}C:\users\emiliano\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\emiliano\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{953A043C-C20C-4DA1-A5E9-54E1B57D2B5F}C:\users\emiliano\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\emiliano\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{B8A475B1-1611-427F-953D-04E45E211FDF}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{E28D64C9-85A5-4A3C-9665-92EF1952A8C9}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{AE72FC64-CF6F-4EFF-9DAD-7EEFEFA6A643}C:\users\emiliano\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\emiliano\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{E45E726E-B73A-4DCF-903F-09E5708C298B}C:\users\emiliano\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\emiliano\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{24D6E7DB-3F0B-4074-8123-EF2573C406EC}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{4FDB8AF5-49B9-4F47-8C19-2EE3AB4F891E}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{7B92FE23-F48F-42FB-987C-311E8F864869}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{885FBEBA-B135-4008-B4DB-F1B7F17945E9}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{66B40300-4E32-4B5B-8CBA-A60F8BE35254}C:\games\football manager 2019\fm.exe] => (Allow) C:\games\football manager 2019\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [TCP Query User{2E0BB814-AF96-47F9-9D5F-664D5B88F0FD}C:\games\football manager 2019\fm.exe] => (Allow) C:\games\football manager 2019\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [UDP Query User{DFC59EB3-6F47-47F6-A669-0161EEC297D3}C:\users\emiliano\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\emiliano\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [TCP Query User{4A5CD140-C1ED-4A23-9625-98A8599E111D}C:\users\emiliano\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\emiliano\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{B2A57181-EC6A-4907-969A-4120C713D9FB}] => (Allow) C:\Users\Emiliano\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{8B2232E8-DD15-4AF6-8BD2-61CAC654FFC3}C:\games\football manager 2019\fm.exe] => (Allow) C:\games\football manager 2019\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [TCP Query User{1EA632F1-1818-4458-98A1-19F2AFA6F644}C:\games\football manager 2019\fm.exe] => (Allow) C:\games\football manager 2019\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [{96B5723E-084B-457F-AF23-E30BA3AE8448}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{84F47A94-486B-4202-AC2B-AE9E5AECD036}] => (Allow) C:\Users\Emiliano\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{E280D631-D7E7-4A3D-BCD4-F63C2E88090C}] => (Allow) C:\Users\Emiliano\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{AF12590B-380A-456A-953D-214242EDF86D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E120C382-5754-40A1-B8F0-09A044D98B22}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{DFDE4926-4CBF-43F5-8285-1171B98EFEC2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{479B9D5B-8C9A-47DA-89F1-BFB29648657F}] => (Allow) LPort=2869
FirewallRules: [{110AC847-1F9E-4636-AE10-E6819934041B}] => (Allow) LPort=1900
FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe No File
FirewallRules: [{4B644325-7827-462C-B40C-677A9404B909}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{FCCE2090-D037-4431-A6B9-4E79CAA35BB2}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker\28\MusicMaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [TCP Query User{DA5B32EF-D124-46FA-AC0A-688AA09D0CEB}C:\users\emiliano\appdata\local\programs\opera\67.0.3575.115\opera.exe] => (Block) C:\users\emiliano\appdata\local\programs\opera\67.0.3575.115\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{FF5043C5-C945-4859-8BFA-9AE9F0958577}C:\users\emiliano\appdata\local\programs\opera\67.0.3575.115\opera.exe] => (Block) C:\users\emiliano\appdata\local\programs\opera\67.0.3575.115\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{9DAD6106-7857-45E4-9A5D-F98D41D57C1E}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe (DEV47 APPS -> )
FirewallRules: [{F0B2D834-61D5-416B-A80B-0454B2A6B393}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe (DEV47 APPS -> )

==================== Restore Points =========================

10-04-2020 18:48:55 Punto de control programado
16-04-2020 13:06:59 Windows Update
17-04-2020 12:04:57 Operación de restauración
17-04-2020 19:41:44 AdwCleaner_BeforeCleaning_17/04/2020_19:41:32
17-04-2020 19:49:30 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/17/2020 08:14:12 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6836,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/17/2020 08:04:57 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.

Error: (04/17/2020 08:04:52 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.

Error: (04/17/2020 08:04:47 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.

Error: (04/17/2020 08:04:42 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.

Error: (04/17/2020 08:04:37 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.

Error: (04/17/2020 08:04:32 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.

Error: (04/17/2020 08:04:27 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.


System errors:
=============
Error: (04/17/2020 07:47:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel(R) Rapid Storage Technology se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/17/2020 07:47:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Origin Web Helper Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/17/2020 07:45:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMChameleon no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (04/17/2020 07:45:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMChameleon no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (04/17/2020 07:45:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMChameleon no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (04/17/2020 07:45:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMChameleon no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (04/17/2020 07:45:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMChameleon no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (04/17/2020 07:43:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel(R) PROSet/Wireless Event Log se terminó de manera inesperada. Esto ha sucedido 1 veces.


Windows Defender:
===================================
Date: 2020-04-16 23:50:38.706
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929&enterprise=0
Nombre: VirTool:Win32/Obfuscator.XZ
Id.: 2147625929
Gravedad: Grave
Categoría: Herramienta
Ruta de acceso: file:_C:\Users\Emiliano\Downloads\The Sims 4 [MULTI17][PCDVD][ESPECIAL GT][EXTRAS][P2P][WwW.GamesTorrents.CoM]\p2p-s4imsALL\THE SIMS 4 - CRACK V2 & UPDATE\Crack\Game\Bin\3dmgame.dll
Origen de detección: Equipo local
Tipo de detección: Heurística
Origen de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Program Files (x86)\TotalAV\SecurityService.exe
Versión de inteligencia de seguridad: AV: 1.313.1687.0, AS: 1.313.1687.0, NIS: 1.313.1687.0
Versión de motor: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-04-13 22:47:23.365
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {30D5EE21-A10A-4A79-8E64-D4D6C849B00D}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2020-04-12 22:22:43.541
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {8B89F169-92D9-4104-ABFD-F96A9F1062DA}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2020-04-12 19:41:24.272
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {26EC20F6-99F9-4251-808A-A8DD96EF1C93}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2020-04-12 18:43:13.940
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {E1553361-DA16-4E50-B9A3-806FBF4A3918}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2020-04-17 19:55:58.585
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.313.1773.0
Origen de actualización: Servidor de Microsoft Update
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.16900.4
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulta Ayuda y soporte técnico. 

Date: 2020-04-17 18:54:20.343
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.313.1734.0
Origen de actualización: Servidor de Microsoft Update
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.16900.4
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulta Ayuda y soporte técnico. 

Date: 2020-04-08 01:43:25.714
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.313.967.0
Origen de actualización: Servidor de Microsoft Update
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.16900.4
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulta Ayuda y soporte técnico. 

Date: 2020-03-25 10:34:35.112
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.313.50.0
Origen de actualización: Servidor de Microsoft Update
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.16900.4
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulta Ayuda y soporte técnico. 

Date: 2020-03-20 22:23:33.286
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.311.1641.0
Origen de actualización: Servidor de Microsoft Update
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.16800.2
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulta Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2020-04-17 17:25:03.455
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-17 17:25:03.400
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-17 17:22:09.340
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-17 17:22:08.758
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-17 17:21:33.088
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-04-17 17:21:33.075
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-04-17 17:21:11.146
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-04-17 17:21:11.110
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. X540LA.203 10/13/2015
Motherboard: ASUSTeK COMPUTER INC. X540LA
Processor: Intel(R) Core(TM) i3-5020U CPU @ 2.20GHz
Percentage of memory in use: 69%
Total physical RAM: 3994.44 MB
Available physical RAM: 1233.66 MB
Total Virtual: 7066.44 MB
Available Virtual: 4107.29 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:916.42 GB) (Free:782.23 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.11 GB) (Free:1.58 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{189b76b0-32ff-49cd-ad80-c2d10f5a3d9d}\ () (Fixed) (Total:1.7 GB) (Free:1.06 GB) NTFS
\\?\Volume{b7b3f242-eabc-47b3-997a-1e97c7cf1b3c}\ () (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 69F46ED7)

Partition: GPT.

==================== End of Addition.txt =======================

Emiliano_Pardo_Guenz · 17 Abril, 2020 23:35

Ahi logré hacer todo, como te comentaba, como los cuelgues son intermitentes, recien luego de que pasa un tiempo logro saber si ahora funciona bien o no. Ahora está funcionando, pero me llevó bastante tiempo hacer todo el proceso porque se me quedó trabada varias veces en el camino. Muchisimas gracias por tu atención y ayuda, hay algo más que tenga que hacer?

JavierHF · 17 Abril, 2020 23:50

Bien… y ahora sigue estos pasos, MUY Importante Realiza una copia de seguridad del registro :

Para hacerlo descarga DelFix.exe(en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla Create registry backup, las demás casillas NO.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7EFFBE5D-EB00-4A9A-A170-6C14FFBA1184} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Emiliano\Desktop\esetonlinescanner.exe
Task: {D8F1426A-4AE9-4059-A7B8-3C98AA99D1AA} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Emiliano\Desktop\esetonlinescanner.exe
Tcpip\..\Interfaces\{3849e469-9e9a-4d78-868d-6e03505a4f7c}: [DhcpNameServer] 20.0.1.5 20.0.1.7
Tcpip\..\Interfaces\{670f0800-8bad-4ff2-844e-ae0710d7507a}: [DhcpNameServer] 20.0.1.5 20.0.1.7
S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX/Corregir y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

Emiliano_Pardo_Guenz · 18 Abril, 2020 00:18

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-04-2020
Ran by Emiliano (17-04-2020 21:01:49) Run:1
Running from C:\Users\Emiliano\Desktop
Loaded Profiles: Emiliano (Available Profiles: Emiliano)
Boot Mode: Normal
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7EFFBE5D-EB00-4A9A-A170-6C14FFBA1184} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Emiliano\Desktop\esetonlinescanner.exe
Task: {D8F1426A-4AE9-4059-A7B8-3C98AA99D1AA} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Emiliano\Desktop\esetonlinescanner.exe
Tcpip\..\Interfaces\{3849e469-9e9a-4d78-868d-6e03505a4f7c}: [DhcpNameServer] 20.0.1.5 20.0.1.7
Tcpip\..\Interfaces\{670f0800-8bad-4ff2-844e-ae0710d7507a}: [DhcpNameServer] 20.0.1.5 20.0.1.7
S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
"HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Smart Cleaning" => removed successfully
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd) => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): No automatic fix found for this entry.
HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd) => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7EFFBE5D-EB00-4A9A-A170-6C14FFBA1184}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EFFBE5D-EB00-4A9A-A170-6C14FFBA1184}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8F1426A-4AE9-4059-A7B8-3C98AA99D1AA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8F1426A-4AE9-4059-A7B8-3C98AA99D1AA}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3849e469-9e9a-4d78-868d-6e03505a4f7c}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{670f0800-8bad-4ff2-844e-ae0710d7507a}\\DhcpNameServer" => removed successfully
HKLM\System\CurrentControlSet\Services\aftap0901 => removed successfully
aftap0901 => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMChameleon => removed successfully
MBAMChameleon => service removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2554443758-3275583905-1075851082-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194540538\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2554443758-3275583905-1075851082-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172020194542522\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet 3 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Local Area Connection* 1 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Local Area Connection* 3 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Local Area Connection* 1:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Local Area Connection* 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi 2:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::3566:b2d1:d336:7910%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.237
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to cancel {764CCCD6-9B8A-4F89-922C-582475E9CE7E}.
0 out of 1 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 12345344 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44353306 B
Java, Flash, Steam htmlcache => 40042657 B
Windows/system/drivers => 18039165 B
Edge => 53690 B
Chrome => 223285724 B
Firefox => 0 B
Opera => 15967117 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 27274 B
NetworkService => 93742 B
Emiliano => 79482115 B

RecycleBin => 2978020643 B
EmptyTemp: => 3.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:07:29 ====

JavierHF · 18 Abril, 2020 15:34

Bien… y ahora pasemos a verificar como tienes el disco duro de tu equipo, para hacerlo sigue el 3er. MÉTODO: descrito en esta Faq de ayuda ¿Cómo usar CHKDSK para realizar una comprobación del disco?, que es válida también para un Windows 10.

Una vez terminado el proceso, que puede/debe durar bastante rato, debes poner el informe que se habrá guardado por parte de Windows y que tienes que encontrar siguiendo estos pasos ¿Cuándo y cómo usar el visor de eventos (eventvwr.msc)?

Fíjate bien en como es el informe que viene en ese tema, para que busques algo similar y NO pongas cualquier otra cosa.

Nos pones el informe y comentas como sigue el problema del equipo.

Saludos.

Emiliano_Pardo_Guenz · 18 Abril, 2020 16:12

Hola, no puedo abrir el CHKDSK, creo tener desactivado el windows defender y aun asi me dice que no puedo abrirlo incluso cuando quiero ejecutarlo como administrador. Como hago para desactivar por completo el windows defender?

JavierHF · 18 Abril, 2020 16:43

Como que NO puedes ejecutarlo…??

Que mensaje o pantalla de aviso te sale al intentar ejecutarlo…??

Pon una imagen Como Insertar una imagen.

Emiliano_Pardo_Guenz · 18 Abril, 2020 20:07

logré abrirlo y ejecutarlo. paso copia de informe

Nombre de registro:Application
Origen:        Microsoft-Windows-Wininit
Fecha:         18/4/2020 16:56:19
Id. del evento:1001
Categoría de la tarea:Ninguno
Nivel:         Información
Palabras clave:Clásico
Usuario:       No disponible
Equipo:        DESKTOP-CESQG9F
Descripción:


Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  635136 file records processed.                                                        


File verification completed.
  8553 large file records processed.                                   


  0 bad file records processed.                                     



Stage 2: Examining file name linkage ...
  1983 reparse records processed.                                      


  809124 index entries processed.                                                       


Index verification completed.
  0 unindexed files scanned.                                        


  0 unindexed files recovered to lost and found.                    


  1983 reparse records processed.                                      



Stage 3: Examining security descriptors ...
Cleaning up 583 unused index entries from index $SII of file 0x9.
Cleaning up 583 unused index entries from index $SDH of file 0x9.
Cleaning up 583 unused security descriptors.
Security descriptor verification completed.
  86995 data files processed.                                           


CHKDSK is verifying Usn Journal...
  39630360 USN bytes processed.                                                           


Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  635120 files processed.                                                               


File data verification completed.

Stage 5: Looking for bad, free clusters ...
  204815210 free clusters processed.                                                       


Free space verification is complete.

Windows has scanned the file system and found no problems.
No further action is required.

 960937607 KB total disk space.
 140643804 KB in 420409 files.
    259008 KB in 86996 indexes.
         0 KB in bad sectors.
    773955 KB in use by the system.
     65536 KB occupied by the log file.
 819260840 KB available on disk.

      4096 bytes in each allocation unit.
 240234401 total allocation units on disk.
 204815210 allocation units available on disk.

Internal Info:
00 b1 09 00 d2 bd 07 00 d2 31 0e 00 00 00 00 00  .........1......
68 07 00 00 57 00 00 00 00 00 00 00 00 00 00 00  h...W...........

Windows has finished checking your disk.
Please wait while your computer restarts.

JavierHF · 18 Abril, 2020 20:55

Hola.

Perfecto, ahora solo quedaría que comentes cómo sigue el problema inicialmente planteado…??

Saludos.