Mi notebook se infecto al descargar un ISO

#21

Hola @Carolina_Saggio

Algo similar me paso con Onedrive y no fue por infección es un error que puede suceder, cuando presionas en su carpeta se cuelga el explorador de archivos, tuve que desinstalar.

Prueba desinstalarlo desde el listado secreto de aplicaciones

Presionas sobre Onedrive, se te despliga la opción desinstalar. No perderás tus archivos ya que están en la nube.

No la reinstales aun hasta terminar.

Nos comentas.

Salu2

#22

Hola San , como estas? imposible lo que me decis, ya que ni abre el explorador de Windows… lo unico que pude hacer es desactivar onedrive que lo hice cuando te mande el mensaje. ahora quiero abrir explorador y no abre , quiero abrir configuracion y tampoco , ya no responde tardo miles de años para que reaccione y no ya no se que hacer … me falto crear el txt porque no me deja guardarlo el del FRST… la realidad es que ya necesito usarla y no puedo . :cry:

#23

Hola @Carolina_Saggio

Lo que mencionas no parecen síntomas del virus, ademas cuando mas tardes mas se complica, podrías estar en otros problemas del tipo hardware.

Ya han pasado varios días desde que te indique el Fixlist y los reportes cambian con cada reinicio por el momento suspendemos ese paso.

Inicia el equipo en Modo Seguro con funciones de red, prepararlo así:

"Modo a prueba de fallos".

Para activar dicho menú, debe realizar los siguientes pasos:

1.- Presione la lupa en su “Barra de Tareas” o el icono de “Cortana” según su caso. Escriba cmd

2.- En la pantalla que aparece, sobre “Símbolo del Sistema” presione:

Botón derecho >>> “Ejecutar como Administrador”.


Verá la ventana del Control de cuentas de usuario, presione en “Si”

46


3.- Se abrirá la interfaz de línea de comandos escriba tal cual:

bcdedit /set bootmenupolicy Legacy

Luego presione Enter. (esto activará el arranque con el F8 tal como en Windows Seven)


4.- Cerrar la interfaz de línea de comandos y reiniciar el ordenador.

5.- Como en Windows 7 al comienzo, presionar la tecla F8 para entrar a Modo Seguro a prueba de fallos.

Prueba si de ese modo se te cuelga, o te permite realizar alguna acción.

Si el ordenador esta mas fluido ejecuta FRST nuevamente y traes un reporte fresco, que es necesario eliminar lo que aun tienes en ese ordenador, si no puedes vienes y lo comentas no dejes pasar tanto tiempo.

Salu2

#24

Hola, intenté 3 veces iniciar en el modo seguro desde lo que me dijiste y con f8 no entro , probé por otro lado desde una página de Windows pero me pidió la contraseña y no me la reconoció … si quiero acceder a una carpeta no me deja … no prendo la pc hasta que tengo un rato a la noche pero ahora se me hizo tarde y seguiré Maná a a ver si vuelvo a intentar porque pierdo mucho tiempo y no avanzo con nada … se que me lo pediste hace mucho tiempo pero el tiempo que le dedico son 2 o 3 horas exclusivamente y no estoy avanzando … abrir una carpeta me pone la mano y no abre , quise descargar el FRST y me abre la página me mostró que la iba a descargar pero no lo hizo … mañana veo de nuevo … gracias

#25

Hola @Carolina_Saggio

Hola:

No se entiende que método intentaste utilizar para entrar a Modo Seguro.

Intenta de la siguiente manera:

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

Solo intenta entrar, prueba como va el Sistema, si te pide contraseña será la misma que para tu cuenta.

Luego vienes y lo comentas para darte pasos a seguir.

Salu2

#26

Buenas noches SAN, hoy no se pero la pc nduvo mejor y pude ejecutar el FRST, y te lo dejo … aviso que solo lo ejecute, y pego los reportes …


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Caro (administrator) on LENOVO-PC (21-03-2019 22:59:22)
Running from C:\Users\Caro\Downloads
Loaded Profiles: Caro &  (Available Profiles: Caro)
Platform: Windows 10 Home Single Language Version 1803 17134.648 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Panda Security S.L -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(LENOVO -> LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
(Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Windows -> Microsoft Corporation) C:\Config.Msi\9a2fecc.rbf
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(LENOVO -> ) C:\Program Files\Lenovo\iMController\AutoUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(LENOVO -> ) C:\Program Files\Lenovo\iMController\LegacyFeatures.exe
(LENOVO -> ) C:\Program Files\Lenovo\iMController\PluginCommunication.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MpCmdRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Fortemedia Inc. -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\3.42.7\LogiOptionsMgr.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Box, Inc. -> ) C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-230baff8.exe
() [File not signed] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\43194FD4-B49C-461E-A887-B91E75B48D03\MpSigStub.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5060864 2015-11-11] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo (Beijing) Limited -> Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [8235848 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1553528 2015-11-13] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-11-11] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5968600 2018-11-30] (Box, Inc. -> Box, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [153296 2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223047748\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223049002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46504696 2018-12-07] (Google Inc -> )
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46504696 2018-12-07] (Google Inc -> )
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2386384 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1587680 2018-12-12] (Google Inc -> Google Inc.)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\RunOnce: [Application Restart #4] => C:\Windows\RTFTrack.exe [5060864 2015-11-11] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-27] (Google Inc -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{447344c8-26eb-42e9-b091-d3e108ad6180}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{d8f4dff3-7823-4d7c-ae85-8e67426a664c}: [DhcpNameServer] 200.42.4.199 200.49.130.41 200.49.130.41

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

Edge: 
======
Edge Session Restore: HKU\S-1-5-21-4145286444-108475074-2886558672-1009 -> is enabled.
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.14.0_neutral__d55gg7py3s0m0 [2019-03-15]
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.9.0.0_neutral__c1wakc4j0nefm [2019-03-01]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-26] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-26] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-4145286444-108475074-2886558672-1009: SkypeForBusinessPlugin-16.2 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4145286444-108475074-2886558672-1009: SkypeForBusinessPlugin64-16.2 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi-x64.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082: SkypeForBusinessPlugin-16.2 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082: SkypeForBusinessPlugin64-16.2 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi-x64.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default [2019-03-21]
CHR Extension: (Presentaciones) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (File Converter) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk [2017-03-30]
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2019-02-14]
CHR Extension: (Documentos) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2019-03-21]
CHR Extension: (YouTube) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-28]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-03-13]
CHR Extension: (PDF to Word Converter - PDF Online) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\eombmhnnhbilmgdkbkeccclcadjffgjd [2017-03-30]
CHR Extension: (Hojas de cálculo) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Word Online) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2017-03-30]
CHR Extension: (PDF to Word Doc Converter) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjhedcdiaeighcnidfhegnmfieiejmdj [2017-03-30]
CHR Extension: (Favoritos de iCloud) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-10-10]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (AdBlock) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-26]
CHR Extension: (Bloqueador de anuncios para Youtube ™) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2019-01-09]
CHR Extension: (Video Ads Blocker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijelnahiojlfbmiihbmgkaldffppfelp [2019-01-19]
CHR Extension: (Excel Online) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2017-03-30]
CHR Extension: (Save to Facebook) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2018-01-02]
CHR Extension: (Hangouts de Google) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2019-03-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-21]
CHR Extension: (Hangouts de Google) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2019-03-06]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (uBlock Plus Adblocker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijekkjcicg [2019-01-19]
CHR Extension: (Outlook.com) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2017-03-30]
CHR Extension: (Gmail) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-28]
CHR Extension: (Chrome Media Router) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-27]
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Caro\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-03-21]
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Caro\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-03-21]
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36688 2018-11-30] (Box, Inc. -> Box, Inc.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] (Lenovo (Beijing) Limited -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-06] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel(R) pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO -> LENOVO INCORPORATED.)
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-11-08] (Panda Security S.L. -> Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-19] (AnchorFree Inc -> )
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security S.L -> Panda Security, S.L.)
S2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-25] (PointGrab Ltd -> PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-25] (PointGrab Ltd -> PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> )
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [33224 2016-04-15] (LENOVO -> SHAREit Technologies Co.Ltd)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-09-06] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
S2 0134591532030241mcinstcleanup; C:\WINDOWS\TEMP\013459~1.EXE -cleanup -nolog [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-03-10] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-03-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-03-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-03-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [108000 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211936 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [121312 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [126432 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [99512 2017-09-26] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [118240 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [91616 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135648 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [336352 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [249312 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123360 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [281056 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [125920 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [191448 2017-11-08] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [153992 2018-01-22] (Panda Security S.L. -> Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207248 2018-01-30] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [146912 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [159200 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [129504 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72648 2017-05-22] (Panda Security S.L. -> Panda Security, S.L.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-11-11] (Realtek Semiconductor Corp -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [600832 2015-08-29] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-06-15] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-11-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2018-04-11] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-11] (Synaptics Incorporated -> Synaptics Incorporated)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
S1 ZmQ1OTY5NzQ2MmViZjA0; \??\C:\WINDOWS\system32\drivers\ZmQ1OTY5NzQ2MmViZjA0 [X]

==================== NetSvcs (Whitelisted) ===================


en el otro te dejo el adittion -

#27

2 parte FRST


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-21 22:59 - 2019-03-21 22:59 - 000000000 ____D C:\Users\Caro\Downloads\FRST-OlderVersion
2019-03-21 22:31 - 2019-03-21 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-03-20 01:42 - 2019-03-20 01:42 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-20 01:42 - 2019-03-20 01:42 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-03-20 01:42 - 2019-03-20 01:42 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-03-20 01:42 - 2019-03-20 01:42 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-03-20 01:13 - 2019-03-20 01:25 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-03-20 01:12 - 2019-03-20 01:26 - 000504098 _____ C:\WINDOWS\ntbtlog.txt
2019-03-19 16:48 - 2019-03-19 16:48 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-03-19 16:48 - 2019-03-19 16:48 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-03-19 16:48 - 2019-03-19 16:48 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-03-19 16:48 - 2019-03-19 16:48 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-03-19 00:57 - 2019-03-19 00:57 - 000002591 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002550 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002542 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-03-16 03:11 - 2019-03-16 03:11 - 000000000 ____D C:\Users\Caro\AppData\Local\OneDrive
2019-03-16 01:50 - 2019-03-16 01:50 - 000797760 _____ C:\Users\Caro\Downloads\delfix (3).exe
2019-03-16 01:50 - 2019-03-16 01:50 - 000797760 _____ C:\Users\Caro\Downloads\delfix (2).exe
2019-03-15 01:05 - 2019-03-15 01:05 - 000000000 ____D C:\WINDOWS\ERUNT
2019-03-15 00:54 - 2019-03-15 01:02 - 000797760 _____ C:\Users\Caro\Downloads\delfix.exe
2019-03-13 23:11 - 2019-03-13 23:11 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-03-13 23:11 - 2019-03-13 23:11 - 000002874 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-03-13 23:11 - 2019-03-13 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-03-13 23:11 - 2019-03-13 23:11 - 000000000 ____D C:\Program Files\CCleaner
2019-03-13 23:10 - 2019-03-13 23:11 - 021205512 _____ (Piriform Software Ltd) C:\Users\Caro\Downloads\ccsetup555.exe
2019-03-13 00:05 - 2019-03-13 00:05 - 010607000 _____ (McAfee, Inc.) C:\Users\Caro\Downloads\MCPR.exe
2019-03-12 23:26 - 2019-03-06 12:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-12 23:26 - 2019-03-06 12:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-12 23:26 - 2019-03-06 12:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-12 23:26 - 2019-03-06 12:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-12 23:26 - 2019-03-06 12:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-12 23:26 - 2019-03-06 12:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-12 23:26 - 2019-03-06 12:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-12 23:26 - 2019-03-06 12:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-12 23:26 - 2019-03-06 09:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-12 23:26 - 2019-03-06 09:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-12 23:26 - 2019-03-06 09:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-12 23:26 - 2019-03-06 06:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-12 23:26 - 2019-03-06 06:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-12 23:26 - 2019-03-06 06:16 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-12 23:26 - 2019-03-06 06:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-12 23:26 - 2019-03-06 06:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-12 23:26 - 2019-03-06 06:07 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-12 23:26 - 2019-03-06 06:07 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-12 23:26 - 2019-03-06 06:06 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-12 23:26 - 2019-03-06 06:04 - 002765856 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-12 23:26 - 2019-03-06 06:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-12 23:26 - 2019-03-06 06:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-12 23:26 - 2019-03-06 06:03 - 002719544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-12 23:26 - 2019-03-06 06:03 - 002465784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-12 23:26 - 2019-03-06 06:02 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-12 23:26 - 2019-03-06 06:02 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-12 23:26 - 2019-03-06 05:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-12 23:26 - 2019-03-06 05:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-12 23:26 - 2019-03-06 05:36 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-12 23:26 - 2019-03-06 05:34 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-12 23:26 - 2019-03-06 05:32 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-12 23:26 - 2019-03-06 05:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-12 23:26 - 2019-03-06 05:29 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-12 23:26 - 2019-03-06 05:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-12 23:26 - 2019-03-06 05:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-12 23:26 - 2019-03-06 05:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-12 23:26 - 2019-03-06 05:27 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-12 23:26 - 2019-03-06 05:27 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-12 23:26 - 2019-03-06 05:27 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-12 23:26 - 2019-03-06 03:17 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-12 23:26 - 2019-03-06 03:15 - 002253488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-12 23:26 - 2019-03-06 03:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-12 23:26 - 2019-03-06 03:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-12 23:26 - 2019-03-06 03:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-12 23:26 - 2019-03-06 03:05 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-12 23:26 - 2019-03-06 02:56 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-12 23:26 - 2019-03-06 02:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-12 23:26 - 2019-03-06 02:53 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-12 23:26 - 2019-03-06 02:52 - 005790720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-12 23:26 - 2019-03-06 02:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-12 23:26 - 2019-03-06 02:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-12 23:26 - 2019-03-06 02:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-12 23:26 - 2019-03-06 02:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-12 23:26 - 2019-03-06 02:48 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-12 23:26 - 2019-03-06 02:48 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-12 23:26 - 2019-02-21 00:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-12 23:26 - 2019-02-16 10:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-12 23:26 - 2019-02-16 09:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-12 23:26 - 2019-02-16 09:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-12 23:26 - 2019-02-16 09:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-12 23:26 - 2019-02-16 09:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-12 23:26 - 2019-02-16 09:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-12 23:26 - 2019-02-16 09:32 - 003646976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-03-12 23:26 - 2019-02-16 09:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-12 23:26 - 2019-02-16 09:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-12 23:26 - 2019-02-16 09:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-12 23:26 - 2019-02-16 09:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-12 23:26 - 2019-02-16 09:06 - 002890752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-03-12 23:26 - 2019-02-16 09:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-12 23:26 - 2019-02-16 07:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-12 23:26 - 2019-02-16 07:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-12 23:26 - 2019-02-16 05:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-12 23:26 - 2019-02-16 05:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-12 23:26 - 2019-02-16 05:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-12 23:26 - 2019-02-16 05:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-12 23:26 - 2019-02-16 05:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-12 23:26 - 2019-02-16 05:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-12 23:26 - 2019-02-16 05:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-12 23:26 - 2019-02-16 05:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-12 23:26 - 2019-02-16 05:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-12 23:26 - 2019-02-16 05:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-12 23:26 - 2019-02-16 05:01 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-12 23:26 - 2019-02-16 05:01 - 000735464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-12 23:26 - 2019-02-16 05:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-12 23:26 - 2019-02-16 05:01 - 000480840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-12 23:26 - 2019-02-16 04:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-12 23:26 - 2019-02-16 04:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-12 23:26 - 2019-02-16 04:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-12 23:26 - 2019-02-16 04:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-12 23:26 - 2019-02-16 04:50 - 001171336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-12 23:26 - 2019-02-16 04:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-12 23:26 - 2019-02-16 04:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-12 23:26 - 2019-02-16 04:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-12 23:26 - 2019-02-16 04:36 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-03-12 23:26 - 2019-02-16 04:35 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-12 23:26 - 2019-02-16 04:35 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-12 23:26 - 2019-02-16 04:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-12 23:26 - 2019-02-16 04:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-12 23:26 - 2019-02-16 04:33 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-03-12 23:26 - 2019-02-16 04:32 - 002969088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-12 23:26 - 2019-02-16 04:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-12 23:26 - 2019-02-16 04:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-12 23:26 - 2019-02-16 04:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-12 23:26 - 2019-02-16 04:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-12 23:26 - 2019-02-16 04:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-12 23:26 - 2019-02-16 04:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-12 23:26 - 2019-02-16 04:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-12 23:26 - 2019-02-16 04:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-12 23:26 - 2019-02-16 04:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-12 23:26 - 2019-02-16 04:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-12 23:26 - 2019-02-16 04:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-12 23:26 - 2019-02-16 04:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-12 23:25 - 2019-03-06 12:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-12 23:25 - 2019-03-06 12:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-12 23:25 - 2019-03-06 12:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-12 23:25 - 2019-03-06 12:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-12 23:25 - 2019-03-06 12:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-12 23:25 - 2019-03-06 12:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-12 23:25 - 2019-03-06 12:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-12 23:25 - 2019-03-06 12:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-12 23:25 - 2019-03-06 09:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-12 23:25 - 2019-03-06 09:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-12 23:25 - 2019-03-06 09:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-12 23:25 - 2019-03-06 09:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-12 23:25 - 2019-03-06 09:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-12 23:25 - 2019-03-06 09:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-12 23:25 - 2019-03-06 08:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-12 23:25 - 2019-03-06 06:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-12 23:25 - 2019-03-06 06:16 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-12 23:25 - 2019-03-06 06:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-12 23:25 - 2019-03-06 06:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-12 23:25 - 2019-03-06 06:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-12 23:25 - 2019-03-06 06:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-12 23:25 - 2019-03-06 06:06 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-03-12 23:25 - 2019-03-06 06:06 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-03-12 23:25 - 2019-03-06 06:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-12 23:25 - 2019-03-06 06:05 - 000436240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-12 23:25 - 2019-03-06 06:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-12 23:25 - 2019-03-06 06:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-12 23:25 - 2019-03-06 06:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-12 23:25 - 2019-03-06 06:03 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-03-12 23:25 - 2019-03-06 06:03 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-12 23:25 - 2019-03-06 06:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-12 23:25 - 2019-03-06 06:02 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-12 23:25 - 2019-03-06 06:02 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-12 23:25 - 2019-03-06 06:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-12 23:25 - 2019-03-06 05:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-12 23:25 - 2019-03-06 05:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-12 23:25 - 2019-03-06 05:32 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-12 23:25 - 2019-03-06 05:31 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-12 23:25 - 2019-03-06 05:31 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-12 23:25 - 2019-03-06 05:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-12 23:25 - 2019-03-06 05:31 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-03-12 23:25 - 2019-03-06 05:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-12 23:25 - 2019-03-06 05:31 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-03-12 23:25 - 2019-03-06 05:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-12 23:25 - 2019-03-06 05:27 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-12 23:25 - 2019-03-06 05:26 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-12 23:25 - 2019-03-06 05:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-12 23:25 - 2019-03-06 05:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-12 23:25 - 2019-03-06 05:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-12 23:25 - 2019-03-06 04:08 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-03-12 23:25 - 2019-03-06 03:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-12 23:25 - 2019-03-06 03:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-12 23:25 - 2019-03-06 03:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-12 23:25 - 2019-03-06 03:14 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-12 23:25 - 2019-03-06 03:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-12 23:25 - 2019-03-06 02:52 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-12 23:25 - 2019-03-06 02:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-12 23:25 - 2019-03-06 02:51 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-12 23:25 - 2019-03-06 02:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-12 23:25 - 2019-03-06 02:50 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-12 23:25 - 2019-03-06 02:49 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-12 23:25 - 2019-03-06 02:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-03-12 23:25 - 2019-02-16 10:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-12 23:25 - 2019-02-16 09:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-12 23:25 - 2019-02-16 09:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-12 23:25 - 2019-02-16 09:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-12 23:25 - 2019-02-16 09:36 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-03-12 23:25 - 2019-02-16 09:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-12 23:25 - 2019-02-16 09:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-12 23:25 - 2019-02-16 09:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-12 23:25 - 2019-02-16 09:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-12 23:25 - 2019-02-16 09:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-12 23:25 - 2019-02-16 09:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-12 23:25 - 2019-02-16 09:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-12 23:25 - 2019-02-16 09:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-12 23:25 - 2019-02-16 09:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-12 23:25 - 2019-02-16 09:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-12 23:25 - 2019-02-16 09:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-12 23:25 - 2019-02-16 09:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-12 23:25 - 2019-02-16 09:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-12 23:25 - 2019-02-16 09:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-12 23:25 - 2019-02-16 09:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-12 23:25 - 2019-02-16 05:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-12 23:25 - 2019-02-16 05:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-12 23:25 - 2019-02-16 05:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-12 23:25 - 2019-02-16 05:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-12 23:25 - 2019-02-16 05:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-12 23:25 - 2019-02-16 05:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-12 23:25 - 2019-02-16 05:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-12 23:25 - 2019-02-16 05:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-12 23:25 - 2019-02-16 04:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-12 23:25 - 2019-02-16 04:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-12 23:25 - 2019-02-16 04:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-12 23:25 - 2019-02-16 04:50 - 000560384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-03-12 23:25 - 2019-02-16 04:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-12 23:25 - 2019-02-16 04:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-03-12 23:25 - 2019-02-16 04:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-03-12 23:25 - 2019-02-16 04:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-12 23:25 - 2019-02-16 04:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-12 23:25 - 2019-02-16 04:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-12 23:25 - 2019-02-16 04:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-03-12 23:25 - 2019-02-16 04:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-12 23:25 - 2019-02-16 04:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-12 23:25 - 2019-02-16 04:31 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-12 23:25 - 2019-02-16 04:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-12 23:25 - 2019-02-16 04:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-12 23:25 - 2019-02-16 04:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-12 23:25 - 2019-02-16 04:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-12 23:25 - 2019-02-16 04:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-12 23:25 - 2019-02-16 04:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-12 23:25 - 2019-02-16 04:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-12 23:25 - 2019-02-16 04:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-03-11 23:28 - 2019-03-11 23:31 - 000085630 _____ C:\Users\Caro\Downloads\Addition.txt
2019-03-11 23:26 - 2019-03-21 23:01 - 000046792 _____ C:\Users\Caro\Downloads\FRST.txt
2019-03-11 23:25 - 2019-03-21 22:59 - 000000000 ____D C:\FRST
2019-03-11 23:24 - 2019-03-21 22:59 - 002434048 _____ (Farbar) C:\Users\Caro\Downloads\FRST64.exe
2019-03-11 16:19 - 2019-03-11 16:19 - 000001752 _____ C:\Users\Caro\Downloads\marzo11 malware.txt
2019-03-10 23:13 - 2019-03-10 23:13 - 019384632 _____ (Piriform Software Ltd) C:\Users\Caro\Downloads\ccsetup553.exe
2019-03-10 20:25 - 2019-03-10 21:00 - 000000000 ____D C:\Users\Caro\AppData\Roaming\ZHP
2019-03-10 20:25 - 2019-03-10 20:25 - 000000000 ____D C:\Users\Caro\AppData\Local\ZHP
2019-03-10 20:21 - 2019-03-10 20:21 - 003321728 _____ C:\Users\Caro\Downloads\ZHPCleaner.exe
2019-03-10 20:16 - 2019-03-10 20:16 - 007316688 _____ (Malwarebytes) C:\Users\Caro\Downloads\adwcleaner_7.2.7.0 (1).exe
2019-03-10 19:35 - 2019-03-10 19:37 - 000000000 ____D C:\AdwCleaner
2019-03-10 19:33 - 2019-03-10 19:34 - 007316688 _____ (Malwarebytes) C:\Users\Caro\Downloads\adwcleaner_7.2.7.0.exe
2019-03-10 19:08 - 2019-03-10 19:08 - 000042734 _____ C:\Users\Caro\Downloads\marzo10Malware.txt
2019-03-10 18:07 - 2019-03-10 18:07 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-03-10 18:07 - 2019-03-10 18:07 - 000000000 ____D C:\Users\Caro\AppData\Local\mbam
2019-03-10 18:06 - 2019-03-10 18:06 - 000000000 ____D C:\Users\Caro\AppData\Local\mbamtray
2019-03-10 18:05 - 2019-03-10 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-10 18:05 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-10 18:05 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-10 18:01 - 2019-03-10 18:01 - 062400056 _____ (Malwarebytes ) C:\Users\Caro\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9618.exe
2019-03-07 22:54 - 2019-03-07 22:54 - 000000012 _____ C:\Users\Caro\setup_01.ini

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-21 22:57 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-21 22:57 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-21 22:54 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-21 22:48 - 2018-05-29 02:41 - 000004204 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C6F4BD55-6BCC-4B51-BBE7-346301359930}
2019-03-21 22:45 - 2016-04-28 01:30 - 000000000 ___RD C:\Users\Caro\Google Drive
2019-03-21 22:41 - 2016-01-25 23:32 - 000000000 ___RD C:\Users\Caro\Dropbox
2019-03-21 22:39 - 2016-11-03 14:16 - 000000000 ___RD C:\Users\Caro\iCloudDrive
2019-03-21 22:36 - 2018-11-16 22:28 - 000000000 ____D C:\Program Files\rempl
2019-03-21 22:33 - 2016-01-25 23:20 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-03-21 22:26 - 2017-06-02 15:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-21 22:26 - 2016-01-25 15:01 - 000000000 __SHD C:\Users\Caro\IntelGraphicsProfiles
2019-03-20 01:42 - 2016-08-22 22:09 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-20 01:41 - 2018-05-29 02:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-20 01:41 - 2018-04-11 18:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2019-03-20 01:07 - 2018-05-29 02:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-19 00:55 - 2015-08-15 06:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-03-19 00:50 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-16 01:58 - 2017-03-29 22:53 - 000000240 _____ C:\DelFix.txt
2019-03-15 01:28 - 2016-01-25 15:03 - 000000000 ___RD C:\Users\Caro\OneDrive
2019-03-14 00:08 - 2018-07-26 22:05 - 000000000 ____D C:\Users\Caro\AppData\Local\GoToMeeting
2019-03-13 00:52 - 2018-05-29 02:26 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-13 00:52 - 2018-04-12 13:18 - 000787744 _____ C:\WINDOWS\system32\perfh00A.dat
2019-03-13 00:52 - 2018-04-12 13:18 - 000155340 _____ C:\WINDOWS\system32\perfc00A.dat
2019-03-13 00:47 - 2018-05-29 02:06 - 000464120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-13 00:11 - 2018-05-29 02:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-03-13 00:10 - 2018-04-11 18:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-13 00:09 - 2016-01-25 23:37 - 000000000 ____D C:\Users\Caro\AppData\Roaming\Skype
2019-03-12 23:44 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-11 02:12 - 2018-05-20 14:45 - 000000000 ___DC C:\WINDOWS\Panther
2019-03-11 02:12 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-03-10 18:54 - 2018-07-26 22:05 - 000000648 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009.job
2019-03-10 18:54 - 2018-07-26 22:05 - 000000552 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009.job
2019-03-10 18:53 - 2018-05-29 02:14 - 000000000 ____D C:\Users\Caro
2019-03-10 18:05 - 2018-04-11 20:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-09 01:45 - 2018-07-26 22:05 - 000003802 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009
2019-03-09 01:45 - 2018-07-26 22:05 - 000003706 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009
2019-03-07 23:28 - 2017-12-15 02:08 - 000000000 ____D C:\Users\Caro\AppData\Local\PlaceholderTileLogoFolder
2019-03-07 23:28 - 2017-12-01 14:57 - 000000000 ____D C:\Users\Caro\AppData\Local\Packages
2019-03-07 23:08 - 2015-11-10 23:51 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-07 22:56 - 2016-01-25 23:20 - 000000966 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-03-07 22:56 - 2016-01-25 23:20 - 000000962 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-03-07 22:16 - 2016-05-16 23:47 - 000000000 ____D C:\Users\Caro\AppData\Local\ElevatedDiagnostics
2019-03-06 20:12 - 2018-05-29 02:14 - 000002445 _____ C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-03 13:54 - 2018-12-03 00:56 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-03 13:54 - 2018-12-03 00:56 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-23 23:35 - 2018-02-27 00:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories =======

2016-10-24 20:07 - 2016-11-24 15:21 - 000000033 _____ () C:\Users\Caro\AppData\Roaming\AdobeWLCMCache.dat
2019-02-10 04:54 - 2019-02-10 04:54 - 006161408 _____ () C:\Users\Caro\AppData\Local\dump007.dat
2018-10-05 22:20 - 2018-10-05 22:20 - 000000000 _____ () C:\Users\Caro\AppData\Local\oobelibMkey.log
2019-02-10 03:49 - 2019-02-10 03:49 - 000000003 _____ () C:\Users\Caro\AppData\Local\wbem.ini

Some zero byte size files/folders:
==========================
C:\Windows\System32\mysqld.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-29 02:06

==================== End of FRST.txt ============================
#28

El adition


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Caro (21-03-2019 23:02:34)
Running from C:\Users\Caro\Downloads
Windows 10 Home Single Language Version 1803 17134.648 (X64) (2018-05-29 05:43:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4145286444-108475074-2886558672-500 - Administrator - Disabled)
Caro (S-1-5-21-4145286444-108475074-2886558672-1009 - Administrator - Enabled) => C:\Users\Caro
DefaultAccount (S-1-5-21-4145286444-108475074-2886558672-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4145286444-108475074-2886558672-1005 - Limited - Enabled)
Invitado (S-1-5-21-4145286444-108475074-2886558672-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4145286444-108475074-2886558672-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Dome (Disabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Dome (Disabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Actualización de NVIDIA 11.10.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 11.10.11 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015.3 (HKLM-x32\...\ILST_20_1_0) (Version: 20.1.0 - Adobe Systems Incorporated)
Adobe Lightroom CC (HKLM-x32\...\LRCC_1_0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Apple Application Support (32 bits) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{CD5CB679-159B-4E4C-B847-B29B492D106E}) (Version: 4.0.7929.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{ee10352e-1caf-4132-add1-3809a8ea6d43}) (Version: 4.0.7929.0 - Box Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4505 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM-x32\...\{1D2682EA-75DD-44B6-BF2D-CD3C49EAD012}) (Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 69.4.102 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.23 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.23 - Lenovo)
Enterprise Architect (HKLM-x32\...\{71A2AAC1-8DB5-40B4-AEF5-99C23238D37C}) (Version: 12.0.1210.14 - Sparx Systems)
Express Scribe, software para transcripciones (HKLM-x32\...\Scribe) (Version: 6.02 - NCH Software)
Gear IconX (HKLM-x32\...\Gear IconX) (Version: 2.0.170927.51 - Samsung Electronics Co, Ltd.)
GeForce Experience NvStream Client Components (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC) (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{0FC4261B-F502-48B3-B1CF-60021C8F7D22}) (Version: 1.0.481 - LogMeIn, Inc.)
GoToMeeting 8.40.1.12023 (HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\GoToMeeting) (Version: 8.40.1.12023 - LogMeIn, Inc.)
GoToMeeting 8.40.1.12023 (HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\GoToMeeting) (Version: 8.40.1.12023 - LogMeIn, Inc.)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
iTunes (HKLM\...\{514BCD3A-B38B-4835-8B8C-69DA8C48A7A7}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Lenovo App Services (HKLM\...\Lenovo App Services) (Version: 0.200.8.268 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10279 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Motion Control (HKLM-x32\...\{A60E1DE0-2AD1-4BD3-BBCC-4FBB22FB6F85}) (Version: 2.5.1.0225 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A60E1DE0-2AD1-4BD3-BBCC-4FBB22FB6F85}) (Version: 2.5.1.0225 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.5.2624.01 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.5.2624.01 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\cbe8636f7dd0cf1d) (Version: 1.6.2.0 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\cbe8636f7dd0cf1d) (Version: 1.6.2.0 - Lenovo)
Lenovo Settings (HKLM-x32\...\{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.52 - Nombre de su organización) Hidden
Lenovo Settings (HKLM-x32\...\InstallShield_{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.52 - Nombre de su organización)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Manuales de usuario (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11328.20158 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Project Profesional 2016 - es-es (HKLM\...\ProjectProRetail - es-es) (Version: 16.0.11328.20158 - Microsoft Corporation)
Microsoft Visio Profesional 2016 - es-es (HKLM\...\VisioProRetail - es-es) (Version: 16.0.11328.20158 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MySQL Workbench 6.2 CE (HKLM\...\{82D50D82-CAF2-4ABA-8BB7-090668162290}) (Version: 6.2.5 - Oracle Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Dome (HKLM\...\{DC22166B-6F26-4E2E-BFDE-CC3578246940}) (Version: 9.14.00 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.6.0 - Panda Security)
Panel de control de NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden
Paquete de controladores de Windows - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Paquete de controladores de Windows - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Polar FlowSync versión 2.6.2 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.6.2 - Polar Electro Oy)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.810.810.031214 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0251 - REALTEK Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.62.0 - Samsung Electronics Co., Ltd.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Meetings App (HKLM-x32\...\{D20CE315-AC32-4B25-AB3A-7112A9AB6FC3}) (Version: 16.2.0.232 - Microsoft Corporation)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.5 - Synaptics Incorporated)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.3.6 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
x86_64-5.3.0-win32-seh-rt_v4-rev0 (HKLM-x32\...\x86_64-5.3.0-win32-seh-rt_v4-rev0) (Version:  - MinGW-W64)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082_Classes\CLSID\{4A8FCD9F-623C-4283-96F0-10F41846A98A} -> [Box Sync] => C:\Users\Caro\Box Sync [2019-02-10 03:08]
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Caro\AppData\Local\GoToMeeting\8953\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Caro\Dropbox [2016-01-25 23:32]
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{4A8FCD9F-623C-4283-96F0-10F41846A98A} -> [Box Sync] => C:\Users\Caro\Box Sync [2019-02-10 03:08]
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Caro\AppData\Local\GoToMeeting\8953\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Caro\Dropbox [2016-01-25 23:32]
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {06395f73-8d75-3c47-ac2f-93524a83ce03} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {072d2f45-ddf0-35bd-a911-38b853695def} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {88092007-0d01-3d32-a4b4-56f7e19a1c49} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {507a0531-fd10-3efc-8eb8-64e35606e542} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {b9b9e487-7684-373f-a7a2-6b04c8d772a8} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Caro\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] () [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [BoxContextMenuClient] -> {53792c99-3144-3699-8968-fa4278ad3c1e} => C:\Program Files\Box\Box Sync\ContextMenuClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-09-28] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-09-28] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Caro\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] () [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [BoxContextMenuClient] -> {53792c99-3144-3699-8968-fa4278ad3c1e} => C:\Program Files\Box\Box Sync\ContextMenuClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AA759FD-BA06-4A91-BB1E-60F13DAAFB0E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {14FFCA24-7FEB-4F0F-BE4A-A2E06176D3CE} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.207\DADUpdater.exe
Task: {1BBE00ED-04AD-4878-B989-60536A431F13} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {1C8BBC1E-06BD-4516-A0EF-1C93F300DC78} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe (LENOVO -> Lenovo)
Task: {34FEBD07-6327-4947-866D-478F20A5902D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {426AAB97-E52F-44AC-98F1-FC6A0C0E3A2D} - System32\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009 => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupdate.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {5E1F9D01-1F53-47CF-89E6-303C4E5107EC} - no filepath
Task: {60EB643C-FC26-490A-82D7-D8C35F5C2092} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {64FE9004-F9C3-468E-B3E2-EEDA063BA8B6} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {705E20AC-120B-4781-9EE0-8C034F946EB9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {7322D75D-291D-45CD-89F8-90BB56E8BCEC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7AF5003E-30F5-417A-9C94-CF8FF376811C} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {7B6E4235-0635-492B-B326-49A4F07F9BA2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7F2AAA77-8FD0-47BA-AFF8-BC57991DE983} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe (LENOVO -> )
Task: {848EBB28-3284-42CC-B4CF-FE6ECBCC8A09} - System32\Tasks\S-1-5-21-4145286444-108475074-2886558672-1009\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {85C4818D-D1EA-4DB9-B38B-BF99FC2662E3} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {87D3C943-57A6-456B-BA90-C35347BDA291} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (Apple Inc. -> Apple Inc.)
Task: {89E7CAFD-A575-4D51-88EE-AD0248944799} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8C4298DB-5950-4E87-AC81-36679A0AF032} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9A494665-6B21-459D-8FB9-1EA33E33D8CC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9EA539CF-27FA-4BF9-80CE-39AA81FC8565} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {A0E5B763-191F-4993-BAC4-6AC8E87B314C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {A5F73776-FE31-4A83-BF0F-157BBC21DD20} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A62CF881-4D6D-4982-8555-70A5AF2542C1} - System32\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009 => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupload.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {A8095E53-C258-4B9F-AC53-55A50622B67D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A8893BE7-F8EA-4F68-AA71-446252EB2BD2} - no filepath
Task: {B28F0B91-51A5-41EE-929D-E6006CF09E17} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B8AFEEA4-E809-479B-8555-D02183ECA6F6} - no filepath
Task: {C9F89DD1-9386-4252-B170-9F1A1545F96F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (LENOVO -> Lenovo)
Task: {D4418613-62D2-4F8A-A184-6F817E43988D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D8821C90-531D-4E35-ACEE-59507E178A39} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DD38262D-46D1-482F-AEE7-A3D48F6BE8D0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {E2EDD6D7-C002-4E72-8BBB-A2BE69F2CC73} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F3710B49-BB7E-42C3-90B0-EAF0ED81859A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F84AE722-1E42-4351-B7BE-3DEF1499004C} - no filepath

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009.job => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009.job => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupload.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\{8931EFDE-73C7-49A3-B6A1-FA8FAF40E1E9}.job => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe
Task: C:\WINDOWS\Tasks\{C89190C7-347E-4BF6-B85D-E4DA12014C0C}.job => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Caro\Google Drive\Documentos_TRABAJO\TRABAJO2\info varias\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Caro\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Hangouts de Google (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Caro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Caro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->   --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->   --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->   --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2013-08-27 09:32 - 2013-08-27 09:32 - 000747520 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2017-02-10 00:58 - 2016-12-29 09:29 - 000339072 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_nvstapisvr64.dll
2016-10-18 17:46 - 2016-10-04 11:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-05-01 11:13 - 2016-11-14 00:11 - 000592384 _____ () [File not signed] C:\Users\Caro\AppData\Local\MEGAsync\ShellExtX64.dll
2019-03-13 02:54 - 2019-03-13 02:54 - 000931328 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\log4net\a3522e94efa5d07167dda06320db4e73\log4net.ni.dll
2019-03-21 22:37 - 2019-03-21 22:37 - 003042304 _____ (Python Software Foundation) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\python27.dll
2019-03-21 22:37 - 2019-03-21 22:37 - 000113664 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\_ctypes.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000080896 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\bz2.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 001792512 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\_hashlib.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000128512 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\win32api.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000137728 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\pywintypes27.dll
2019-03-21 22:37 - 2019-03-21 22:37 - 000548864 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\pythoncom27.dll
2019-03-21 22:37 - 2019-03-21 22:37 - 000689664 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\unicodedata.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000438784 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\win32com.shell.shell.pyd
2019-03-21 22:38 - 2019-03-21 22:38 - 001489408 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\wx._core_.pyd
2019-03-21 22:38 - 2019-03-21 22:38 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\wxbase30u_net_vc90_x64.dll
2019-03-21 22:38 - 2019-03-21 22:38 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\wxmsw30u_adv_vc90_x64.dll
2019-03-21 22:38 - 2019-03-21 22:38 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\wxbase30u_vc90_x64.dll
2019-03-21 22:38 - 2019-03-21 22:38 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\wxmsw30u_core_vc90_x64.dll
2019-03-21 22:38 - 2019-03-21 22:38 - 001007104 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\wx._gdi_.pyd
2019-03-21 22:38 - 2019-03-21 22:38 - 001039872 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\wx._windows_.pyd
2019-03-21 22:38 - 2019-03-21 22:38 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\wxmsw30u_html_vc90_x64.dll
2019-03-21 22:38 - 2019-03-21 22:38 - 001325056 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\wx._controls_.pyd
2019-03-21 22:38 - 2019-03-21 22:38 - 000916992 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\wx._misc_.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 001084416 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\pysqlite2._sqlite.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000149504 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\win32file.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000136192 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\win32security.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000007680 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\hashobjs_ext.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000020992 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\thumbnails_ext.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000118784 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\usb_ext.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000047616 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\_socket.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 002224640 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\_ssl.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000014848 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\common.time34.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000023040 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\win32event.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000034304 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\windows.conditional.pyd
2019-03-21 22:37 - 2019-03-21 22:38 - 000020480 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\windows.winwrap.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000110080 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\windows.volumes.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000223232 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\win32gui.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000173568 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\_elementtree.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000169472 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\pyexpat.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000048128 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\win32inet.pyd
2019-03-21 22:38 - 2019-03-21 22:38 - 000103424 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\wx._html2.pyd
2019-03-21 22:38 - 2019-03-21 22:38 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\wxmsw30u_webview_vc90_x64.dll
2019-03-21 22:37 - 2019-03-21 22:37 - 000046080 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\_psutil_windows.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000011776 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\win32crypt.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000301568 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\PIL._imaging.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000032256 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\_multiprocessing.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 005752320 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\cello.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000026112 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\_yappi.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000044032 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\win32process.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000027648 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\win32pipe.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000010752 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\select.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000029696 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\win32pdh.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000038400 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\windows.connectivity.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000073216 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\windows.device_monitor.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000020480 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\win32profile.pyd
2019-03-21 22:37 - 2019-03-21 22:37 - 000026624 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI93802\win32ts.pyd
2019-03-21 19:19 - 2019-03-21 22:52 - 000592616 _____ () [File not signed] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\43194FD4-B49C-461E-A887-B91E75B48D03\MpSigStub.exe
2013-08-27 08:57 - 2013-08-27 08:57 - 001199104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\CyberLink:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\Lenovo:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\Plantillas personalizadas de Office:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\WBS Schedule Pro:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

==================== Safe Mode (Whitelisted) ===================
#29

2 parte del adition


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2017-03-20 00:03 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2016-11-28 23:04 - 2018-07-29 19:18 - 000000504 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

2.168.137.25 LGSmartTV.mshome.net # 2017 11 1 27 1 38 23 420

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Lenovo\Motion Control\;C:\Users\Caro\Documents\Software\mysql-5.7.11-winx64\MySQL\bin;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223047748\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223049002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\Control Panel\Desktop\\Wallpaper -> C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\Control Panel\Desktop\\Wallpaper -> C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 200.42.4.199 - 200.49.130.41
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212019223050082\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{6445E2B3-C093-4CC7-BC58-BC2DA17CED42}C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2F2A4B23-3D83-4182-B9B1-2A3FB06E2BF3}C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8BE0E86-CEA7-452F-BC64-BEE87368C2FB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{14A8C27A-7CCA-409A-B7A8-48FB6D981D92}] => (Allow) LPort=5354
FirewallRules: [{4145152B-A374-4F0F-A876-39009026ED1F}] => (Allow) LPort=5354
FirewallRules: [{0674A708-5DEE-4861-A3BB-4BA272DB92A3}] => (Allow) LPort=5354
FirewallRules: [{27D6803F-4825-4B84-BDA6-4EE002D2DBC3}] => (Allow) LPort=5354
FirewallRules: [{DD97A0C5-8919-40FE-98A7-729325A92EF9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8F906C73-765C-4552-881F-43CB181783E9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{15036AA2-E78D-4364-9416-8D5A3D062637}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6DDA5088-8A04-46B3-B968-1CBA466AADB7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1EFA5A45-210F-4FA3-BC43-A97D2AECE0BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BBBDDB4B-CF12-4C1E-A4EB-2074D1B375A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EA093CDC-31F8-49D4-9655-1682E93C10DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7B6B033C-07C2-4858-95EB-2C591C697258}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{2D0273FB-A271-48EB-8F19-AA3E18D61678}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{7EB91165-18C1-48C1-AC9D-56ACA1478890}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{AC9DE88E-B852-4A2E-B7E9-3E4D8D925E82}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{110771D7-3E77-4252-A90B-E16779580AB6}] => (Allow) LPort=55100
FirewallRules: [{8CA91650-DBBE-4649-8970-B657B1E21C54}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe (Lenovo (Beijing) Limited -> Lenovo)
FirewallRules: [TCP Query User{12A3A7F4-6A6B-439C-AC71-836AED5B5305}C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe] => (Allow) C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe () [File not signed]
FirewallRules: [UDP Query User{93E4A2C4-8ABA-45CA-8E67-CD1B5C4CD218}C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe] => (Allow) C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe () [File not signed]
FirewallRules: [{7361BA51-FAA9-4046-9F08-83C7C7F4F7E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B9269BC9-5D5C-436C-B1C9-1AB24263A7B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C527C130-C338-401B-A37E-807FCF634468}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2CEF4505-F8EC-40BE-A8AF-FB3CA6F5D00D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B36AC524-C865-403D-B6CE-0A822332CB9B}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> SHAREit Technologies Co.Ltd)
FirewallRules: [{8128852A-27D9-436E-A5A8-694868766F70}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> SHAREit Technologies Co.Ltd)
FirewallRules: [{D695AC39-8CD1-4705-B275-F7D2208B81E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{6A5E8FDA-A157-4006-836B-22DF5300B1E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{4964FC4B-F48F-4934-9E84-65641CB9287D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{440E1684-EC4E-43DF-A50D-59B0BEFD88D7}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{F485ED72-1381-4C95-80C6-65E984914B0D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{8716827E-2E53-40C7-8E9C-4ECFE53D9A41}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B9D76EC6-5FB7-4A05-B6CF-9F284DE8200A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3654873E-FFB1-4473-919F-8FEC82C5E7CF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57E99ECD-02CA-4FDF-A583-3C1DB32AC343}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0B8475F2-E966-4E9F-9C15-D8E2EF3C7FC2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3E0EB971-9FA2-422B-B0BC-15898F2ADA81}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{75F9EDB9-69CB-4B63-A784-DCAE77C2B107}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AD90C594-2F9E-412E-87A3-9D49110727B6}] => (Allow) C:\Program Files (x86)\lXAYLUeDDfS.exe No File
FirewallRules: [{3AAFFCE5-D672-45B3-AAE9-051CE33B9229}] => (Allow) C:\Program Files (x86)\TZEA.exe No File
FirewallRules: [{C8926869-E834-4D9E-9C37-D1C7FAFE71B7}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{18700AA6-4DBC-4A43-9ABE-FF55893EF0F9}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7E76F635-6C83-420E-ADAE-E11120D984C6}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{309CACE3-3B76-46EE-B0EA-2A365358E90C}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4CC54563-AFF5-463D-81C8-EC36B85DD458}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{128B646B-C489-4EDB-B094-6197404FE9DE}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{088EAE30-D4C5-4F35-96DE-B719088158D6}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6007436F-1402-45A7-9FE8-F22AAFBDF9FF}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DCF01053-205A-4F1D-9EC6-752407EA8DFF}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{8C631CE0-CE04-49F1-9EA3-D8AECD40ABF8}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{95CCCDE5-F74D-4B30-9BF1-C2E0F5FD286A}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3110D8E8-9527-4D6C-B0B0-FE1DF3398503}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B78B9F83-6EE6-43B0-A035-5A8133EF4923}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{EF38372C-8C43-4A2D-95FE-00629357988D}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6BEA2E63-8DA2-470C-B9A0-AEABDF21B16A}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C27330F4-EFFF-407B-9A62-10D03790C2AB}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{3C580D35-09EF-4E4D-A47A-F50BD9DF2255}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{0CF69197-17C3-4F59-BAFC-1B94FB35C494}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{72796C39-C1BF-4979-AD4C-D88CA1707C01}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{D21DA473-B5EE-4DBB-9B9C-FF51A7D470EB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{2B6BC4E9-CEEF-4AA5-AF06-62B863C7144A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{C264845E-F511-4172-B9F5-85CADB7EA6C4}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{0594888D-C034-4CA2-9F5C-228EE1911F48}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{69299F49-8794-453F-9CC8-7472FD35B03D}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{98859968-459A-4920-84BB-683523FEAADF}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{CAADB3AE-6532-46E0-9EB8-7DBC56CEF31D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

01-03-2019 23:04:25 Windows Update
10-03-2019 19:31:16 Punto de control programado
21-03-2019 22:34:06 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2019 10:53:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x2acc
Hora de inicio de la aplicación con errores: 0x01d4e052195f4967
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: b92559e6-e84d-451f-b9b7-80698817d05b
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/21/2019 10:37:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x3e7c
Hora de inicio de la aplicación con errores: 0x01d4e04fbe8c175f
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: dcd6d7d5-bfc4-4327-880f-898455476bb3
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/21/2019 10:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x44a8
Hora de inicio de la aplicación con errores: 0x01d4e04fbd49d017
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: c3ef7c3f-efa5-4508-884c-0f07d48483d7
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/21/2019 10:31:46 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad

Error: (03/21/2019 10:31:46 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad

Error: (03/20/2019 01:55:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x4a6c
Hora de inicio de la aplicación con errores: 0x01d4ded92eeeb1a0
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: 1d26b98c-51b5-451f-9710-611178053222
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/20/2019 01:55:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x4a94
Hora de inicio de la aplicación con errores: 0x01d4ded92f42facd
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: d18a6c17-81d4-49de-ab5d-9d64a6e2c78b
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/20/2019 01:55:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa explorer.exe, versión 10.0.17134.165, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 2214

Hora de inicio: 01d4ded75153a317

Hora de finalización: 21

Ruta de la aplicación: C:\Windows\explorer.exe

Identificador de informe: 527626bd-ee99-41fd-a6d7-d809f01dd5d5

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:


System errors:
=============
Error: (03/21/2019 11:04:51 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/21/2019 11:02:51 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/21/2019 11:01:35 PM) (Source: DCOM) (EventID: 10016) (User: LENOVO-PC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 y APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 al usuario Lenovo-PC\Caro con SID (S-1-5-21-4145286444-108475074-2886558672-1009) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/21/2019 11:00:51 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/21/2019 10:58:51 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/21/2019 10:56:51 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/21/2019 10:54:51 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/21/2019 10:52:51 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} no se registró con DCOM dentro del tiempo de espera requerido.


Windows Defender:
===================================
Date: 2019-03-15 01:00:36.818
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {69B5F232-ED55-456A-8C5C-31591A175123}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-06 20:28:42.520
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/DealPly&threatid=194668&enterprise=0
Nombre: Adware:Win32/DealPly
Id.: 194668
Gravedad: Alta
Categoría: Adware
Ruta de acceso: file:_C:\Users\Caro\AppData\Local\Temp\ImagingEngine.dll\ic64.dll
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: Lenovo-PC\Caro
Nombre de proceso: C:\Users\Caro\AppData\Local\Temp\ImagingEngine.dll\z.exe
Versión de firma: AV: 1.289.589.0, AS: 1.289.589.0, NIS: 1.289.589.0
Versión de motor: AM: 1.1.15700.9, NIS: 1.1.15700.9

Date: 2019-02-10 04:08:59.813
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {F0E4D0A6-F5F2-40ED-9629-0B879E9F823F}
Tipo de examen: Antimalware
Parámetros de examen: Examen completo
Usuario: Lenovo-PC\Caro

Date: 2019-02-10 04:08:59.813
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Unwaders.C!ml&threatid=242874&enterprise=0
Nombre: Program:Win32/Unwaders.C!ml
Id.: 242874
Gravedad: Grave
Categoría: Software potencialmente no deseado
Ruta de acceso: file:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2C2AE1-C69C-40AD-8AAD-7F100C1BB380}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FB90BE6-E075-4EDB-892C-58E8AA462B5A}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA; service:_gupdate; service:_gupdatem; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Usuario
Usuario: Lenovo-PC\Caro
Nombre de proceso: Unknown
Versión de firma: AV: 1.285.1247.0, AS: 1.285.1247.0, NIS: 1.285.1247.0
Versión de motor: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-10 04:07:06.839
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Unwaders.C!ml&threatid=242874&enterprise=0
Nombre: Program:Win32/Unwaders.C!ml
Id.: 242874
Gravedad: Grave
Categoría: Software potencialmente no deseado
Ruta de acceso: file:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2C2AE1-C69C-40AD-8AAD-7F100C1BB380}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FB90BE6-E075-4EDB-892C-58E8AA462B5A}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA; service:_gupdate; service:_gupdatem; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de firma: AV: 1.285.1247.0, AS: 1.285.1247.0, NIS: 1.285.1247.0
Versión de motor: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-03-21 22:52:10.322
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.289.1599.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15800.1
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-03-20 01:26:46.374
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-03-20 01:13:32.204
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-03-10 17:26:27.748
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Supervisión de comportamiento
Código de error: 0x80508023
Descripción del error: El programa no encontró malware ni otro software potencialmente no deseado en este dispositivo. 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-02-18 00:53:46.415
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.285.1563.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15700.8
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2019-03-20 01:35:46.757
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-16 01:48:01.017
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-13 01:06:33.866
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-10 23:14:24.606
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-10 03:48:10.913
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-22 01:15:26.225
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-30 15:01:25.585
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-07 23:52:36.313
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 79%
Total physical RAM: 8104.27 MB
Available physical RAM: 1624.02 MB
Total Virtual: 16296.27 MB
Available Virtual: 8505.55 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:890.27 GB) (Free:650.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.33 GB) NTFS
Drive g: (CDROM) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

\\?\Volume{a952e48a-011d-491b-b9cc-10f42f2f561f}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.68 GB) NTFS
\\?\Volume{19b15c48-1489-4267-85aa-446ab421d461}\ (PBR_DRV) (Fixed) (Total:13.91 GB) (Free:3.08 GB) NTFS
\\?\Volume{edf34597-8577-491a-a98e-38b5a892180e}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 24332868)

Partition: GPT.

==================== End of Addition.txt ============================

Perdona mis tiempos, pero al ejecutar y no poder hacerlo me frustra y no se como hacerlo, hoy anduvo y aca estoy… te dejo saludos San. Que estes bien

#30

Hola:

No te frustres, esto a veces pasa.:roll_eyes:

Mientras analizo los reportes solo necesito que realices las pruebas del Modo Seguro tal como te pedí en mi anterior post.

Vienes y comentas.

Salu2.

#31

Hola San ,

Que tal , hice lo que me pediste de entrar a modo seguro… cuando me dejo entrar en modo de red me pidio la contraseña la cual la que yo recordaba jamas accedio … tuve que reiniciar mi contraseña de Hotmail a la que esta asociada mi cuenta con Windows. Cambie mi contraseña. Volvi a ingresar en modo seguro, esta vez si bien le solicirte el modo en red, no acceedio en modo de red. Asi que igual ejecute el FRST en ese modo. Y es lo que te pego


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Caro (administrator) on LENOVO-PC (23-03-2019 02:37:58)
Running from C:\Users\Caro\Downloads
Loaded Profiles: Caro (Available Profiles: Caro)
Platform: Windows 10 Home Single Language Version 1803 17134.648 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5060864 2015-11-11] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo (Beijing) Limited -> Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [8235848 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1553528 2015-11-13] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-11-11] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5968600 2018-11-30] (Box, Inc. -> Box, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [153296 2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46504696 2018-12-07] (Google Inc -> )
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-27] (Google Inc -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.42.4.199 200.49.130.41 200.49.130.41
Tcpip\..\Interfaces\{447344c8-26eb-42e9-b091-d3e108ad6180}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{d8f4dff3-7823-4d7c-ae85-8e67426a664c}: [DhcpNameServer] 200.42.4.199 200.49.130.41 200.49.130.41

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

Edge: 
======
Edge Session Restore: HKU\S-1-5-21-4145286444-108475074-2886558672-1009 -> is enabled.
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.14.0_neutral__d55gg7py3s0m0 [2019-03-15]
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.9.0.0_neutral__c1wakc4j0nefm [2019-03-01]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-26] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-26] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-4145286444-108475074-2886558672-1009: SkypeForBusinessPlugin-16.2 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4145286444-108475074-2886558672-1009: SkypeForBusinessPlugin64-16.2 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi-x64.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default [2019-03-22]
CHR Extension: (Presentaciones) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (File Converter) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk [2017-03-30]
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2019-02-14]
CHR Extension: (Documentos) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2019-03-21]
CHR Extension: (YouTube) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-28]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-03-13]
CHR Extension: (PDF to Word Converter - PDF Online) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\eombmhnnhbilmgdkbkeccclcadjffgjd [2017-03-30]
CHR Extension: (Hojas de cálculo) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Word Online) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2017-03-30]
CHR Extension: (PDF to Word Doc Converter) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjhedcdiaeighcnidfhegnmfieiejmdj [2017-03-30]
CHR Extension: (Favoritos de iCloud) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-10-10]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (AdBlock) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-26]
CHR Extension: (Bloqueador de anuncios para Youtube ™) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2019-01-09]
CHR Extension: (Video Ads Blocker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijelnahiojlfbmiihbmgkaldffppfelp [2019-01-19]
CHR Extension: (Excel Online) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2017-03-30]
CHR Extension: (Save to Facebook) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2018-01-02]
CHR Extension: (Hangouts de Google) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2019-03-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-21]
CHR Extension: (Hangouts de Google) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2019-03-06]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (uBlock Plus Adblocker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijekkjcicg [2019-01-19]
CHR Extension: (Outlook.com) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2017-03-30]
CHR Extension: (Gmail) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-28]
CHR Extension: (Chrome Media Router) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-27]
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Caro\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-03-21]
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36688 2018-11-30] (Box, Inc. -> Box, Inc.)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] (Lenovo (Beijing) Limited -> )
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-06] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-25] (Dropbox, Inc -> Dropbox, Inc.)
S2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel(R) pGFX -> Intel Corporation)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO -> LENOVO INCORPORATED.)
S2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
S2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-11-08] (Panda Security S.L. -> Panda Security, S.L.)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-19] (AnchorFree Inc -> )
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security S.L -> Panda Security, S.L.)
S2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-25] (PointGrab Ltd -> PointGrab LTD)
S2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-25] (PointGrab Ltd -> PointGrab LTD)
S2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> )
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [33224 2016-04-15] (LENOVO -> SHAREit Technologies Co.Ltd)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-09-06] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
S2 0134591532030241mcinstcleanup; C:\WINDOWS\TEMP\013459~1.EXE -cleanup -nolog [X]
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-03-10] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [108000 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
S1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211936 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
S1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [121312 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
S1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [126432 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [99512 2017-09-26] (Panda Security S.L. -> Panda Security, S.L.)
S1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [118240 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
S1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [91616 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
S1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135648 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
S1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [336352 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
S1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [249312 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
S1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123360 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
S1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [281056 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
S1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [125920 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation -> NVIDIA Corporation)
S2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [191448 2017-11-08] (Panda Security S.L. -> Panda Security, S.L.)
S2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [153992 2018-01-22] (Panda Security S.L. -> Panda Security, S.L.)
S1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207248 2018-01-30] (Panda Security S.L. -> Panda Security, S.L.)
S2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [146912 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
S2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [159200 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
S2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [129504 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72648 2017-05-22] (Panda Security S.L. -> Panda Security, S.L.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-11-11] (Realtek Semiconductor Corp -> Realtek )
S3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [600832 2015-08-29] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-06-15] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-11-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2018-04-11] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-11] (Synaptics Incorporated -> Synaptics Incorporated)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
S1 ZmQ1OTY5NzQ2MmViZjA0; \??\C:\WINDOWS\system32\drivers\ZmQ1OTY5NzQ2MmViZjA0 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-23 02:34 - 2019-03-23 02:34 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-21 22:59 - 2019-03-21 22:59 - 000000000 ____D C:\Users\Caro\Downloads\FRST-OlderVersion
2019-03-21 22:31 - 2019-03-21 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-03-20 01:13 - 2019-03-23 02:35 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-03-20 01:12 - 2019-03-23 02:34 - 001260242 _____ C:\WINDOWS\ntbtlog.txt
2019-03-19 16:48 - 2019-03-19 16:48 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-03-19 16:48 - 2019-03-19 16:48 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-03-19 16:48 - 2019-03-19 16:48 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-03-19 16:48 - 2019-03-19 16:48 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-03-19 00:57 - 2019-03-19 00:57 - 000002591 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002550 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002542 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-03-19 00:57 - 2019-03-19 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-03-16 03:11 - 2019-03-16 03:11 - 000000000 ____D C:\Users\Caro\AppData\Local\OneDrive
2019-03-16 01:50 - 2019-03-16 01:50 - 000797760 _____ C:\Users\Caro\Downloads\delfix (3).exe
2019-03-16 01:50 - 2019-03-16 01:50 - 000797760 _____ C:\Users\Caro\Downloads\delfix (2).exe
2019-03-15 01:05 - 2019-03-15 01:05 - 000000000 ____D C:\WINDOWS\ERUNT
2019-03-15 00:54 - 2019-03-15 01:02 - 000797760 _____ C:\Users\Caro\Downloads\delfix.exe
2019-03-13 23:11 - 2019-03-13 23:11 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-03-13 23:11 - 2019-03-13 23:11 - 000002874 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-03-13 23:11 - 2019-03-13 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-03-13 23:11 - 2019-03-13 23:11 - 000000000 ____D C:\Program Files\CCleaner
2019-03-13 23:10 - 2019-03-13 23:11 - 021205512 _____ (Piriform Software Ltd) C:\Users\Caro\Downloads\ccsetup555.exe
2019-03-13 00:05 - 2019-03-13 00:05 - 010607000 _____ (McAfee, Inc.) C:\Users\Caro\Downloads\MCPR.exe
2019-03-12 23:26 - 2019-03-06 12:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-12 23:26 - 2019-03-06 12:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-12 23:26 - 2019-03-06 12:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-12 23:26 - 2019-03-06 12:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-12 23:26 - 2019-03-06 12:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-12 23:26 - 2019-03-06 12:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-12 23:26 - 2019-03-06 12:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-12 23:26 - 2019-03-06 12:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-12 23:26 - 2019-03-06 09:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-12 23:26 - 2019-03-06 09:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-12 23:26 - 2019-03-06 09:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-12 23:26 - 2019-03-06 06:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-12 23:26 - 2019-03-06 06:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-12 23:26 - 2019-03-06 06:16 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-12 23:26 - 2019-03-06 06:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-12 23:26 - 2019-03-06 06:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-12 23:26 - 2019-03-06 06:07 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-12 23:26 - 2019-03-06 06:07 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-12 23:26 - 2019-03-06 06:06 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-12 23:26 - 2019-03-06 06:04 - 002765856 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-12 23:26 - 2019-03-06 06:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-12 23:26 - 2019-03-06 06:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-12 23:26 - 2019-03-06 06:03 - 002719544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-12 23:26 - 2019-03-06 06:03 - 002465784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-12 23:26 - 2019-03-06 06:02 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-12 23:26 - 2019-03-06 06:02 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-12 23:26 - 2019-03-06 05:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-12 23:26 - 2019-03-06 05:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-12 23:26 - 2019-03-06 05:36 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-12 23:26 - 2019-03-06 05:34 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-12 23:26 - 2019-03-06 05:32 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-12 23:26 - 2019-03-06 05:31 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-12 23:26 - 2019-03-06 05:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-12 23:26 - 2019-03-06 05:29 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-12 23:26 - 2019-03-06 05:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-12 23:26 - 2019-03-06 05:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-12 23:26 - 2019-03-06 05:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-12 23:26 - 2019-03-06 05:27 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-12 23:26 - 2019-03-06 05:27 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-12 23:26 - 2019-03-06 05:27 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-12 23:26 - 2019-03-06 03:17 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-12 23:26 - 2019-03-06 03:15 - 002253488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-12 23:26 - 2019-03-06 03:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-12 23:26 - 2019-03-06 03:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-12 23:26 - 2019-03-06 03:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-12 23:26 - 2019-03-06 03:05 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-12 23:26 - 2019-03-06 02:56 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-12 23:26 - 2019-03-06 02:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-12 23:26 - 2019-03-06 02:53 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-12 23:26 - 2019-03-06 02:52 - 005790720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-12 23:26 - 2019-03-06 02:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-12 23:26 - 2019-03-06 02:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-12 23:26 - 2019-03-06 02:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-12 23:26 - 2019-03-06 02:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-12 23:26 - 2019-03-06 02:48 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-12 23:26 - 2019-03-06 02:48 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-12 23:26 - 2019-02-21 00:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-12 23:26 - 2019-02-16 10:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-12 23:26 - 2019-02-16 10:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-12 23:26 - 2019-02-16 09:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-12 23:26 - 2019-02-16 09:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-12 23:26 - 2019-02-16 09:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-12 23:26 - 2019-02-16 09:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-12 23:26 - 2019-02-16 09:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-12 23:26 - 2019-02-16 09:32 - 003646976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-03-12 23:26 - 2019-02-16 09:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-12 23:26 - 2019-02-16 09:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-12 23:26 - 2019-02-16 09:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-12 23:26 - 2019-02-16 09:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-12 23:26 - 2019-02-16 09:06 - 002890752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-03-12 23:26 - 2019-02-16 09:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-12 23:26 - 2019-02-16 07:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-12 23:26 - 2019-02-16 07:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-12 23:26 - 2019-02-16 05:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-12 23:26 - 2019-02-16 05:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-12 23:26 - 2019-02-16 05:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-12 23:26 - 2019-02-16 05:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-12 23:26 - 2019-02-16 05:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-12 23:26 - 2019-02-16 05:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-12 23:26 - 2019-02-16 05:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-12 23:26 - 2019-02-16 05:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-12 23:26 - 2019-02-16 05:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-12 23:26 - 2019-02-16 05:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-12 23:26 - 2019-02-16 05:01 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-12 23:26 - 2019-02-16 05:01 - 000735464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-12 23:26 - 2019-02-16 05:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-12 23:26 - 2019-02-16 05:01 - 000480840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-12 23:26 - 2019-02-16 04:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-12 23:26 - 2019-02-16 04:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-12 23:26 - 2019-02-16 04:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-12 23:26 - 2019-02-16 04:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-12 23:26 - 2019-02-16 04:50 - 001171336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-12 23:26 - 2019-02-16 04:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-12 23:26 - 2019-02-16 04:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-12 23:26 - 2019-02-16 04:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-12 23:26 - 2019-02-16 04:36 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-03-12 23:26 - 2019-02-16 04:35 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-12 23:26 - 2019-02-16 04:35 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-12 23:26 - 2019-02-16 04:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-12 23:26 - 2019-02-16 04:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-12 23:26 - 2019-02-16 04:33 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-03-12 23:26 - 2019-02-16 04:32 - 002969088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-12 23:26 - 2019-02-16 04:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-12 23:26 - 2019-02-16 04:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-12 23:26 - 2019-02-16 04:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-12 23:26 - 2019-02-16 04:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-12 23:26 - 2019-02-16 04:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-12 23:26 - 2019-02-16 04:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-12 23:26 - 2019-02-16 04:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-12 23:26 - 2019-02-16 04:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-12 23:26 - 2019-02-16 04:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-12 23:26 - 2019-02-16 04:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-12 23:26 - 2019-02-16 04:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-12 23:26 - 2019-02-16 04:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-12 23:25 - 2019-03-06 12:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-12 23:25 - 2019-03-06 12:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-12 23:25 - 2019-03-06 12:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-12 23:25 - 2019-03-06 12:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-12 23:25 - 2019-03-06 12:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-12 23:25 - 2019-03-06 12:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-12 23:25 - 2019-03-06 12:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-12 23:25 - 2019-03-06 12:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-12 23:25 - 2019-03-06 09:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-12 23:25 - 2019-03-06 09:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-12 23:25 - 2019-03-06 09:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-12 23:25 - 2019-03-06 09:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-12 23:25 - 2019-03-06 09:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-12 23:25 - 2019-03-06 09:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-12 23:25 - 2019-03-06 08:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-12 23:25 - 2019-03-06 06:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-12 23:25 - 2019-03-06 06:16 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-12 23:25 - 2019-03-06 06:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-12 23:25 - 2019-03-06 06:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-12 23:25 - 2019-03-06 06:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-12 23:25 - 2019-03-06 06:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-12 23:25 - 2019-03-06 06:06 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-03-12 23:25 - 2019-03-06 06:06 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-03-12 23:25 - 2019-03-06 06:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-12 23:25 - 2019-03-06 06:05 - 000436240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-12 23:25 - 2019-03-06 06:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-12 23:25 - 2019-03-06 06:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-12 23:25 - 2019-03-06 06:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-12 23:25 - 2019-03-06 06:03 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-03-12 23:25 - 2019-03-06 06:03 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-12 23:25 - 2019-03-06 06:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-12 23:25 - 2019-03-06 06:02 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-12 23:25 - 2019-03-06 06:02 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-12 23:25 - 2019-03-06 06:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-12 23:25 - 2019-03-06 05:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-12 23:25 - 2019-03-06 05:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-12 23:25 - 2019-03-06 05:32 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-12 23:25 - 2019-03-06 05:31 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-12 23:25 - 2019-03-06 05:31 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-12 23:25 - 2019-03-06 05:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-12 23:25 - 2019-03-06 05:31 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-03-12 23:25 - 2019-03-06 05:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-12 23:25 - 2019-03-06 05:31 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-03-12 23:25 - 2019-03-06 05:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-12 23:25 - 2019-03-06 05:27 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-12 23:25 - 2019-03-06 05:26 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-12 23:25 - 2019-03-06 05:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-12 23:25 - 2019-03-06 05:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-12 23:25 - 2019-03-06 05:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-12 23:25 - 2019-03-06 04:08 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-03-12 23:25 - 2019-03-06 03:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-12 23:25 - 2019-03-06 03:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-12 23:25 - 2019-03-06 03:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-12 23:25 - 2019-03-06 03:14 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-12 23:25 - 2019-03-06 03:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-12 23:25 - 2019-03-06 02:52 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-12 23:25 - 2019-03-06 02:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-12 23:25 - 2019-03-06 02:51 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-12 23:25 - 2019-03-06 02:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-12 23:25 - 2019-03-06 02:50 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-12 23:25 - 2019-03-06 02:49 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-12 23:25 - 2019-03-06 02:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-03-12 23:25 - 2019-02-16 10:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-12 23:25 - 2019-02-16 09:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-12 23:25 - 2019-02-16 09:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-12 23:25 - 2019-02-16 09:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-12 23:25 - 2019-02-16 09:36 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-03-12 23:25 - 2019-02-16 09:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-12 23:25 - 2019-02-16 09:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-12 23:25 - 2019-02-16 09:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-12 23:25 - 2019-02-16 09:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-12 23:25 - 2019-02-16 09:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-12 23:25 - 2019-02-16 09:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-12 23:25 - 2019-02-16 09:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-12 23:25 - 2019-02-16 09:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-12 23:25 - 2019-02-16 09:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-12 23:25 - 2019-02-16 09:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-12 23:25 - 2019-02-16 09:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-12 23:25 - 2019-02-16 09:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-12 23:25 - 2019-02-16 09:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-12 23:25 - 2019-02-16 09:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-12 23:25 - 2019-02-16 09:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-12 23:25 - 2019-02-16 05:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-12 23:25 - 2019-02-16 05:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-12 23:25 - 2019-02-16 05:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-12 23:25 - 2019-02-16 05:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-12 23:25 - 2019-02-16 05:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-12 23:25 - 2019-02-16 05:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-12 23:25 - 2019-02-16 05:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-12 23:25 - 2019-02-16 05:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-12 23:25 - 2019-02-16 05:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-12 23:25 - 2019-02-16 04:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-12 23:25 - 2019-02-16 04:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-12 23:25 - 2019-02-16 04:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-12 23:25 - 2019-02-16 04:50 - 000560384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-03-12 23:25 - 2019-02-16 04:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-12 23:25 - 2019-02-16 04:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-03-12 23:25 - 2019-02-16 04:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-03-12 23:25 - 2019-02-16 04:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-12 23:25 - 2019-02-16 04:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-12 23:25 - 2019-02-16 04:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-12 23:25 - 2019-02-16 04:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-03-12 23:25 - 2019-02-16 04:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-12 23:25 - 2019-02-16 04:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-12 23:25 - 2019-02-16 04:31 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-12 23:25 - 2019-02-16 04:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-12 23:25 - 2019-02-16 04:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-12 23:25 - 2019-02-16 04:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-12 23:25 - 2019-02-16 04:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-12 23:25 - 2019-02-16 04:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-12 23:25 - 2019-02-16 04:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-12 23:25 - 2019-02-16 04:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-12 23:25 - 2019-02-16 04:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-12 23:25 - 2019-02-16 04:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-03-11 23:28 - 2019-03-21 23:06 - 000086380 _____ C:\Users\Caro\Downloads\Addition.txt
2019-03-11 23:26 - 2019-03-23 02:39 - 000030089 _____ C:\Users\Caro\Downloads\FRST.txt
2019-03-11 23:25 - 2019-03-23 02:37 - 000000000 ____D C:\FRST
2019-03-11 23:24 - 2019-03-21 22:59 - 002434048 _____ (Farbar) C:\Users\Caro\Downloads\FRST64.exe
2019-03-11 16:19 - 2019-03-11 16:19 - 000001752 _____ C:\Users\Caro\Downloads\marzo11 malware.txt
2019-03-10 23:13 - 2019-03-10 23:13 - 019384632 _____ (Piriform Software Ltd) C:\Users\Caro\Downloads\ccsetup553.exe
2019-03-10 20:25 - 2019-03-10 21:00 - 000000000 ____D C:\Users\Caro\AppData\Roaming\ZHP
2019-03-10 20:25 - 2019-03-10 20:25 - 000000000 ____D C:\Users\Caro\AppData\Local\ZHP
2019-03-10 20:21 - 2019-03-10 20:21 - 003321728 _____ C:\Users\Caro\Downloads\ZHPCleaner.exe
2019-03-10 20:16 - 2019-03-10 20:16 - 007316688 _____ (Malwarebytes) C:\Users\Caro\Downloads\adwcleaner_7.2.7.0 (1).exe
2019-03-10 19:35 - 2019-03-10 19:37 - 000000000 ____D C:\AdwCleaner
2019-03-10 19:33 - 2019-03-10 19:34 - 007316688 _____ (Malwarebytes) C:\Users\Caro\Downloads\adwcleaner_7.2.7.0.exe
2019-03-10 19:08 - 2019-03-10 19:08 - 000042734 _____ C:\Users\Caro\Downloads\marzo10Malware.txt
2019-03-10 18:07 - 2019-03-10 18:07 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-03-10 18:07 - 2019-03-10 18:07 - 000000000 ____D C:\Users\Caro\AppData\Local\mbam
2019-03-10 18:06 - 2019-03-10 18:06 - 000000000 ____D C:\Users\Caro\AppData\Local\mbamtray
2019-03-10 18:05 - 2019-03-10 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-10 18:05 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-10 18:05 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-10 18:01 - 2019-03-10 18:01 - 062400056 _____ (Malwarebytes ) C:\Users\Caro\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9618.exe
2019-03-07 22:54 - 2019-03-07 22:54 - 000000012 _____ C:\Users\Caro\setup_01.ini

#32

2° parte del FRST


==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-23 02:33 - 2018-05-29 02:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-23 02:33 - 2018-04-11 18:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2019-03-23 02:29 - 2017-06-02 15:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-23 02:29 - 2016-01-25 15:01 - 000000000 __SHD C:\Users\Caro\IntelGraphicsProfiles
2019-03-23 02:27 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-23 02:22 - 2016-04-28 01:30 - 000000000 ___RD C:\Users\Caro\Google Drive
2019-03-23 02:21 - 2016-01-25 23:32 - 000000000 ___RD C:\Users\Caro\Dropbox
2019-03-23 02:20 - 2016-11-03 14:16 - 000000000 ___RD C:\Users\Caro\iCloudDrive
2019-03-23 02:17 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-23 02:15 - 2016-08-22 22:09 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-23 01:51 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-23 01:18 - 2018-05-29 02:41 - 000004204 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C6F4BD55-6BCC-4B51-BBE7-346301359930}
2019-03-22 01:57 - 2018-05-29 02:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-21 22:36 - 2018-11-16 22:28 - 000000000 ____D C:\Program Files\rempl
2019-03-21 22:33 - 2016-01-25 23:20 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-03-19 00:55 - 2015-08-15 06:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-03-19 00:50 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-16 01:58 - 2017-03-29 22:53 - 000000240 _____ C:\DelFix.txt
2019-03-15 01:28 - 2016-01-25 15:03 - 000000000 __RDL C:\Users\Caro\OneDrive
2019-03-14 00:08 - 2018-07-26 22:05 - 000000000 ____D C:\Users\Caro\AppData\Local\GoToMeeting
2019-03-13 00:52 - 2018-05-29 02:26 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-13 00:52 - 2018-04-12 13:18 - 000787744 _____ C:\WINDOWS\system32\perfh00A.dat
2019-03-13 00:52 - 2018-04-12 13:18 - 000155340 _____ C:\WINDOWS\system32\perfc00A.dat
2019-03-13 00:47 - 2018-05-29 02:06 - 000464120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-03-13 00:16 - 2018-04-11 20:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-13 00:11 - 2018-05-29 02:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-03-13 00:10 - 2018-04-11 18:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-13 00:09 - 2016-01-25 23:37 - 000000000 ____D C:\Users\Caro\AppData\Roaming\Skype
2019-03-12 23:44 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-11 02:12 - 2018-05-20 14:45 - 000000000 ___DC C:\WINDOWS\Panther
2019-03-11 02:12 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-03-10 18:54 - 2018-07-26 22:05 - 000000648 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009.job
2019-03-10 18:54 - 2018-07-26 22:05 - 000000552 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009.job
2019-03-10 18:53 - 2018-05-29 02:14 - 000000000 ____D C:\Users\Caro
2019-03-10 18:05 - 2018-04-11 20:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-09 01:45 - 2018-07-26 22:05 - 000003802 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009
2019-03-09 01:45 - 2018-07-26 22:05 - 000003706 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009
2019-03-07 23:28 - 2017-12-15 02:08 - 000000000 ____D C:\Users\Caro\AppData\Local\PlaceholderTileLogoFolder
2019-03-07 23:28 - 2017-12-01 14:57 - 000000000 ____D C:\Users\Caro\AppData\Local\Packages
2019-03-07 23:08 - 2015-11-10 23:51 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-07 22:56 - 2016-01-25 23:20 - 000000966 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-03-07 22:56 - 2016-01-25 23:20 - 000000962 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-03-07 22:16 - 2016-05-16 23:47 - 000000000 ____D C:\Users\Caro\AppData\Local\ElevatedDiagnostics
2019-03-06 20:12 - 2018-05-29 02:14 - 000002445 _____ C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-03 13:54 - 2018-12-03 00:56 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-03 13:54 - 2018-12-03 00:56 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-23 23:35 - 2018-02-27 00:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories =======

2016-10-24 20:07 - 2016-11-24 15:21 - 000000033 _____ () C:\Users\Caro\AppData\Roaming\AdobeWLCMCache.dat
2019-02-10 04:54 - 2019-02-10 04:54 - 006161408 _____ () C:\Users\Caro\AppData\Local\dump007.dat
2018-10-05 22:20 - 2018-10-05 22:20 - 000000000 _____ () C:\Users\Caro\AppData\Local\oobelibMkey.log
2019-02-10 03:49 - 2019-02-10 03:49 - 000000003 _____ () C:\Users\Caro\AppData\Local\wbem.ini

Some zero byte size files/folders:
==========================
C:\Windows\System32\mysqld.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-29 02:06

================= End of FRST.txt ============================
#33

el Adittion


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Caro (23-03-2019 02:41:31)
Running from C:\Users\Caro\Downloads
Windows 10 Home Single Language Version 1803 17134.648 (X64) (2018-05-29 05:43:13)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4145286444-108475074-2886558672-500 - Administrator - Disabled)
Caro (S-1-5-21-4145286444-108475074-2886558672-1009 - Administrator - Enabled) => C:\Users\Caro
DefaultAccount (S-1-5-21-4145286444-108475074-2886558672-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4145286444-108475074-2886558672-1005 - Limited - Enabled)
Invitado (S-1-5-21-4145286444-108475074-2886558672-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4145286444-108475074-2886558672-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Dome (Disabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Dome (Disabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Actualización de NVIDIA 11.10.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 11.10.11 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015.3 (HKLM-x32\...\ILST_20_1_0) (Version: 20.1.0 - Adobe Systems Incorporated)
Adobe Lightroom CC (HKLM-x32\...\LRCC_1_0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Apple Application Support (32 bits) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{CD5CB679-159B-4E4C-B847-B29B492D106E}) (Version: 4.0.7929.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{ee10352e-1caf-4132-add1-3809a8ea6d43}) (Version: 4.0.7929.0 - Box Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4505 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM-x32\...\{1D2682EA-75DD-44B6-BF2D-CD3C49EAD012}) (Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 69.4.102 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.23 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.23 - Lenovo)
Enterprise Architect (HKLM-x32\...\{71A2AAC1-8DB5-40B4-AEF5-99C23238D37C}) (Version: 12.0.1210.14 - Sparx Systems)
Express Scribe, software para transcripciones (HKLM-x32\...\Scribe) (Version: 6.02 - NCH Software)
Gear IconX (HKLM-x32\...\Gear IconX) (Version: 2.0.170927.51 - Samsung Electronics Co, Ltd.)
GeForce Experience NvStream Client Components (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC) (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{0FC4261B-F502-48B3-B1CF-60021C8F7D22}) (Version: 1.0.481 - LogMeIn, Inc.)
GoToMeeting 8.40.1.12023 (HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\GoToMeeting) (Version: 8.40.1.12023 - LogMeIn, Inc.)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
iTunes (HKLM\...\{514BCD3A-B38B-4835-8B8C-69DA8C48A7A7}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Lenovo App Services (HKLM\...\Lenovo App Services) (Version: 0.200.8.268 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10279 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Motion Control (HKLM-x32\...\{A60E1DE0-2AD1-4BD3-BBCC-4FBB22FB6F85}) (Version: 2.5.1.0225 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A60E1DE0-2AD1-4BD3-BBCC-4FBB22FB6F85}) (Version: 2.5.1.0225 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.5.2624.01 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.5.2624.01 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\cbe8636f7dd0cf1d) (Version: 1.6.2.0 - Lenovo)
Lenovo Settings (HKLM-x32\...\{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.52 - Nombre de su organización) Hidden
Lenovo Settings (HKLM-x32\...\InstallShield_{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.52 - Nombre de su organización)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Manuales de usuario (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11328.20158 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Project Profesional 2016 - es-es (HKLM\...\ProjectProRetail - es-es) (Version: 16.0.11328.20158 - Microsoft Corporation)
Microsoft Visio Profesional 2016 - es-es (HKLM\...\VisioProRetail - es-es) (Version: 16.0.11328.20158 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MySQL Workbench 6.2 CE (HKLM\...\{82D50D82-CAF2-4ABA-8BB7-090668162290}) (Version: 6.2.5 - Oracle Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Dome (HKLM\...\{DC22166B-6F26-4E2E-BFDE-CC3578246940}) (Version: 9.14.00 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.6.0 - Panda Security)
Panel de control de NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden
Paquete de controladores de Windows - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Paquete de controladores de Windows - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Polar FlowSync versión 2.6.2 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.6.2 - Polar Electro Oy)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.810.810.031214 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0251 - REALTEK Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.62.0 - Samsung Electronics Co., Ltd.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Meetings App (HKLM-x32\...\{D20CE315-AC32-4B25-AB3A-7112A9AB6FC3}) (Version: 16.2.0.232 - Microsoft Corporation)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.5 - Synaptics Incorporated)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.3.6 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
x86_64-5.3.0-win32-seh-rt_v4-rev0 (HKLM-x32\...\x86_64-5.3.0-win32-seh-rt_v4-rev0) (Version:  - MinGW-W64)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03232019024006980_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03232019024006980_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03232019024006980_Classes\CLSID\{4A8FCD9F-623C-4283-96F0-10F41846A98A} -> [Box Sync] => C:\Users\Caro\Box Sync [2019-02-10 03:08]
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03232019024006980_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Caro\AppData\Local\GoToMeeting\8953\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03232019024006980_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Caro\Dropbox [2016-01-25 23:32]
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03232019024006980_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{4A8FCD9F-623C-4283-96F0-10F41846A98A} -> [Box Sync] => C:\Users\Caro\Box Sync [2019-02-10 03:08]
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Caro\AppData\Local\GoToMeeting\8953\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Caro\Dropbox [2016-01-25 23:32]
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {06395f73-8d75-3c47-ac2f-93524a83ce03} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {072d2f45-ddf0-35bd-a911-38b853695def} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {88092007-0d01-3d32-a4b4-56f7e19a1c49} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {507a0531-fd10-3efc-8eb8-64e35606e542} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {b9b9e487-7684-373f-a7a2-6b04c8d772a8} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Caro\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] () [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [BoxContextMenuClient] -> {53792c99-3144-3699-8968-fa4278ad3c1e} => C:\Program Files\Box\Box Sync\ContextMenuClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-09-28] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-09-28] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Caro\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] () [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [BoxContextMenuClient] -> {53792c99-3144-3699-8968-fa4278ad3c1e} => C:\Program Files\Box\Box Sync\ContextMenuClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AA759FD-BA06-4A91-BB1E-60F13DAAFB0E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {14FFCA24-7FEB-4F0F-BE4A-A2E06176D3CE} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.207\DADUpdater.exe
Task: {1BBE00ED-04AD-4878-B989-60536A431F13} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {1C8BBC1E-06BD-4516-A0EF-1C93F300DC78} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe (LENOVO -> Lenovo)
Task: {34FEBD07-6327-4947-866D-478F20A5902D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {426AAB97-E52F-44AC-98F1-FC6A0C0E3A2D} - System32\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009 => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupdate.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {5E1F9D01-1F53-47CF-89E6-303C4E5107EC} - no filepath
Task: {60EB643C-FC26-490A-82D7-D8C35F5C2092} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {64FE9004-F9C3-468E-B3E2-EEDA063BA8B6} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {705E20AC-120B-4781-9EE0-8C034F946EB9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {7322D75D-291D-45CD-89F8-90BB56E8BCEC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7AF5003E-30F5-417A-9C94-CF8FF376811C} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {7B6E4235-0635-492B-B326-49A4F07F9BA2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7F2AAA77-8FD0-47BA-AFF8-BC57991DE983} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe (LENOVO -> )
Task: {848EBB28-3284-42CC-B4CF-FE6ECBCC8A09} - System32\Tasks\S-1-5-21-4145286444-108475074-2886558672-1009\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {85C4818D-D1EA-4DB9-B38B-BF99FC2662E3} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {87D3C943-57A6-456B-BA90-C35347BDA291} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (Apple Inc. -> Apple Inc.)
Task: {89E7CAFD-A575-4D51-88EE-AD0248944799} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8C4298DB-5950-4E87-AC81-36679A0AF032} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9A494665-6B21-459D-8FB9-1EA33E33D8CC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9EA539CF-27FA-4BF9-80CE-39AA81FC8565} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {A0E5B763-191F-4993-BAC4-6AC8E87B314C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {A5F73776-FE31-4A83-BF0F-157BBC21DD20} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A62CF881-4D6D-4982-8555-70A5AF2542C1} - System32\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009 => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupload.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {A8095E53-C258-4B9F-AC53-55A50622B67D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A8893BE7-F8EA-4F68-AA71-446252EB2BD2} - no filepath
Task: {B28F0B91-51A5-41EE-929D-E6006CF09E17} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B8AFEEA4-E809-479B-8555-D02183ECA6F6} - no filepath
Task: {C9F89DD1-9386-4252-B170-9F1A1545F96F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (LENOVO -> Lenovo)
Task: {D4418613-62D2-4F8A-A184-6F817E43988D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D8821C90-531D-4E35-ACEE-59507E178A39} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DD38262D-46D1-482F-AEE7-A3D48F6BE8D0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {E2EDD6D7-C002-4E72-8BBB-A2BE69F2CC73} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F3710B49-BB7E-42C3-90B0-EAF0ED81859A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F84AE722-1E42-4351-B7BE-3DEF1499004C} - no filepath

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009.job => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009.job => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupload.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\{8931EFDE-73C7-49A3-B6A1-FA8FAF40E1E9}.job => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe
Task: C:\WINDOWS\Tasks\{C89190C7-347E-4BF6-B85D-E4DA12014C0C}.job => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Caro\Google Drive\Documentos_TRABAJO\TRABAJO2\info varias\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Caro\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Hangouts de Google (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Caro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Caro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->   --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->   --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->   --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2016-10-18 17:46 - 2016-10-04 11:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-05-01 11:13 - 2016-11-14 00:11 - 000592384 _____ () [File not signed] C:\Users\Caro\AppData\Local\MEGAsync\ShellExtX64.dll
2013-08-27 08:57 - 2013-08-27 08:57 - 001199104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-10 18:05 - 2019-02-01 10:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\CyberLink:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\Lenovo:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\Plantillas personalizadas de Office:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\WBS Schedule Pro:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2017-03-20 00:03 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2016-11-28 23:04 - 2018-07-29 19:18 - 000000504 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

2.168.137.25 LGSmartTV.mshome.net # 2017 11 1 27 1 38 23 420

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Lenovo\Motion Control\;C:\Users\Caro\Documents\Software\mysql-5.7.11-winx64\MySQL\bin;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\Control Panel\Desktop\\Wallpaper -> C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{6445E2B3-C093-4CC7-BC58-BC2DA17CED42}C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2F2A4B23-3D83-4182-B9B1-2A3FB06E2BF3}C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8BE0E86-CEA7-452F-BC64-BEE87368C2FB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{14A8C27A-7CCA-409A-B7A8-48FB6D981D92}] => (Allow) LPort=5354
FirewallRules: [{4145152B-A374-4F0F-A876-39009026ED1F}] => (Allow) LPort=5354
FirewallRules: [{0674A708-5DEE-4861-A3BB-4BA272DB92A3}] => (Allow) LPort=5354
FirewallRules: [{27D6803F-4825-4B84-BDA6-4EE002D2DBC3}] => (Allow) LPort=5354
FirewallRules: [{DD97A0C5-8919-40FE-98A7-729325A92EF9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8F906C73-765C-4552-881F-43CB181783E9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{15036AA2-E78D-4364-9416-8D5A3D062637}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6DDA5088-8A04-46B3-B968-1CBA466AADB7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1EFA5A45-210F-4FA3-BC43-A97D2AECE0BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BBBDDB4B-CF12-4C1E-A4EB-2074D1B375A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EA093CDC-31F8-49D4-9655-1682E93C10DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7B6B033C-07C2-4858-95EB-2C591C697258}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{2D0273FB-A271-48EB-8F19-AA3E18D61678}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{7EB91165-18C1-48C1-AC9D-56ACA1478890}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{AC9DE88E-B852-4A2E-B7E9-3E4D8D925E82}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{110771D7-3E77-4252-A90B-E16779580AB6}] => (Allow) LPort=55100
FirewallRules: [{8CA91650-DBBE-4649-8970-B657B1E21C54}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe (Lenovo (Beijing) Limited -> Lenovo)
FirewallRules: [TCP Query User{12A3A7F4-6A6B-439C-AC71-836AED5B5305}C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe] => (Allow) C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe () [File not signed]
FirewallRules: [UDP Query User{93E4A2C4-8ABA-45CA-8E67-CD1B5C4CD218}C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe] => (Allow) C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe () [File not signed]
FirewallRules: [{7361BA51-FAA9-4046-9F08-83C7C7F4F7E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B9269BC9-5D5C-436C-B1C9-1AB24263A7B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C527C130-C338-401B-A37E-807FCF634468}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2CEF4505-F8EC-40BE-A8AF-FB3CA6F5D00D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B36AC524-C865-403D-B6CE-0A822332CB9B}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> SHAREit Technologies Co.Ltd)
FirewallRules: [{8128852A-27D9-436E-A5A8-694868766F70}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> SHAREit Technologies Co.Ltd)
FirewallRules: [{D695AC39-8CD1-4705-B275-F7D2208B81E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{6A5E8FDA-A157-4006-836B-22DF5300B1E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{4964FC4B-F48F-4934-9E84-65641CB9287D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{440E1684-EC4E-43DF-A50D-59B0BEFD88D7}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{F485ED72-1381-4C95-80C6-65E984914B0D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{8716827E-2E53-40C7-8E9C-4ECFE53D9A41}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B9D76EC6-5FB7-4A05-B6CF-9F284DE8200A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3654873E-FFB1-4473-919F-8FEC82C5E7CF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57E99ECD-02CA-4FDF-A583-3C1DB32AC343}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0B8475F2-E966-4E9F-9C15-D8E2EF3C7FC2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3E0EB971-9FA2-422B-B0BC-15898F2ADA81}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{75F9EDB9-69CB-4B63-A784-DCAE77C2B107}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AD90C594-2F9E-412E-87A3-9D49110727B6}] => (Allow) C:\Program Files (x86)\lXAYLUeDDfS.exe No File
FirewallRules: [{3AAFFCE5-D672-45B3-AAE9-051CE33B9229}] => (Allow) C:\Program Files (x86)\TZEA.exe No File
FirewallRules: [{C8926869-E834-4D9E-9C37-D1C7FAFE71B7}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{18700AA6-4DBC-4A43-9ABE-FF55893EF0F9}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7E76F635-6C83-420E-ADAE-E11120D984C6}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{309CACE3-3B76-46EE-B0EA-2A365358E90C}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4CC54563-AFF5-463D-81C8-EC36B85DD458}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{128B646B-C489-4EDB-B094-6197404FE9DE}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{088EAE30-D4C5-4F35-96DE-B719088158D6}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6007436F-1402-45A7-9FE8-F22AAFBDF9FF}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DCF01053-205A-4F1D-9EC6-752407EA8DFF}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{8C631CE0-CE04-49F1-9EA3-D8AECD40ABF8}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{95CCCDE5-F74D-4B30-9BF1-C2E0F5FD286A}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3110D8E8-9527-4D6C-B0B0-FE1DF3398503}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B78B9F83-6EE6-43B0-A035-5A8133EF4923}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{EF38372C-8C43-4A2D-95FE-00629357988D}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6BEA2E63-8DA2-470C-B9A0-AEABDF21B16A}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C27330F4-EFFF-407B-9A62-10D03790C2AB}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{3C580D35-09EF-4E4D-A47A-F50BD9DF2255}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{0CF69197-17C3-4F59-BAFC-1B94FB35C494}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{72796C39-C1BF-4979-AD4C-D88CA1707C01}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{D21DA473-B5EE-4DBB-9B9C-FF51A7D470EB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{2B6BC4E9-CEEF-4AA5-AF06-62B863C7144A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{C264845E-F511-4172-B9F5-85CADB7EA6C4}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{0594888D-C034-4CA2-9F5C-228EE1911F48}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{69299F49-8794-453F-9CC8-7472FD35B03D}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{98859968-459A-4920-84BB-683523FEAADF}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{CAADB3AE-6532-46E0-9EB8-7DBC56CEF31D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

01-03-2019 23:04:25 Windows Update
10-03-2019 19:31:16 Punto de control programado
21-03-2019 22:34:06 Windows Update

#34

2° parte del Adittion



==================== Faulty Device Manager Devices =============

Name: Sonido Intel(R) para pantallas
Description: Sonido Intel(R) para pantallas
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel(R) Corporation
Service: IntcDAud
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvvad_WaveExtensible
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Lenovo Primary iM Controller
Description: Lenovo Primary iM Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo Corporation
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2019 02:29:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x2314
Hora de inicio de la aplicación con errores: 0x01d4e139732e8c29
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: 79e3fa17-c10a-4704-8d85-8201c698a5c2
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/23/2019 02:19:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x2fac
Hora de inicio de la aplicación con errores: 0x01d4e137f5c608c0
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: c2698e83-9498-4a73-954c-56c71d16ac12
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/23/2019 01:42:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x2b48
Hora de inicio de la aplicación con errores: 0x01d4e132dbb318e1
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: 787e797f-850a-4b30-9e50-56f099f521e9
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/23/2019 01:42:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x2924
Hora de inicio de la aplicación con errores: 0x01d4e132dd69917f
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: b0985dbb-5b76-465c-9836-f2d22d861b27
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/22/2019 12:57:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: AppleChromeDAV.exe, versión: 2.1.15.85, marca de tiempo: 0x5b2e1ace
Nombre del módulo con errores: VCRUNTIME140.dll, versión: 14.13.26118.0, marca de tiempo: 0x5a603d09
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000e99c
Identificador del proceso con errores: 0x3e3c
Hora de inicio de la aplicación con errores: 0x01d4e04ff8587c3a
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll
Identificador del informe: c9c3be20-3dfa-4b36-8379-913a1b19d09a
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/21/2019 10:53:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x2acc
Hora de inicio de la aplicación con errores: 0x01d4e052195f4967
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: b92559e6-e84d-451f-b9b7-80698817d05b
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/21/2019 10:37:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x3e7c
Hora de inicio de la aplicación con errores: 0x01d4e04fbe8c175f
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: dcd6d7d5-bfc4-4327-880f-898455476bb3
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/21/2019 10:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x44a8
Hora de inicio de la aplicación con errores: 0x01d4e04fbd49d017
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: c3ef7c3f-efa5-4508-884c-0f07d48483d7
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:


System errors:
=============
Error: (03/23/2019 02:43:43 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "No disponible" para ejecutar el servidor:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/23/2019 02:42:52 AM) (Source: DCOM) (EventID: 10005) (User: LENOVO-PC)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/23/2019 02:41:31 AM) (Source: DCOM) (EventID: 10005) (User: LENOVO-PC)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/23/2019 02:39:56 AM) (Source: DCOM) (EventID: 10005) (User: LENOVO-PC)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/23/2019 02:39:11 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (03/23/2019 02:38:53 AM) (Source: DCOM) (EventID: 10005) (User: LENOVO-PC)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/23/2019 02:38:11 AM) (Source: DCOM) (EventID: 10005) (User: LENOVO-PC)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/23/2019 02:37:59 AM) (Source: DCOM) (EventID: 10005) (User: LENOVO-PC)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}


Windows Defender:
===================================
Date: 2019-03-23 02:01:13.898
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {513D5634-EB55-45B5-8DB8-B47375992264}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-22 00:52:05.400
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {5147E748-98BC-4281-9E56-3365D805EDD5}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-22 00:42:08.593
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {B56B908A-6E15-40E0-8225-25FEB5E3FE55}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-22 00:35:21.803
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {C4FFCBB2-B65B-4191-A642-00B06CC86068}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-22 00:10:18.608
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {C606D38A-5A7E-4E50-B32D-342619AA00D8}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-23 02:34:46.668
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-03-23 02:13:55.404
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-03-23 01:37:07.107
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-03-21 22:52:10.322
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.289.1599.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15800.1
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-03-20 01:26:46.374
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

CodeIntegrity:
===================================

Date: 2019-03-23 01:24:44.136
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-20 01:35:46.757
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-16 01:48:01.017
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-13 01:06:33.866
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-10 23:14:24.606
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-10 03:48:10.913
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-22 01:15:26.225
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-30 15:01:25.585
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 31%
Total physical RAM: 8104.27 MB
Available physical RAM: 5543.14 MB
Total Virtual: 16296.27 MB
Available Virtual: 13814.41 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:890.27 GB) (Free:649.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.33 GB) NTFS

\\?\Volume{a952e48a-011d-491b-b9cc-10f42f2f561f}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.68 GB) NTFS
\\?\Volume{19b15c48-1489-4267-85aa-446ab421d461}\ (PBR_DRV) (Fixed) (Total:13.91 GB) (Free:3.08 GB) NTFS
\\?\Volume{edf34597-8577-491a-a98e-38b5a892180e}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 24332868)

Partition: GPT.

==================== End of Addition.txt ============================

Espero que sirva de otra forma estuve reiniciando la pc un monton de veces porque no lo tomaba- Saludos

#35

Hola Caro:

Agradezco todo el esfuerzo que le pones pero no nos estamos entendiendo.

Se que tienes infecciones, las veo en el reporte pero lo que actualmente mas me preocupa es el bloqueo que tiene tu ordenador.

Por ello te pedí que entraras a Modo Seguro y solamente abrieras tus archivos, probaras tu equipo en ese Modo, solo eso.

No ejecutes nada, solo prueba el Sistema en ese Modo Seguro sin red, tengo sospechas de que pudieras tener un daño en tu disco.

En cuanto me comentes como va el sistema en Modo Seguro te doy los pasos a seguir para eliminar las infecciones y comprobar el estado de tu disco.

Edito: Instalaste tu el antivirus Panda ? Tienes el antivirus Windows Defender activado por lo que puedo ver en el reporte.

Ademas de lo anterior en Modo Normal revisa lo siguiente:

Pincha el icono de Windows Defender >>> Presiona en Protección contra virus y amenazas >>> en Protección contra Rasomware >>> presiona en Administrar la protección contra Rasomware.

Allí revisa si el Acceso controlado a carpetas lo tienes en Desactivado si no es así desactivarlo.

Nos comentas.

Salu2

#36

Hola Sandra, gracias tus comentarios

Paso a contarte, en modo normal pude abrir archivos. En modo seguro sin red no me dejo abrir ningun archivo de Office pues puso un cartel que no tenia acceso por no tener acceso a red, creo que estaba buscando algun antivirus para poder abrir, no me dejo abrir ningun archivo, entonces fui a abrir en modo seguro con red, y nunca habilitó la red, lo tomó como si hubiera seleccionado modo seguro sin red, así que tampoco pude abrir ningun archivo en ninguno de esos dos modos, pues el cartel era el mismo. Abri configuracion y veo que lo de Windows defender, en su momento cuando me lo pediste yo lo habia deshabilitado , no se porqué ahora está habilitado… Lo de acceso controlado a carpetas lo tengo “deshabilitado” , ya estaba así.

Ahora desactive la proteccion de Windows defender otra vez, tiempo real y proteccion contra virus y amenazas.

El Panda lo había instalado yo si, actualmente está desactivado. LA pc la uso para enviarte los reportes y casi no la estoy usando por el momento ,m aunque si necesito algunos archivos que por ahora estoy tratando de prescindir.

Ahora me abrio la configuracion , y pude ejecutar lo que pediste, antes quise cambiar la configuracion de la pantalla, y no abre, asi que eso esta andando cuando quiere, ahora no me deja hacer cambios ahí.

Saludos, que tengas un bonito día. :blush:

#37

Hola @Carolina_Saggio

Si tienes el Ofice online es totalmente normal.

Es normal también solo se deshabilita por un tiempo corto, y solo se vuelve a rehabilitar.

Cada vez que ejecutes una herramienta tendrás que volver a deshabilitarlo.

1.- Desinstala Panda con su herramienta, y no instales ningún antivirus mas hasta que terminemos con Windows Defender es suficiente por el momento.

2.- Sigue el 3er. MÉTODO: descrito en esta Faq de ayuda :arrow_right: ¿Cómo usar CHKDSK para realizar una comprobación del disco?, que es válida también para un Windows 10.

Nos comentas.

Salu2

#38

Hola Sandra como estas?

El Panda lo habia instalado yo hacía mucho, no ahora… Quise desinstalar Panda tal lo solicitaste y me puso, que tengo elementos en la papelera de reciclaje que estan neutralizados, y me pregunta que hacer, si los elimino o no elimininarlos ni neutralizarlos??? No se que que hacer en ese caso.

Otra pregunta, en las aplicaciones en configuracion tengo el desintalador y vos me pasaste el acceso a herramientas de desinstalacion, uso la que vos me indicaste descargando el desinstalador o con el que tengo alcanza? Saludos , gracias

#39

Hola @Carolina_Saggio:

Con el desinstalador que te indique y si te pregunta eliminarlos se refiere a lo que está en cuarentena.

Salu2

#40

Hola Sandra, cómo te va ? Ayer desinstale el Panda desde la herramienta que me dijiste … hoy estuve ejecutando la reparación de Windows… aún sin terminar quiero comentarte cómo va esto porque parece que algo anda mal . Primero llegaba el análisis hasta los 47%, lo dos o 3 veces hasta que de una llego al 100% . Luego hizo reparación e hizo lo mismo …Cuando reinició me puso un cartel que tuvo problemas para iniciar … me dio opción de Reiniciar o ir a opciones avanzadas, con lo que yo le di reiniciar … y acá estoy se quedo en el 11 % analizando y no parece avanzar … no se que hacer en ese caso , si abortar la operación y apagar o qué… dado que no tengo informe para enviarte aguardo tus comentarios… saludos , un beso