MicrosoftEdgeCP y no escribe en Modo Seguro

#1

Hola.

El Norton me aviso de una amenaza en MicrosoftEdgeCP.exe, al ver la comunidad no debería estar en System32, he intentado eliminarlo y nada ( ni Fileassasin ). En Modo seguro no me deja escribir en Cortana, he probado desde cmd y desde powershell.

No sé si es casualidad, o porque iba a denunciar a unas “timadores” ( y eso que no lo he hecho ), pero mi equipo se infecta cada dos por tres. Al final después de esta me dedicaré solo a trabajar, estudio, etc… que está relacionado con el tema. Cuento esto porque estoy quemado, sea paranoia o no, la mitad de aplicaciones ( sobretodo de “ocio” ) ralentizan nuestros equipos y los fastidian.

¿ El informe de TZWorks o de regedit puede servir para saber el origen ? Espero a lo que me digáis como si queréis acceso remoto …………. Gracias de Antemano.

#2

Realiza los siguientes pasos, , sin cambiar el orden

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware,

Manual Malwarebytes, para que sepas usarlo y configurarlo.

  • Realiza un Análisis Personalizado,marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
  • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
  • Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward:Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.

  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • Si no encuentra nada, pulsamos “Omitir Reparación

  • El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Descarga Ccleaner

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, AdwCleaner y comentas como va el problema.


#3

Antes de nada gracias Miguel. No pude hacerlo por temas de trabajo. Hoy al volver lo haré y te pego todos los reportes. Muchas Gracias!

PD : Cuando intento bajar el TZWorks se cierra el navegador.

#4

Ok, espero los logs que te pedí y por favor no descargues ningún programa que no se haya solicitado.

#5

El de Malwarebytes :

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 24/4/19
Hora del análisis: 8:21
Archivo de registro: 404ddfd8-6659-11e9-b6a5-3497f68ecaac.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10304
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17763.437)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-0EUJ944\Min

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 379641
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 1 hr, 12 min, 57 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

El del AdwCleaner :slight_smile:

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-03.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-24-2019
# Duration: 00:00:00
# OS:       Windows 10 Pro
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Media Get LLC

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1272 octets] - [24/04/2019 14:54:52]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

PD : No he instalado nada. No los he pegado antes por tiempo. No ha hecho nada este equipo salvo entrar en dos periódicos.

#6
  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

#8

Por favor, leer bien las indicaciones, pues estaba remarcadisimo:.Ejecutar DESDE EL ESCRITORIO

Y tu:

Running from C:\Users\Min\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads Windows 10 Pro Version 1809 17763.437 (X64)

Corta y pega el Frst.exe directamente en tu Escritorio, y ejecutas de nuevo y me pegas los logs, y emplea las respuestas necesarias, como se indicaba claramente en mis indicaciones,si no cogen en una

#9

Me dice que excedo los caracteres. He puesto los archivo en una nube ambos

Disculpa las molestias, pero si quieres te pego el mensaje de error, hasta voy a leerlo por curiosidad.

Muchísimas Gracias por las Molestias. ( No me permitió hacerlo sería fallo mío. Te pego en varias respuestas si me lo permite.).

#10

Por favor ,lee mi anterior respuesta que te he dejado

#12

Addition.Txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.04.2019 Ran by Min (24-04-2019 22:06:50) Running from C:\Users\Min\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads Windows 10 Pro Version 1809 17763.437 (X64) (2019-02-27 19:43:21) Boot Mode: Normal

PD : De verdad disculpa, no lo digo por la ayuda, soy hiperactivo y no lo he hecho a conciencia. Si me salte la ruta fue un error.

Gracias por la paciencia

#13

A ver…a ver…:confused:

Ha vuelto a hacer lo mismo…

Running from C:\Users\Min\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads Windows 10 Pro Version 1809 17763.437 (X64)

Sabemos lo que es el escritorio=???

Vete a donde esta el Frst.exe, boton derecho- cortar.

Cierras tooooodo…sales al escritorio…boton derecho -pegar

Y ahora lo ejecutas de nuevo…y por cierto, menuda ubicación tienes para descargar algo…

Normalmente se elige la carpeta “descargas” o si se indica, el escritorio o una ubicación mas asequible, porque la que usaste esta bien escondida, amen de que esta en una ubicacion, que normalmente esta en una carpeta que deberias tener oculta y no visible en condiciones normales

#14

No es la ruta por defecto, creo que te dije disculpa. A lo importante, ahora cuando te escribía iba con el lag :slight_smile:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.04.2019
Ran by Min (administrator) on DESKTOP-0EUJ944 (24-04-2019 23:15:23)
Running from C:\Users\Min\Desktop
Loaded Profiles: Min (Available Profiles: Min)
Platform: Windows 10 Pro Version 1809 17763.437 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\nsWscSvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
(ASUSTeK Computer Inc. -> TODO: <Company name>) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
(ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19032.731.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
() [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\GPU TweakII\ASUSGPUFanServiceEx.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\AsPowerBar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1902.633.0_x64__8wekyb3d8bbwe\Time.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\NortonSecurity.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\NortonSecurity.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8521968 2015-08-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4809048 2015-07-08] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3146016 2019-03-06] (Valve -> Valve Corporation)
HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9001904 2019-02-11] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\Run: [GoogleChromeAutoLaunch_FD8384B27669615FB24191E7ECAEDFF9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1716720 2019-04-04] (Google LLC -> Google Inc.)
HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\MountPoints2: {673acbbf-3c21-11e9-8e21-3497f68ecaac} - "H:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-4211271423-19267843-2739290311-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [151552 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-11] (Google LLC -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FD64C4B-BF39-450F-A99A-114B85BE8E3B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {139FED8B-8207-4C04-801F-FC61AF56AE27} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {151E4474-6CCE-4011-B7E3-3C93D3209025} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1551520 2015-05-14] (ASUSTeK Computer Inc. -> ) [File not signed]
Task: {1A9E1D9C-DA87-47FC-8DD8-97E9ECA38855} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16494464 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1CF37918-ABEC-4C65-B3BA-4EDEA1295671} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2E26C775-4AB5-4512-B7F8-D52F4943BCA5} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4A40AA82-BD18-415A-A540-AFF6A37253CD} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [3646264 2014-05-28] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {5547CCB0-BF51-4DD4-8099-D644EB796FA7} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\SymErr.exe [101392 2019-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {55BD3383-75E9-4C00-9D7A-4F30FAE16962} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\SymErr.exe [101392 2019-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {574A2955-2F26-4A41-96C3-8ECC3EFC7CEB} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [12945512 2018-11-23] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
Task: {58FF5EE6-230A-420D-94D1-5D6972690407} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5E82853D-DF05-4D3C-BDDF-020667EC596D} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\SymErr.exe [101392 2019-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {794CECC1-BB2C-49EC-B926-BDFC5E8A20A7} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {80465F9D-11A4-41B8-8A18-739ACE63436F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2226848 2019-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {83B1C624-3BB5-4355-BE52-17FEB9939363} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {841B64DD-EA42-46B5-AAC8-22087D266087} - System32\Tasks\Opera scheduled Autoupdate 1551714857 => C:\Users\Min\AppData\Local\Programs\Opera\launcher.exe [1465432 2019-04-21] (Opera Software AS -> Opera Software)
Task: {8AB8EDFA-9F1A-473A-8123-33F620019E4C} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [238392 2013-07-24] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {91034B0C-C752-494F-B23E-05FBA65043AF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9702ABFD-5EB1-4256-9173-EECFA7288820} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [4417496 2017-11-24] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {B36C557E-B837-4923-B9C5-38E8234BBBD0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\WSCStub.exe [2226848 2019-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {B4CDC60C-1D39-4D2A-87F6-044DE08C64EF} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BD980CD7-A64B-496D-8D45-89EB24B6D28A} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C8D00876-0EBB-4D2B-ACB2-AC56C883DDAE} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1328392 2015-11-20] (Intel(R) Software -> Intel Corporation)
Task: {C9AE9488-55AB-480D-969E-87F3774908CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-04] (Google Inc -> Google Inc.)
Task: {CD8D66AE-70AB-47BB-9E1F-D2C5537622F5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D87B6CD0-6E3C-473D-B301-BB37DB08D6CC} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1448408 2018-01-12] (ASUSTeK Computer Inc. -> )
Task: {D8EF69FD-C7CB-4512-BDA6-F0BC5540C847} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [1459152 2015-09-10] (ASUSTeK Computer Inc. -> )
Task: {DF036B4C-B90E-469C-8C6D-64F2949BF4C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-04] (Google Inc -> Google Inc.)
Task: {EA1D3671-C7DE-470C-AF3A-033793F845E5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FCF47835-5356-4067-8A30-84E3A1C70FB4} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2096088 2018-01-04] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{29c15d9e-2d28-4709-8a9f-96e66accc2ee}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{29c15d9e-2d28-4709-8a9f-96e66accc2ee}: [DhcpNameServer] 80.58.61.254 80.58.61.250

Internet Explorer:
==================
HKU\S-1-5-21-4211271423-19267843-2739290311-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP

Edge: 
======
Edge Session Restore: HKU\S-1-5-21-4211271423-19267843-2739290311-1001 -> is enabled.
Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.7.0.0_neutral__v68kp9n051hdp [2019-04-21]

FireFox:
========
FF DefaultProfile: ijwx5ldb.default
FF ProfilePath: C:\Users\Min\AppData\Roaming\Mozilla\Firefox\Profiles\ijwx5ldb.default [2019-04-24]
FF HomepageOverride: Mozilla\Firefox\Profiles\ijwx5ldb.default -> Disabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\ijwx5ldb.default -> Disabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\ijwx5ldb.default -> Enabled: [email protected]
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\Min\AppData\Roaming\Mozilla\Firefox\Profiles\ijwx5ldb.default\Extensions\[email protected] [2019-03-10]
FF Extension: (Norton Password Manager) - C:\Users\Min\AppData\Roaming\Mozilla\Firefox\Profiles\ijwx5ldb.default\Extensions\[email protected] [2019-04-12]
FF Extension: (Español (España) Language Pack) - C:\Users\Min\AppData\Roaming\Mozilla\Firefox\Profiles\ijwx5ldb.default\Extensions\[email protected] [2019-03-30]
FF Extension: (Norton Home Page) - C:\Users\Min\AppData\Roaming\Mozilla\Firefox\Profiles\ijwx5ldb.default\Extensions\[email protected] [2019-04-12] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/hp/updates.json]
FF Extension: (Norton Safe Web) - C:\Users\Min\AppData\Roaming\Mozilla\Firefox\Profiles\ijwx5ldb.default\Extensions\[email protected] [2019-03-27]
FF Extension: (Tab Session Manager) - C:\Users\Min\AppData\Roaming\Mozilla\Firefox\Profiles\ijwx5ldb.default\Extensions\[email protected] [2019-03-04]
FF Extension: (Google Translator for Firefox) - C:\Users\Min\AppData\Roaming\Mozilla\Firefox\Profiles\ijwx5ldb.default\Extensions\[email protected] [2019-03-16]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.1.7\coFFPlgn => not found
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)

Chrome: 
=======
CHR NewTab: Default ->  Active:"chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?omnisearch=yes&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nortonsafe
CHR Profile: C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default [2019-04-24]
CHR Extension: (Traductor de Google) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2019-04-06]
CHR Extension: (Presentaciones) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-04]
CHR Extension: (Norton Password Manager) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2019-04-21]
CHR Extension: (Documentos) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-04]
CHR Extension: (Google Drive) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-04]
CHR Extension: (YouTube) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-04]
CHR Extension: (Norton Security Toolbar) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2019-04-17]
CHR Extension: (Session Buddy) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2019-04-06]
CHR Extension: (Norton Safe Search) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogpedgkejfmehnklhahflpmplhiceal [2019-04-21]
CHR Extension: (Hojas de cálculo) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-04]
CHR Extension: (Norton Safe Web) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2019-04-21]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-03-05]
CHR Extension: (Norton Home Page) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhffmephdchhhbfjmdpoaldedhhdanbn [2019-04-21]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-03-04]
CHR Extension: (Gmail) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-23]
CHR Profile: C:\Users\Min\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe [382424 2018-01-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2015-05-08] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe [1340376 2017-12-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe [1281368 2015-07-08] (Disc Soft Ltd -> Disc Soft Ltd)
R3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [207360 2015-02-13] (Intel Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NortonSecurity; C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\NortonSecurity.exe [225600 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\nsWscSvc.exe [934216 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3830128 2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-08-02] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AndroidAFD; C:\Windows\SysWow64\drivers\AndroidAFDx64.sys [28600 2015-08-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] (ASUSTeK Computer Inc. -> )
R3 ASUSfilter; C:\WINDOWS\System32\drivers\ASUSfilter.sys [48384 2013-03-28] (MCCI Corporation -> MCCI Corporation)
R3 ASUSfilter; C:\Windows\SysWOW64\drivers\ASUSfilter.sys [46152 2011-09-20] (MCCI Corporation -> MCCI Corporation)
S3 ASUSstpt; C:\WINDOWS\System32\drivers\ASUSstpt.sys [27392 2013-03-28] (MCCI Corporation -> MCCI Corporation)
S3 ASUSumsc; C:\WINDOWS\System32\drivers\ASUSumsc.sys [151808 2013-03-28] (MCCI Corporation -> MCCI Corporation)
S3 ASUSxpsp; C:\WINDOWS\System32\drivers\ASUSxpsp.sys [28416 2013-03-28] (MCCI Corporation -> MCCI Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.16.4.15\Definitions\BASHDefs\20190422.001\BHDrvx64.sys [1934048 2019-03-12] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\ccSetx64.sys [192712 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30352 2018-11-06] (Disc Soft Ltd -> Disc Soft Ltd)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2019-03-15] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilDrv11821; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11821.sys [153296 2019-04-24] (Symantec Corporation -> Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2019-02-28] (Symantec Corporation -> Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.16.4.15\Definitions\IPSDefs\20190423.061\IDSvia64.sys [1441800 2019-04-18] (Symantec Corporation -> Symantec Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [29264 2016-06-09] (Intel(R) Extreme Tuning Utility -> Intel Corporation)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [34064 2017-05-08] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-24] (Malwarebytes Corporation -> Malwarebytes)
S3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2018-09-15] (Microsoft Windows -> MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edcffbdd101bbe5b\nvlddmkm.sys [20726016 2019-02-21] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [45152 2018-10-04] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek Semiconductor Corp -> Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [162960 2019-03-04] (Disc Soft Ltd -> Duplex Secure Ltd)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SRTSP64.SYS [859864 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SRTSPX64.SYS [49888 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SYMEFASI64.SYS [1998344 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SymELAM.sys [25744 2019-03-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-16] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files (x86)\Norton Security\NortonData\22.16.4.15\SymPlatform\SymEvnt.sys [709128 2019-04-24] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\Ironx64.SYS [315912 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\symnets.sys [573448 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R3 t_mouse.sys; C:\WINDOWS\System32\drivers\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 UcmCxUcsiNvppc; C:\WINDOWS\System32\drivers\UcmCxUcsiNvppc.sys [469128 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\wpCtrlDrv.sys [1012120 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel(R) Software -> Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-24 23:15 - 2019-04-24 23:15 - 000035281 _____ C:\Users\Min\Desktop\FRST.txt
2019-04-24 23:14 - 2019-04-24 23:14 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-04-24 21:08 - 2019-04-24 23:15 - 000000000 ____D C:\FRST
2019-04-24 21:08 - 2019-04-24 21:08 - 002429952 _____ (Farbar) C:\Users\Min\Desktop\FRST64.exe
2019-04-24 19:40 - 2019-04-24 19:56 - 000000000 ____D C:\Users\Min\AppData\Local\Ubisoft Game Launcher
2019-04-24 19:40 - 2019-04-24 19:40 - 000001274 _____ C:\Users\Min\Desktop\Uplay.lnk
2019-04-24 19:40 - 2019-04-24 19:40 - 000000000 ____D C:\Users\Min\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2019-04-24 19:40 - 2019-04-24 19:40 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2019-04-24 19:22 - 2019-04-24 19:22 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-24 14:53 - 2019-04-24 19:21 - 000000000 ____D C:\AdwCleaner
2019-04-24 08:19 - 2019-04-24 08:19 - 007025360 _____ (Malwarebytes) C:\Users\Min\Downloads\AdwCleaner.exe
2019-04-22 07:52 - 2019-04-22 07:53 - 111626550 _____ C:\Users\Min\Desktop\HearthStone  Heroes of Warcraft C´Thun Salvaje y Espantagón.mp4
2019-04-21 14:15 - 2019-04-21 14:15 - 000000000 ____D C:\Users\Min\Downloads\Aasis
2019-04-21 13:32 - 2019-04-21 13:50 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-04-21 13:31 - 2019-04-21 13:52 - 000000000 ____D C:\WINDOWS\pss
2019-04-21 13:29 - 2019-04-21 13:29 - 000000000 ____D C:\ProgramData\LHService
2019-04-21 13:26 - 2019-04-21 13:27 - 000000000 ____D C:\ProgramData\LockHunter
2019-04-21 13:26 - 2019-04-21 13:26 - 000000000 ____D C:\Users\Min\AppData\Roaming\LockHunter
2019-04-21 13:25 - 2019-04-21 13:25 - 003133480 _____ (Crystal Rich Ltd ) C:\Users\Min\Downloads\lockhuntersetup_3-2-3.exe
2019-04-21 13:25 - 2019-04-21 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2019-04-21 13:25 - 2019-04-21 13:25 - 000000000 ____D C:\Program Files\LockHunter
2019-04-21 13:22 - 2019-04-21 13:22 - 000167034 _____ C:\Users\Min\Downloads\fileassassin-setup-1.06.exe
2019-04-21 13:22 - 2019-04-21 13:22 - 000001124 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2019-04-21 13:22 - 2019-04-21 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2019-04-21 13:22 - 2019-04-21 13:22 - 000000000 ____D C:\Program Files (x86)\FileASSASSIN
2019-04-21 13:04 - 2019-04-21 13:06 - 502243854 _____ C:\Users\Min\Downloads\Plague.Inc.Evolved.v1.16.6.rar
2019-04-20 12:04 - 2019-04-24 19:25 - 000002488 _____ C:\Users\Min\Desktop\reg.reg
2019-04-20 12:04 - 2019-04-20 12:05 - 000000000 ____D C:\Users\Min\Downloads\limpieza
2019-04-19 11:12 - 2019-04-19 11:12 - 000000000 ____D C:\Users\Min\AppData\Local\ElevatedDiagnostics
2019-04-19 10:51 - 2019-04-19 10:51 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-19 10:51 - 2019-04-19 10:51 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-04-19 10:49 - 2019-04-19 10:49 - 000895721 _____ C:\Users\Min\Downloads\DroidCam.Client.6.0.FullOffline.zip
2019-04-19 10:41 - 2019-04-19 10:41 - 000000069 _____ C:\Users\Min\Desktop\(11) Guía Como Jugar Arena Hearthstone (3-3) Jugar las partidas - YouTube.url
2019-04-19 08:25 - 2019-04-19 08:25 - 048467395 _____ C:\Users\Min\Downloads\para tablet.pdf
2019-04-18 17:20 - 2019-04-18 17:20 - 000116890 _____ C:\Users\Min\Documents\Sino hay justicia plan B a medio plazo.pdf
2019-04-18 13:31 - 2019-04-20 12:00 - 000000000 ____D C:\Program Files (x86)\Overwolf
2019-04-18 13:30 - 2019-04-20 12:08 - 000000000 ____D C:\Users\Min\AppData\Local\Overwolf
2019-04-18 11:42 - 2019-04-18 11:42 - 000000000 ____D C:\Users\Min\Downloads\eMule
2019-04-18 11:42 - 2019-04-18 11:42 - 000000000 ____D C:\Users\Min\AppData\Local\eMule
2019-04-18 11:42 - 2019-04-18 11:42 - 000000000 ____D C:\ProgramData\eMule
2019-04-13 22:19 - 2019-04-13 22:19 - 000038057 _____ C:\Users\Min\Downloads\Dialnet-LaTelevision-635678.pdf
2019-04-13 06:57 - 2019-04-13 06:57 - 000000000 ____D C:\Users\Min\Downloads\Fotos de Hearthstone
2019-04-13 01:09 - 2019-04-13 01:09 - 000001323 _____ C:\Users\Min\Desktop\Toc Toc 2017 HDRip.avi - Acceso directo.lnk
2019-04-13 01:04 - 2019-04-13 01:04 - 000001559 _____ C:\Users\Min\Desktop\El heroe de Berlin (HDRip) (EliteTorrent.net).avi - Acceso directo.lnk
2019-04-12 06:53 - 2019-04-14 12:42 - 000000058 _____ C:\Users\Min\Desktop\hs jugar en arenas x tardes.txt
2019-04-11 08:20 - 2019-04-11 08:20 - 000000090 _____ C:\Users\Min\Desktop\Craftear.txt
2019-04-11 05:33 - 2019-04-14 01:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-04-09 19:40 - 2019-04-09 19:40 - 026810368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 023440896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 020815360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 019025408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 017513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 015223296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 012843520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 012139008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 008898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 007919104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 007877120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 007645608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 006925824 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 006544824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 006440960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 006071296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 005765120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 005205448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 004991112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AI.MachineLearning.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 004704272 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 004660224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 004588536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 004527624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 004304896 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 003904512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 003690496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 003657728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 003602944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 003557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 003496448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AI.MachineLearning.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 003421696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 003377976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 003334496 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002925880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 002842624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002777224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002720256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 002701304 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002689024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002627384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 002592816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002469376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 002438368 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002346496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002275896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002042368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002022304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 002017792 _____ C:\WINDOWS\system32\rdpnano.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001994768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001969464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 001918464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001856000 ____R (The ICU Project) C:\WINDOWS\system32\icuin.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001844448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001830200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001711104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001697752 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-09 19:40 - 2019-04-09 19:40 - 001687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001672704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001671680 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001647632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001641400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001616384 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001615872 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuin.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001590064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001567232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001506304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001496576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001478968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001468952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 001467344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001459080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001458056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001370624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001360184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 001342400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-09 19:40 - 2019-04-09 19:40 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001311232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001297120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001294520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001259320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-04-09 19:40 - 2019-04-09 19:40 - 001259320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 001256448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 001249280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001221944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001213752 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001191728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001179680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 001155072 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001133568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001072640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001072424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2019-04-09 19:40 - 2019-04-09 19:40 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 001054200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 001053192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001044280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 001035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001022616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001019392 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000998712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000984888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000982880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000981816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000974352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000964096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000909840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000882176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-04-09 19:40 - 2019-04-09 19:40 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000871792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000865784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000828728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000821048 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000809784 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000807424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000799568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000793832 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000772608 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000762880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000761280 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000757664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000731648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000730936 _____ (Microsoft Corporation)
#15
C:\WINDOWS\system32\LicensingWinRT.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000730112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000725928 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000675096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000672256 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000653040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000651792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000651064 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000620560 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessManager.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000617784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000598544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000568632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000553784 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000552448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-04-09 19:40 - 2019-04-09 19:40 - 000540448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000513040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000508208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000506168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_PCDisplay.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000485192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000474928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-04-09 19:40 - 2019-04-09 19:40 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000461112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000460800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000454144 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-04-09 19:40 - 2019-04-09 19:40 - 000408528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000407504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000404792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000386872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000386360 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000384312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000343984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000317240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000312632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000306488 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000283032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiCloudStore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000263600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000257696 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000255128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmBroker.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000234808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000195896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.CredentialProvider.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000169784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000159272 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000159112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winquic.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000157496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winquic.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000147496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000143880 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000134456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000131384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000115360 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000107832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000098664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000097808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000090424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvsetup.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssecuser.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000071208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscapi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscapi.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfts.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000039736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WppRecorder.sys
2019-04-09 19:40 - 2019-04-09 19:40 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfts.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscdll.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-09 19:40 - 2019-04-09 19:40 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscdll.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-09 19:40 - 2019-04-09 19:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-04-09 19:40 - 2019-04-09 19:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-04-09 19:40 - 2019-04-09 19:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-04-09 19:40 - 2019-04-09 19:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-04-09 19:40 - 2019-04-09 19:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-04-09 19:40 - 2019-04-09 19:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-04-09 19:40 - 2019-04-09 19:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-04-09 19:40 - 2019-04-09 19:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-04-07 21:09 - 2019-04-07 21:09 - 000123677 _____ C:\Users\Min\Desktop\pc_info.zip
2019-04-07 20:57 - 2019-04-07 20:57 - 062008080 _____ (Microsoft Corporation) C:\Users\Min\Downloads\NDP462-KB3151800-x86-x64-AllOS-ENU.exe
2019-04-07 20:53 - 2019-04-07 20:53 - 000000018 _____ C:\Users\Min\Desktop\Jugar a Juegos Normales escribir y si eso la web y lo del abogado.txt
2019-04-07 20:51 - 2019-04-07 20:52 - 009343601 _____ C:\Users\Min\Downloads\RevoUninstaller_Portable.zip
2019-04-07 09:24 - 2019-04-14 07:35 - 000000000 ____D C:\Users\Min\AppData\Local\HearthstoneDeckTracker
2019-04-05 16:57 - 2019-04-05 17:08 - 000000000 ____D C:\Users\Min\Downloads\En un lugar donde esconderse
2019-03-31 17:06 - 2019-03-31 17:06 - 000000000 ____D C:\Users\Provi\AppData\Local\D3DSCache
2019-03-31 17:02 - 2019-03-31 17:02 - 000000000 ____D C:\Users\Provi\AppData\Local\Comms
2019-03-31 17:01 - 2019-03-31 17:01 - 000000000 ____D C:\Users\Provi\AppData\Roaming\DAEMON Tools Pro
2019-03-31 16:57 - 2019-03-31 17:12 - 000000000 ____D C:\Users\Provi\AppData\Local\PlaceholderTileLogoFolder
2019-03-31 16:56 - 2019-03-31 16:59 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4211271423-19267843-2739290311-1002
2019-03-31 16:56 - 2019-03-31 16:59 - 000000000 ___RD C:\Users\Provi\OneDrive
2019-03-31 16:56 - 2019-03-31 16:56 - 000001446 _____ C:\Users\Provi\Desktop\Microsoft Edge.lnk
2019-03-31 16:56 - 2019-03-31 16:56 - 000000000 ____D C:\Users\Provi\AppData\Local\CEF
2019-03-31 16:55 - 2019-03-31 17:13 - 000000000 ____D C:\Users\Provi\AppData\Local\Packages
2019-03-31 16:55 - 2019-03-31 16:59 - 000002397 _____ C:\Users\Provi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-31 16:55 - 2019-03-31 16:57 - 000000000 ____D C:\Users\Provi\AppData\Local\NVIDIA Corporation
2019-03-31 16:55 - 2019-03-31 16:56 - 000000000 ____D C:\Users\Provi
2019-03-31 16:55 - 2019-03-31 16:55 - 000000020 ___SH C:\Users\Provi\ntuser.ini
2019-03-31 16:55 - 2019-03-31 16:55 - 000000000 ___RD C:\Users\Provi\3D Objects
2019-03-31 16:55 - 2019-03-31 16:55 - 000000000 ___HD C:\Users\Provi\MicrosoftEdgeBackups
2019-03-31 16:55 - 2019-03-31 16:55 - 000000000 ____D C:\Users\Provi\AppData\Roaming\Adobe
2019-03-31 16:55 - 2019-03-31 16:55 - 000000000 ____D C:\Users\Provi\AppData\Local\VirtualStore
2019-03-31 16:55 - 2019-03-31 16:55 - 000000000 ____D C:\Users\Provi\AppData\Local\Publishers
2019-03-31 16:55 - 2019-03-31 16:55 - 000000000 ____D C:\Users\Provi\AppData\Local\NVIDIA
2019-03-31 16:55 - 2019-03-31 16:55 - 000000000 ____D C:\Users\Provi\AppData\Local\MicrosoftEdge
2019-03-31 16:55 - 2019-03-31 16:55 - 000000000 ____D C:\Users\Provi\AppData\Local\mbamtray
2019-03-31 16:55 - 2019-03-31 16:55 - 000000000 ____D C:\Users\Provi\AppData\Local\Google
2019-03-31 16:55 - 2019-03-31 16:55 - 000000000 ____D C:\Users\Provi\AppData\Local\ConnectedDevicesPlatform
2019-03-31 15:50 - 2019-03-31 15:56 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-03-31 15:50 - 2019-03-31 15:50 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1117E681.sys
2019-03-31 15:50 - 2019-03-31 15:50 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2019-03-31 09:50 - 2019-03-31 09:50 - 000000000 _____ C:\Users\Min\Desktop\android phone o programa para hablar videos de una vez al salir de currar momentos ocio.txt
2019-03-25 21:48 - 2019-04-06 10:09 - 000000000 ____D C:\Users\Min\Desktop\Enviar y resto
2019-03-25 14:45 - 2019-03-25 14:45 - 000000000 ____D C:\Users\Min\AppData\Local\ESET

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-24 23:12 - 2019-02-27 16:07 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-24 20:58 - 2019-03-02 10:18 - 000000000 ____D C:\Program Files (x86)\Steam
2019-04-24 20:55 - 2019-02-28 07:18 - 000000000 ____D C:\Users\Min\AppData\Local\CrashDumps
2019-04-24 20:13 - 2019-02-27 17:10 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-24 19:29 - 2019-03-17 06:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2019-04-24 19:28 - 2019-02-27 21:50 - 001773362 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-24 19:28 - 2019-02-27 16:10 - 000788392 _____ C:\WINDOWS\system32\perfh00A.dat
2019-04-24 19:28 - 2019-02-27 16:10 - 000155682 _____ C:\WINDOWS\system32\perfc00A.dat
2019-04-24 19:28 - 2019-02-27 16:07 - 000000000 ____D C:\WINDOWS\INF
2019-04-24 19:22 - 2019-03-05 07:17 - 000003090 _____ C:\WINDOWS\System32\Tasks\GPU Tweak II
2019-04-24 19:22 - 2019-02-27 17:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-24 19:21 - 2019-02-28 00:16 - 000000000 ____D C:\Users\Min
2019-04-24 19:21 - 2019-02-27 16:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-24 14:49 - 2019-02-28 07:06 - 000000000 ____D C:\Users\Min\AppData\Local\Battle.net
2019-04-24 13:52 - 2019-03-04 17:52 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-04-24 08:16 - 2019-02-28 07:15 - 000000000 ____D C:\Users\Min\AppData\Roaming\HearthstoneDeckTracker
2019-04-24 06:07 - 2019-02-27 16:07 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-24 06:07 - 2019-02-27 16:07 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-24 06:06 - 2019-03-01 16:34 - 000000000 ____D C:\Users\Min\AppData\Roaming\vlc
2019-04-23 20:47 - 2019-03-04 22:47 - 000000000 ____D C:\WINDOWS\Minidump
2019-04-23 20:17 - 2019-02-27 16:03 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2019-04-23 20:15 - 2019-02-27 17:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-22 06:20 - 2019-03-04 17:54 - 000004198 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1551714857
2019-04-22 06:20 - 2019-03-04 17:54 - 000001393 _____ C:\Users\Min\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-04-21 13:06 - 2019-02-28 07:01 - 000000000 ____D C:\Users\Min\AppData\Local\PlaceholderTileLogoFolder
2019-04-21 13:06 - 2019-02-28 00:17 - 000000000 ____D C:\Users\Min\AppData\Local\Packages
2019-04-21 13:04 - 2019-03-04 17:48 - 000000000 ____D C:\Users\Min\AppData\Roaming\qBittorrent
2019-04-20 12:08 - 2019-02-27 17:10 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-04-20 09:15 - 2019-03-16 17:15 - 000000000 ____D C:\Users\Min\AppData\Roaming\Discord
2019-04-19 12:52 - 2019-02-28 07:06 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2019-04-19 11:12 - 2019-02-27 16:07 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-04-19 10:51 - 2019-03-05 07:23 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2019-04-19 10:51 - 2019-03-05 07:22 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-19 10:51 - 2019-03-05 07:22 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-19 10:51 - 2019-03-05 07:22 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-19 10:51 - 2019-03-05 07:22 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-19 10:51 - 2019-03-05 07:22 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-19 10:51 - 2019-03-05 07:22 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-19 10:51 - 2019-03-05 07:22 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-19 10:51 - 2019-03-05 07:22 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-19 10:51 - 2019-03-05 07:22 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-19 10:51 - 2019-03-05 07:22 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-19 10:51 - 2019-02-27 17:10 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-04-19 10:51 - 2019-02-27 17:10 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-04-19 09:45 - 2019-02-28 00:19 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4211271423-19267843-2739290311-1001
2019-04-19 09:45 - 2019-02-28 00:19 - 000000000 ___RD C:\Users\Min\OneDrive
2019-04-19 09:45 - 2019-02-28 00:16 - 000002391 _____ C:\Users\Min\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-18 12:27 - 2019-03-02 10:43 - 000000000 ____D C:\Users\Min\AppData\LocalLow\Mozilla
2019-04-18 11:30 - 2019-03-17 13:31 - 000000143 _____ C:\Users\Min\Desktop\Cookies.txt
2019-04-17 06:14 - 2019-02-28 07:05 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-04-14 12:10 - 2019-03-05 10:04 - 000000000 ____D C:\Users\Min\AppData\Local\HearthSim
2019-04-14 07:35 - 2019-02-28 07:15 - 000002557 _____ C:\Users\Min\Desktop\Hearthstone Deck Tracker.lnk
2019-04-14 07:35 - 2019-02-28 07:15 - 000000000 ____D C:\Users\Min\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2019-04-14 07:35 - 2019-02-28 07:15 - 000000000 ____D C:\Users\Min\AppData\Local\SquirrelTemp
2019-04-14 01:30 - 2019-03-02 10:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-13 11:03 - 2019-03-02 10:18 - 000000000 ____D C:\Users\Min\AppData\Local\D3DSCache
2019-04-12 06:22 - 2019-03-02 10:43 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-04-11 20:01 - 2019-02-27 17:09 - 000290568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-11 20:00 - 2019-02-27 16:07 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-04-11 20:00 - 2019-02-27 16:07 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-04-11 20:00 - 2019-02-27 16:07 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-04-11 20:00 - 2019-02-27 16:07 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-04-11 20:00 - 2019-02-27 16:07 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-04-11 20:00 - 2019-02-27 16:07 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-11 20:00 - 2019-02-27 16:07 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-04-11 05:47 - 2019-03-04 17:31 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-11 05:47 - 2019-03-04 17:31 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-09 19:41 - 2019-02-27 16:04 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-09 19:38 - 2019-02-28 09:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-09 19:37 - 2019-02-28 09:25 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-07 21:10 - 2019-03-02 13:46 - 000000000 ____D C:\Users\Min\Documents\KONAMI
2019-04-07 20:57 - 2019-03-05 13:31 - 000000000 ____D C:\Users\Min\Desktop\Blog
2019-04-07 12:21 - 2019-03-05 10:16 - 000000019 _____ C:\Users\Min\Desktop\Dia 12 cita abogado.txt
2019-04-05 17:11 - 2018-02-19 09:41 - 000000000 ___RD C:\Users\Min\Desktop\Lectura General
2019-04-02 19:00 - 2019-03-05 07:22 - 002769264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2019-04-02 19:00 - 2019-03-05 07:22 - 002149232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2019-04-02 19:00 - 2019-03-05 07:22 - 001322864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2019-04-02 17:25 - 2019-03-05 07:21 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2019-04-01 20:02 - 2019-02-27 16:09 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-01 20:02 - 2019-02-27 16:09 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-31 16:55 - 2019-02-28 00:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-03-31 16:53 - 2019-03-17 06:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-03-31 15:50 - 2019-03-04 17:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-30 19:47 - 2019-03-09 09:26 - 000000000 ____D C:\Users\Min\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2019-03-28 07:41 - 2019-03-04 17:30 - 000003618 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 07:41 - 2019-03-04 17:30 - 000003494 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-27 19:51 - 2019-02-28 00:33 - 000000000 ____D C:\Users\Min\AppData\Local\Comms

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
#16
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.04.2019
Ran by Min (24-04-2019 23:15:59)
Running from C:\Users\Min\Desktop
Windows 10 Pro Version 1809 17763.437 (X64) (2019-02-27 19:43:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4211271423-19267843-2739290311-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4211271423-19267843-2739290311-503 - Limited - Disabled)
Invitado (S-1-5-21-4211271423-19267843-2739290311-501 - Limited - Disabled)
Min (S-1-5-21-4211271423-19267843-2739290311-1001 - Administrator - Enabled) => C:\Users\Min
tonin (S-1-5-21-4211271423-19267843-2739290311-1003 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4211271423-19267843-2739290311-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Disabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Disabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actualización de NVIDIA 36.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 36.0.0.0 - NVIDIA Corporation) Hidden
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 3.00.13 - ASUSTeK Computer Inc.)
ASUS GPU TweakII (HKLM-x32\...\{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 1.9.1.1 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 1.9.1.1 - ASUSTek COMPUTER INC.)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.4.3 - ASUSTeK Computer Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
ASUS(R) Intel(R) Extreme Tuning Utility (HKLM-x32\...\{4BDE66EA-B9C7-43EB-A796-E21C3E3EF2CF}) (Version: 6.1.2.208 - Intel Corporation) Hidden
ASUS(R) Intel(R) Extreme Tuning Utility (HKLM-x32\...\{969659ef-5e6c-4c40-8aec-6b1bd3819fab}) (Version: 6.1.2.208 - Intel Corporation)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Call of Duty(R) - World at War(TM) (HKLM-x32\...\{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision) Hidden
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Activision)
Call of Duty(R) - World at War(TM) 1.1 Patch (HKLM-x32\...\{AFAE2B15-89A0-4215-A030-F7B5B478886B}) (Version: 1.1 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (HKLM-x32\...\InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}) (Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (HKLM-x32\...\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}) (Version: 1.2 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (HKLM-x32\...\InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}) (Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (HKLM-x32\...\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}) (Version: 1.4 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (HKLM-x32\...\InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}) (Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (HKLM-x32\...\{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}) (Version: 1.5 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (HKLM-x32\...\InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}) (Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (HKLM-x32\...\{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}) (Version: 1.6 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (HKLM-x32\...\InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}) (Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (HKLM-x32\...\{750C87B8-AF19-4C3C-B791-50D9C83AE572}) (Version: 1.7 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (HKLM-x32\...\InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}) (Version:  - ) Hidden
Call of Duty(R) 2 (HKLM-x32\...\{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 6.1.0.0486 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.17 - NVIDIA Corporation) Hidden
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FurMark ROG Edition 0.6.2.0 (64-bit) (HKLM-x32\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version:  - ASUS / Geeks3D)
Game Summary (HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\Overwolf_nafihghfcpikebhfhdhljejkcifgbdahdhngepfb) (Version: 126.0.20 - Overwolf app)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\HearthstoneDeckTracker) (Version: 1.8.7 - HearthSim)
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 66.0.3 (x64 es-ES) (HKLM\...\Mozilla Firefox 66.0.3 (x64 es-ES)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.2 - Mozilla)
Norton Security (HKLM-x32\...\NGC) (Version: 22.17.0.183 - Symantec Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA Controlador de 3D Vision 419.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 419.17 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 419.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 419.17 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.18.0.102 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.102 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
OpenOffice 4.1.6 (HKLM-x32\...\{ABA77258-70D6-4A14-9AB7-3FA087C470DB}) (Version: 4.16.9790 - Apache Software Foundation)
Opera Stable 58.0.3135.132 (HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\Opera 58.0.3135.132) (Version: 58.0.3135.132 - Opera Software)
Panel de control de NVIDIA 419.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 419.17 - NVIDIA Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7576 - Realtek Semiconductor Corp.)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
SPORE™ Collection (HKLM-x32\...\1948823323_is1) (Version: 2.0.0.5 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1030 - SUPERAntiSpyware.com)
The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Lord of the Rings The Battle for Middle-Earth Collection MULTi9 - ElAmigos versión 2.01 (HKLM-x32\...\{5EE9E528-FC92-4C4F-AEE4-BCAFA7A2F6CF}_is1) (Version: 2.01 - Electronic Arts)
The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4211271423-19267843-2739290311-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-4211271423-19267843-2739290311-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-4211271423-19267843-2739290311-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-4211271423-19267843-2739290311-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-4211271423-19267843-2739290311-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-4211271423-19267843-2739290311-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [DaemonShellExtImage] -> {40966797-8FFE-46C8-9EF8-7003F33CCF0F} => C:\Program Files\DAEMON Tools Pro\DTShl64.dll [2015-07-08] (Disc Soft Ltd -> Disc Soft Ltd)
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDrive] -> {A5415364-784A-41A5-B47A-D452909CA8FF} => C:\Program Files\DAEMON Tools Pro\DTShl64.dll [2015-07-08] (Disc Soft Ltd -> Disc Soft Ltd)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-31] (Malwarebytes) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-02-28 01:46 - 2015-05-14 10:18 - 001075712 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
2019-02-28 01:46 - 2014-08-28 11:37 - 000033424 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
2019-02-28 01:45 - 2015-02-13 10:19 - 000207360 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
2019-02-28 01:44 - 2015-05-08 08:26 - 000108544 ____R (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.22\ASACPI.DLL
2019-02-28 01:44 - 2015-05-08 08:26 - 000677376 ____R (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.22\asacpiEx.dll
2019-03-04 21:30 - 2019-04-24 19:22 - 000033064 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.01\PEbiosinterface32.dll
2019-03-04 21:30 - 2017-12-26 22:26 - 000053248 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.01\cpuutil.dll
2019-03-05 07:33 - 2017-12-20 05:01 - 000193536 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\AsusGpuTweak.dll
2019-03-05 07:33 - 2017-11-27 11:57 - 000062464 _____ () [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\Exeio.dll
2019-03-05 07:33 - 2017-05-03 02:17 - 000106496 _____ (ASUSTek Computer Inc.,) [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\EIO.DLL
2019-03-05 07:33 - 2017-11-27 11:57 - 001772544 _____ () [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\Vender.dll
2018-11-22 20:15 - 2018-11-22 20:15 - 001939456 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\GPU TweakII\TweakInterface.dll
2018-11-14 18:37 - 2018-11-14 18:37 - 001786368 _____ () [File not signed] C:\Program Files (x86)\ASUS\GPU TweakII\Vender.dll
2010-11-02 12:00 - 2010-11-02 12:00 - 000053248 _____ (NVIDIA Corporation) [File not signed] C:\Program Files (x86)\ASUS\GPU TweakII\nvgpio.dll
2019-02-28 01:46 - 2017-11-24 09:47 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\asacpi.dll
2019-02-28 01:46 - 2017-11-24 09:47 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\asacpiEx.dll
2019-03-05 07:33 - 2017-11-24 09:48 - 000101376 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\IccHelperSkylake.dll
2019-02-28 01:45 - 2017-10-29 20:15 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2019-02-28 01:45 - 2017-10-29 20:15 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsAcpi.dll
2019-02-28 01:45 - 2017-10-29 20:15 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\asacpiEx.dll
2019-02-28 01:46 - 2015-03-12 15:48 - 000901120 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\Express.dll
2019-02-28 01:46 - 2010-03-08 18:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\AsMultiLang.dll
2019-02-28 01:46 - 2015-06-19 00:46 - 001087488 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\System Information\SystemInfo.dll
2019-02-28 01:46 - 2014-07-25 16:46 - 001328128 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotice.dll
2019-02-28 01:45 - 2015-08-28 14:48 - 001345024 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\Mobo Connect\MoboConnect.dll
2019-02-28 01:45 - 2015-08-28 14:48 - 000110592 _____ (ASUSTek Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\Mobo Connect\AndroidOpenAccessory.dll
2019-02-28 01:45 - 2015-06-26 14:50 - 000906240 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\LED Control\LEDControl.dll
2019-02-28 01:45 - 2015-05-21 23:57 - 001141248 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2019-02-28 01:45 - 2017-10-29 20:15 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsMultiLang.dll
2019-02-28 01:46 - 2017-11-24 09:47 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\AsMultiLang.dll
2019-03-04 17:21 - 2019-03-24 11:38 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-04 17:21 - 2019-03-24 11:38 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-04 17:21 - 2019-03-24 11:38 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-04 17:21 - 2019-03-24 11:38 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-04 17:21 - 2019-03-24 11:38 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-04 17:21 - 2019-03-24 11:38 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-04 17:21 - 2019-03-24 11:38 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-04 17:21 - 2019-03-24 11:38 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-04 17:21 - 2019-03-24 11:38 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-24 11:38 - 2019-03-24 11:38 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-24 11:38 - 2019-03-24 11:38 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-04 17:21 - 2019-03-24 11:38 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-24 11:38 - 2019-03-24 11:38 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-24 11:38 - 2019-03-24 11:38 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-24 11:38 - 2019-03-24 11:38 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-24 11:38 - 2019-03-24 11:38 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-24 11:38 - 2019-03-24 11:38 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-24 11:38 - 2019-03-24 11:38 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-24 11:38 - 2019-03-24 11:38 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-02-28 01:46 - 2013-11-20 11:10 - 000662016 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\aaHMLib.dll
2019-02-28 01:46 - 2013-07-02 11:40 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\pngio.dll
2019-02-28 01:46 - 2013-11-20 11:10 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\AsMultiLang.dll
2017-11-23 19:00 - 2017-11-23 19:00 - 000377344 _____ () [File not signed] C:\Program Files (x86)\ASUS\GPU TweakII\CPUPackageTempDLL.dll
2019-02-28 01:45 - 2017-10-29 20:15 - 009541632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Cored.dll
2019-02-28 01:45 - 2017-10-29 20:15 - 008565248 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Widgetsd.dll
2019-02-28 01:45 - 2017-10-29 20:15 - 010430464 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Guid.dll
2019-02-28 01:45 - 2017-10-29 20:15 - 000299520 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Xmld.dll
2019-02-28 01:45 - 2017-10-29 20:15 - 002932736 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\platforms\qwindowsd.dll
2019-03-05 07:32 - 2017-10-29 20:15 - 000076288 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qgifd.dll
2019-03-05 07:32 - 2017-10-29 20:15 - 000097280 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qicnsd.dll
2019-03-05 07:32 - 2017-10-29 20:15 - 000077312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qicod.dll
2019-03-05 07:32 - 2017-10-29 20:15 - 000432640 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qjpegd.dll
2019-03-05 07:32 - 2017-10-29 20:15 - 000058880 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qsvgd.dll
2019-03-05 07:32 - 2017-10-29 20:15 - 000557056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Svgd.dll
2019-03-05 07:32 - 2017-10-29 20:15 - 000058880 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qtgad.dll
2019-03-05 07:32 - 2017-10-29 20:15 - 000574976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qtiffd.dll
2019-03-05 07:32 - 2017-10-29 20:15 - 000058368 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qwbmpd.dll
2019-03-05 07:32 - 2017-10-29 20:15 - 000844800 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qwebpd.dll
2019-02-28 01:46 - 2017-11-24 09:48 - 000743424 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2019-02-28 01:45 - 2017-10-29 20:15 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\asacpi.dll
2019-02-28 01:45 - 2017-10-29 20:15 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\asacpiEx.dll
2019-02-28 01:44 - 2015-05-08 08:26 - 000662016 ____R () [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-02-27 16:07 - 2019-02-27 16:06 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4211271423-19267843-2739290311-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "MouseDriver"
HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4211271423-19267843-2739290311-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{9A29E6C5-55B9-444B-841A-75127596B0A9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{D0D47C2C-13C6-4E1A-988B-DA3FD9F25ACD}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{863BCC0E-2A24-4F2A-8274-BC21B6F8B3D9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1EA71CE4-0B33-48F7-B814-7D70514C4056}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{C4BFBE00-17D6-4A71-916E-6F0AA5726CA9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F8265E91-AEC2-4D6E-90AB-DFCB21161CED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AF1E93B7-CA91-475F-9487-7272167C2B91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PRO EVOLUTION SOCCER 2019\PES2019.exe (Konami Digital Entertainment Co., Ltd.) [File not signed]
FirewallRules: [{56558B23-817A-4464-98F8-8E479E054D4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PRO EVOLUTION SOCCER 2019\PES2019.exe (Konami Digital Entertainment Co., Ltd.) [File not signed]
FirewallRules: [{FC11894A-EC13-4051-BE32-E92CF93E602A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{D1BC2E03-7324-42B0-A6F7-A9E6B71D4C11}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{58C21F68-232B-47E6-92BB-A740D26CFB12}] => (Allow) D:\Juegos\Call of Duty 5 World at War\CoDWaW.exe (Activision Publishing -> Activision Blizzard, Inc.) [File not signed]
FirewallRules: [{6CC36F10-64E0-4F42-8BD0-CDB559578B72}] => (Allow) D:\Juegos\Call of Duty 5 World at War\CoDWaW.exe (Activision Publishing -> Activision Blizzard, Inc.) [File not signed]
FirewallRules: [{0561699C-DF91-4890-8B75-D1110BC64A95}] => (Allow) D:\Juegos\Call of Duty 5 World at War\CoDWaWmp.exe (Activision Publishing -> Activision Blizzard, Inc.)
FirewallRules: [{FDF7AF70-6AFA-4175-8077-202F8F6E495B}] => (Allow) D:\Juegos\Call of Duty 5 World at War\CoDWaWmp.exe (Activision Publishing -> Activision Blizzard, Inc.)
FirewallRules: [{A2D432CD-1B34-4229-B493-C482B4C5CF3D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4E3CC07B-3F91-4B80-A565-CF553E2F13CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{56A7DA28-C541-4D16-BDCE-E68799554778}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1B699565-E521-4D1B-B4A5-6365C3305D56}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{1061021A-AED5-4BD8-B656-AFBD01FDA380}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{E1933F3F-5507-4539-89FB-4C6DAD17B28F}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{C4294F56-DC9D-46E8-A050-B5B80ADFEAEB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{D8F58F48-0A62-4D57-8285-6CA64D7EDC6A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7BCEE151-2735-45E8-8B7F-59FF9D229E46}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{25342C88-562D-485F-8622-676C1CCE2B8B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ED69DC6A-4EFF-4920-9264-9ABC93906D26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7E2040C5-DC06-4FE7-9B2B-B8E1143B7D0E}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{3612B342-29D1-4EA4-9B6F-99D6384C9C53}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

==================== Restore Points =========================

07-04-2019 20:52:22 Revo Uninstaller's restore point - Winamax Installer
20-04-2019 11:59:56 Revo Uninstaller's restore point - HearthArena Companion
21-04-2019 12:58:47 Revo Uninstaller's restore point - MediaGet

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2019 11:12:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/24/2019 11:12:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/24/2019 10:12:41 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/24/2019 10:12:38 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/24/2019 10:06:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/24/2019 10:06:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/24/2019 10:03:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/24/2019 10:03:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (04/24/2019 07:56:26 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0EUJ944)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-0EUJ944\Min con SID (S-1-5-21-4211271423-19267843-2739290311-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/24/2019 07:32:43 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0EUJ944)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-0EUJ944\Min con SID (S-1-5-21-4211271423-19267843-2739290311-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/24/2019 07:24:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0EUJ944)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-0EUJ944\Min con SID (S-1-5-21-4211271423-19267843-2739290311-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/24/2019 07:23:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.SecurityAppBroker
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/24/2019 07:23:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/24/2019 07:23:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0EUJ944)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-0EUJ944\Min con SID (S-1-5-21-4211271423-19267843-2739290311-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/24/2019 07:21:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0EUJ944)
Description: El servidor {9BA05972-F6A8-11CF-A442-00A0C90A8F39} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (04/24/2019 07:21:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio NVIDIA LocalSystem Container terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 6000 milisegundos: Reiniciar el servicio.


Windows Defender:
===================================
Date: 2019-02-28 00:44:42.609
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 0.0.0.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 0.0.0.0
Código de error: 0x8024402c
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-02-27 21:58:20.097
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 0.0.0.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 0.0.0.0
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2019-02-27 21:58:20.096
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 0.0.0.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 0.0.0.0
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2019-02-27 21:58:20.096
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 0.0.0.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 0.0.0.0
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

Date: 2019-02-27 21:58:20.092
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 0.0.0.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 0.0.0.0
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

CodeIntegrity:
===================================

Date: 2019-04-21 13:27:54.810
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\LockHunter\CRDllUnload64.dll that did not meet the Store signing level requirements.

Date: 2019-04-12 06:01:01.688
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Norton Security\Engine\22.17.0.183\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-12 06:01:01.637
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Norton Security\Engine\22.17.0.183\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-12 06:01:01.584
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Norton Security\Engine\22.17.0.183\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-12 06:01:01.553
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Norton Security\Engine\22.17.0.183\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-03-31 22:08:52.094
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Norton Security\Engine\22.17.0.183\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-03-31 22:08:52.041
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Norton Security\Engine\22.17.0.183\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-03-31 22:08:51.997
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Norton Security\Engine\22.17.0.183\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 3301 02/10/2017
Motherboard: ASUSTeK COMPUTER INC. Z170-P
Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 36%
Total physical RAM: 16327.24 MB
Available physical RAM: 10335.55 MB
Total Virtual: 18759.24 MB
Available Virtual: 9831.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.15 GB) (Free:84.63 GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:825.13 GB) NTFS
Drive e: () (Fixed) (Total:931.51 GB) (Free:27.81 GB) NTFS

\\?\Volume{ea1decd7-8d41-4f5b-a964-1c7736ca3907}\ (Recuperación) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{b713ca2a-91f5-4f46-ab43-5a99524d536b}\ () (Fixed) (Total:0.87 GB) (Free:0.46 GB) NTFS
\\?\Volume{56f04ac0-891d-4518-b660-5faa2cdd03e8}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 704F6A37)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: CA827CB0)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=42)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CA827CBC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
#17

Me he expresado mal arriba, quería decir iba con lag al escribir. Saludos!

PD : Ahora mismo no. Por si estás esperando, lo continuo al despertar, aun encima no vas a estar ahí pendiente, se me olvidaba decirlo. Bye

#18

Bueno

El pc esta limpio

Ese MicrosoftEdgeCP.exe, es el Edge y lo que posible te aviso Norton, es que si estabas usándolo, quizas alguna pagina o malware que quería entrar por ese navegador, pero no que ese proceso sea un malware.

En Norton, en apartado informes o similar, podrias ver el log de esa amenaza?

Decias que ese proceso estaba en System32,donde lo viste,en Norton??

#19

Descargue la herramienta SystemLook a su escritorio:


:filefind
MicrosoftEdgeCP.exe
  • Espere unos segundos hasta que finalice la búsqueda.[*]Al acabar se abrirá el bloc de notas un reporte que debe copiar y pegar en este tema.

Nota: Ese reporte también quedará en el archivo SystemLook.txt de su escritorio.

#20

Hola Miguel, no he dormido casi. Se me ha quedado algo en la boca del estomago y estoy mejor en vertical, así que ya está :slight_smile:

SystemLook 30.07.11 by jpshortstuff Log created at 04:48 on 25/04/2019 by Min Administrator - Elevation successful

========== filefind ==========

Searching for “MicrosoftEdgeCP.exe” C:\Windows\System32\MicrosoftEdgeCP.exe --a---- 104960 bytes [07:28 15/09/2018] [07:28 15/09/2018] 3FAE70080E7D900A469355C85ADACBDB C:\Windows\WinSxS\amd64_microsoft-windows-edge-microsoftedgecp_31bf3856ad364e35_10.0.17763.1_none_b1fc29456945be76\MicrosoftEdgeCP.exe --a---- 104960 bytes [07:28 15/09/2018] [07:28 15/09/2018] 3FAE70080E7D900A469355C85ADACBDB

-= EOF =-

PD : Si te vale de algo, donde la segunda ruta ( en su momento ) había dos archivos que pesaban igual que el EdgeCP y con el icono igual.

#21

Faltaría ahora mismo miro y edito. En la segunda ruta no en System32 , de ahí todo el “lío”, intenté borrarlo y ni desde consola, powershell, modo seguro o fileassasin.

La imagen me sale en el historial unas 50 veces y no exagero, he ido leyendo todas para ver sí encontraba la emergente que comentara con anterioridad.

Código : rrWXk

Creo recordar que la alerta me salto desinstalando este software ( no encuentro el mensaje emergente ). El overwolf, es un asistente para un juego de cartas de rol, tiene alertas seguidas hacía procesos del Norton. ¿ Se podría decir que quiere “tirar” el Norton ?

Gracias. Saludos!

#22

Por esto me había llamado la atención y fue cuando mire para intentar borrarlo. ( Previa alerta del Norton ).

PD : Los 3 archivos que te decía en la carpeta que encontró el SystemLook.