Muchas conexiones vistas en NETSTAT

Buenas noches,

A veces noto que tengo alguna pérdida de paquetes o delay en los juegos y es algo reciente. No es el proveedor de internet y me metí a cmd para ver qué conexiones ando generando y con todo cerrado, procesos cerrados, tengo al menos unas 40. Con TaskKill he matado algunos PID pero hay alguna que se sigue creando.

Quedo atento a sus preguntas sobre el tema.

Hola @Abel_Muro

Primero verifiquemos que tu equipo este limpio.

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos con todos los programas cerrados incluido los navegadores

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
  • Cuando lo instales destilda las casillas para no permitir la instalación de CcleanerBrowser.
  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado marcando todas las unidades
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: [size=2]¿Como Pegar reportes en el Foro?[/size]

Nos comentas.

Salu2

Consulta, ¿Deseas que cierre todos los procesos o reinicio la PC para que todo vuelva como deba de ser?

Hola:

Primero descarga todo, luego solo lo indicado, con todos los programas cerrados, incluido los navegadores.

Salu2

Adjunto el reporte del ADW

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-05-2019
# Database: 2019-09-27.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-27-2019
# Duration: 00:00:00
# OS:       Windows 10 Pro
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Hola

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [13664 octets] - [27/09/2019 22:46:14]
AdwCleaner[S00].txt - [1401 octets] - [27/09/2019 22:47:07]
AdwCleaner[S01].txt - [1463 octets] - [27/09/2019 22:48:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Adjunto 1 reporte de ZHPCleaner

~ ZHPCleaner v2019.9.26.145 by Nicolas Coolman (2019/09/26)
~ Run by Abel (Administrator)  (27/09/2019 22:35:13)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scanner
~ Report : C:\Users\Abel\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\Abel\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : 
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 17763)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (15)
ENCONTRADOS archivo: C:\Users\Abel\AppData\Roaming\DRPSu  =>.SUP.DriverPack
ENCONTRADOS carpeta: C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll [DevComponents.com - DevComponents.DotNetBar]  =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\Program Files\KMSpico\DM.bin    =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\Program Files\KMSpico\unins000.dat    =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\Program Files\KMSpico\unins000.exe [ - Setup/Uninstall]  =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\Program Files\KMSpico\Vestris.ResourceLib.dll [Vestris Inc. - ResourceLib]  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\cert  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\driver  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\icons  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\logs  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\scripts  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\sounds  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\TokensBackup  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>HackTool.KMSpico


---\\  Registro ( Claves, Valores, Datos) (6)
ENCONTRADOS clave: HKCU\Software\drpsu [AdditionalScan 64]  =>.SUP.DriverPack
ENCONTRADOS clave: HKLM\SOFTWARE\Wow6432Node\drpsu [AdditionalScan 286]  =>.SUP.DriverPack
ENCONTRADOS clave: HKLM\SOFTWARE\drpsu [AdditionalScan 397]  =>.SUP.DriverPack
ENCONTRADOS clave: HKEY_USERS\S-1-5-21-2873761170-1005967962-895602886-1001\SOFTWARE\drpsu []  =>.SUP.DriverPack
ENCONTRADOS clave: HKCU\Software\drpsu []  =>.SUP.DriverPack
ENCONTRADOS clave: [X64] HKLM\SOFTWARE\Wow6432Node\drpsu []  =>.SUP.DriverPack


---\\  Resumen de elementos en su estación de trabajo (2)
https://nicolascoolman.eu/2018/07/04/sup-driverpack/  =>.SUP.DriverPack
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico


---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK
~ Opera OK


---\\ STATISTIQUES
~ Items escaneado : 101227
~ Items encontrado : 23
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0


~ End of search in 00h04mn25s

---\\  Reporte (0)
ZHPCleaner-[S]-27092019-22_39_38.txt

Adjunto segundo reporte de ZHPCleaner

~ ZHPCleaner v2019.9.26.145 by Nicolas Coolman (2019/09/26)
~ Run by Abel (Administrator)  (27/09/2019 22:41:54)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparar
~ Report : C:\Users\Abel\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Abel\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 17763)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (3)
MOVIDO archivo: C:\Users\Abel\AppData\Roaming\DRPSu  =>.SUP.DriverPack
MOVIDO archivo: C:\Program Files\KMSpico  =>HackTool.KMSpico
MOVIDO archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>HackTool.KMSpico


---\\  Registro ( Claves, Valores, Datos) (6)
BORRADOS clave*: HKCU\Software\drpsu [AdditionalScan 64]  =>.SUP.DriverPack
BORRADOS clave*: HKLM\SOFTWARE\Wow6432Node\drpsu [AdditionalScan 286]  =>.SUP.DriverPack
BORRADOS clave**: HKLM\SOFTWARE\drpsu [AdditionalScan 397]  =>.SUP.DriverPack
BORRADOS clave**: HKEY_USERS\S-1-5-21-2873761170-1005967962-895602886-1001\SOFTWARE\drpsu []  =>.SUP.DriverPack
BORRADOS clave**: HKCU\Software\drpsu []  =>.SUP.DriverPack
BORRADOS clave**: [X64] HKLM\SOFTWARE\Wow6432Node\drpsu []  =>.SUP.DriverPack


---\\  Resumen de elementos en su estación de trabajo (2)
https://nicolascoolman.eu/2018/07/04/sup-driverpack/  =>.SUP.DriverPack
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico


---\\ Limpieza adicional. (20)
~ Clave de registro Tracing borrados (20)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK
~ Opera OK


---\\ STATISTIQUES
~ Items escaneado : 1503
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0


~ End of clean in 00h00mn16s

---\\  Reporte (2)
ZHPCleaner-[S]-27092019-22_39_38.txt
ZHPCleaner-[R]-27092019-22_42_10.txt

Adjunto reporte de Malware

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 27/9/19
Hora del análisis: 22:54
Archivo de registro: 9be57a66-e1a3-11e9-8908-14dda9eeb9ed.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.627
Versión del paquete de actualización: 1.0.12679
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17763.737)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-9QVTFHA\Abel

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 729262
Amenazas detectadas: 4
Amenazas en cuarentena: 4
Tiempo transcurrido: 40 min, 43 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 4
MachineLearning/Anomalous.100%, C:\USERS\ABEL\DOWNLOADS\5.7.1-WIN\ADOBE.PHOTOSHOP.LIGHTROOM.V5.7.1.MULTILINGUAL.INCL.KEYMAKER-CORE\KEYGEN.EXE, En cuarentena, [0], [392687],1.0.12679
HackTool.Patcher, C:\USERS\ABEL\DOWNLOADS\80K3456030\ADOBE.PHOTOSHOP.CC.2018.V19.1.4.56638.MULTI.WIN.INCL.CRACK-PAINTER\PATCH (PAINTER)\ADOBE.SNR.PATCH.V2.0-PAINTER.ZIP, En cuarentena, [7649], [473286],1.0.12679
CrackTool.Agent, C:\USERS\ABEL\DOWNLOADS\80K3456030\ADOBE.PHOTOSHOP.CC.2018.V19.1.4.56638.MULTI.WIN.INCL.CRACK-PAINTER\PATCH (PAINTER)\AMTEMU.V0.9.2.WIN-PAINTER.ZIP, En cuarentena, [6041], [445980],1.0.12679
Generic.Malware/Suspicious, E:\DESCARGAS\TOPSHAPE_SETUP_C_W5BCDLNQVU5K2ERE1C1960FS.EXE, En cuarentena, [0], [392686],1.0.12679

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Hola @Abel_Muro

En ZHPCleaner existe una diferencia importante entre los Encontrado y lo Movido

  • Explorador ( Archivos, Carpetas ) Encontrados (15)
  • Explorador ( Archivos, Carpetas ) Movidos (3)

Debes volver a ejecutarlo y eliminar todo lo que te detecte

Por lo menos si quieres descubrir las conexiones extrañas


Posteriormente realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2


~ ZHPCleaner v2019.9.26.145 by Nicolas Coolman (2019/09/26)
~ Run by Abel (Administrator)  (28/09/2019 11:47:30)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scanner
~ Report : C:\Users\Abel\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\Abel\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : 
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 17763)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (1)
ENCONTRADOS archivo: C:\Users\Abel\AppData\Roaming\DRPSu  =>.SUP.DriverPack


---\\  Registro ( Claves, Valores, Datos) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Resumen de elementos en su estación de trabajo (1)
https://nicolascoolman.eu/2018/07/04/sup-driverpack/  =>.SUP.DriverPack


---\\ Limpieza adicional. (7)
~ Clave de registro Tracing borrados (7)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK


---\\ STATISTIQUES
~ Items escaneado : 1491
~ Items encontrado : 1
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0


~ End of search in 00h00mn07s

---\\  Reporte (0)
ZHPCleaner-[S]-28092019-11_47_37.txt
~ ZHPCleaner v2019.9.26.145 by Nicolas Coolman (2019/09/26)
~ Run by Abel (Administrator)  (28/09/2019 11:48:45)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparar
~ Report : C:\Users\Abel\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Abel\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 17763)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (1)
MOVIDO archivo: C:\Users\Abel\AppData\Roaming\DRPSu  =>.SUP.DriverPack


---\\  Registro ( Claves, Valores, Datos) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Resumen de elementos en su estación de trabajo (1)
https://nicolascoolman.eu/2018/07/04/sup-driverpack/  =>.SUP.DriverPack


---\\ Limpieza adicional. (4)
~ Clave de registro Tracing borrados (4)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK


---\\ STATISTIQUES
~ Items escaneado : 1488
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0


~ End of clean in 00h00mn08s

---\\  Reporte (2)
ZHPCleaner-[S]-28092019-11_47_37.txt
ZHPCleaner-[R]-28092019-11_48_53.txt

Reporte del FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-09-2019
Ran by Abel (administrator) on DESKTOP-9QVTFHA (28-09-2019 11:52:18)
Running from C:\Users\Abel\Pictures
Loaded Profiles: Abel (Available Profiles: Abel)
Platform: Windows 10 Pro Version 1809 17763.737 (X64) Language: Español (México)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346729.inf_amd64_a4e838010b04088c\B346681\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346729.inf_amd64_a4e838010b04088c\B346681\atiesrxx.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\avpui.exe
(Luminati Networks -> Luminati Networks Ltd.) C:\Program Files (x86)\Mouse Server\luminati\net_svc.exe
(Luminati Networks -> Luminati Networks Ltd.) C:\Program Files (x86)\Mouse Server\net_updater32.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19082.1010.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify AB -> Spotify Ltd) C:\Users\Abel\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Abel\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Abel\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Abel\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Abel\AppData\Roaming\Spotify\Spotify.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942744 2018-12-17] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Run: [Discord] => C:\Users\Abel\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3211040 2019-09-18] (Valve -> Valve Corporation)
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Run: [EpicGamesLauncher] => E:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35826064 2019-08-09] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3114256 2019-07-04] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Run: [Spotify] => C:\Users\Abel\AppData\Roaming\Spotify\Spotify.exe [21348768 2019-09-27] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Abel\AppData\Local\Microsoft\Teams\Update.exe [1790192 2019-08-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Run: [MouseServer] => C:\Program Files (x86)\Mouse Server\MouseServer.exe [518656 2019-08-20] (wifimouse.necta.us) [File not signed]
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\MountPoints2: {3ece039c-599a-11e9-8708-14dda9eeb9ed} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\MountPoints2: {bae954de-4c10-11e9-8705-14dda9eeb9ed} - "F:\HiSuiteDownLoader.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-23] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01F2BD51-BCC4-429C-87CE-2770EF51C33F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0774FB99-7E01-42BC-B433-C4581F246CEE} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-09-10] (Advanced Micro Devices, Inc.) [File not signed]
Task: {150E1A06-811F-44D8-A214-AEF3695D20D7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DD4D483-F044-4A70-AB3C-0AEC0172F507} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61112 2019-09-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {3F2C8F69-288E-41F9-A83D-3ABFD08F18A1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {492C744A-C76D-4B64-863A-66567688AF18} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {5447E981-1B60-4DFC-923B-4FF9FE103C87} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1571464 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {68757FF5-0B3E-4963-A71C-86D57389912D} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-09-10] (Advanced Micro Devices, Inc.) [File not signed]
Task: {76FF4A3C-FB43-4E2C-B612-764A8D073401} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [68280 2019-09-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {8177757E-4016-402D-BA0A-B2A05DF83D51} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {8A4CDEB4-E0BD-4BF4-9859-5D009702E38F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {9F4CAAD1-B407-4E7A-838D-DDA490345736} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-29] (Google Inc -> Google Inc.)
Task: {BA35829E-2E38-4D83-B37C-48FD3C53EFDF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {D6E30959-A3A2-4924-A8A2-009DD4F922A7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16585328 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {DB8FD733-7779-4B01-B5AA-531CF8C3EA16} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-9QVTFHA-Abel => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {DBAB31C1-83B9-4E3B-8256-859A16FC8771} - System32\Tasks\Opera GX scheduled Autoupdate 1560381831 => C:\Users\Abel\AppData\Local\Programs\Opera GX\launcher.exe [1459736 2019-09-25] (Opera Software AS -> Opera Software)
Task: {E84EBFEF-4629-47CA-B991-5B2444E4277F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-29] (Google Inc -> Google Inc.)
Task: {F352220F-7896-4E99-AF6C-0CC0F09D538C} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe
Task: {F4DDDDBB-34A1-44A7-B8A9-C93B433412F3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.48.225.146 200.48.225.130
Tcpip\..\Interfaces\{0d54cd8d-df4f-4da6-8686-dac7dac30fc5}: [DhcpNameServer] 200.48.225.146 200.48.225.130
Tcpip\..\Interfaces\{23640c30-7dd2-48cb-a0b0-10ccda7780db}: [DhcpNameServer] 200.48.225.146 200.48.225.130
Tcpip\..\Interfaces\{3c336280-343c-4d8c-b45d-c77a43e95f08}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-07-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\IEExt\ie_plugin.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\IEExt\ie_plugin.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-30] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: pwu0gig2.default
FF ProfilePath: C:\Users\Abel\AppData\Roaming\Mozilla\Firefox\Profiles\pwu0gig2.default [2019-09-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-04-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-02-13] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-02-13] <==== ATTENTION

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Profile: C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default [2019-09-27]
CHR Extension: (Kaspersky Protection) - C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2019-02-10]
CHR Extension: (Documentos) - C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-29]
CHR Extension: (Google Drive) - C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-29]
CHR Extension: (Hootsuite Hootlet) - C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2018-12-29]
CHR Extension: (YouTube) - C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-29]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-09-12]
CHR Extension: (Share on Rabbit) - C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplabnbcafdgpcjmibgkekpaejlfhnkl [2019-01-15]
CHR Extension: (Adobe Acrobat) - C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-08-20]
CHR Extension: (Exvius Sync) - C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimggnobpoklppophdihgegfjldfdgad [2019-05-03]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-29]
CHR Extension: (AdBlock) - C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-09-27]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-29]
CHR Extension: (Gmail) - C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Abel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-27]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKU\S-1-5-21-2873761170-1005967962-895602886-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0346729.inf_amd64_a4e838010b04088c\B346681\atiesrxx.exe [508632 2019-09-12] (Advanced Micro Devices, Inc. -> AMD)
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8348064 2018-12-29] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568144 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2018-12-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\x64\vssbridge64.exe [414352 2019-02-10] (Kaspersky Lab -> AO Kaspersky Lab)
R2 luminati_net_updater_win_wifimouse_necta_us; C:\Program Files (x86)\Mouse Server\net_updater32.exe [2520616 2019-08-18] (Luminati Networks -> Luminati Networks Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2329392 2019-07-04] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3203888 2019-07-04] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5357360 2019-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12135768 2019-09-16] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-29] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-29] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0346729.inf_amd64_a4e838010b04088c\B346681\atikmdag.sys [60634840 2019-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0346729.inf_amd64_a4e838010b04088c\B346681\atikmpag.sys [598224 2019-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [108152 2019-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2019-08-27] (Malwarebytes Corporation -> Malwarebytes)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [30808 2016-05-04] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [75600 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [126288 2019-08-08] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [91472 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [236672 2019-08-08] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLHK; C:\Windows\System32\drivers\klhk.sys [1093240 2019-08-08] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [197760 2019-09-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1168000 2019-08-08] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [58704 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [60536 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [60784 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50304 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [46416 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [245272 2019-04-29] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [99152 2019-03-25] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [302368 2019-04-29] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [116104 2019-04-29] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [198768 2019-05-03] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [104576 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [184960 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [218240 2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116832 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [8206848 2018-09-15] (Microsoft Windows -> Realtek Semiconductor Corporation )
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [53128 2018-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46680 2018-12-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [330936 2018-12-29] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-29] (Microsoft Windows -> Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2018-12-30] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-28 11:48 - 2019-09-28 11:48 - 000001941 _____ C:\Users\Abel\Desktop\ZHPCleaner (R).txt
2019-09-28 11:47 - 2019-09-28 11:47 - 000001895 _____ C:\Users\Abel\Desktop\ZHPCleaner (S).txt
2019-09-28 01:20 - 2019-09-28 01:20 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2019-09-27 23:47 - 2019-09-27 23:47 - 000002242 _____ C:\Users\Abel\Desktop\malware.txt
2019-09-27 22:50 - 2019-09-27 22:50 - 000001631 _____ C:\Users\Abel\Desktop\AdwCleaner[C01].txt
2019-09-27 22:46 - 2019-09-27 22:48 - 000000000 ____D C:\AdwCleaner
2019-09-27 21:44 - 2019-09-27 21:44 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-09-27 21:44 - 2019-09-27 21:44 - 000000000 ____D C:\Users\Abel\AppData\Local\mbamtray
2019-09-27 21:44 - 2019-09-27 21:44 - 000000000 ____D C:\Users\Abel\AppData\Local\mbam
2019-09-27 21:44 - 2019-09-27 21:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-09-27 21:44 - 2019-09-27 21:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-09-27 21:44 - 2019-09-27 21:44 - 000000000 ____D C:\Program Files\Malwarebytes
2019-09-27 21:44 - 2019-08-27 05:50 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-09-27 21:44 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-09-27 21:34 - 2019-09-28 11:51 - 000000000 ____D C:\Users\Abel\AppData\Roaming\ZHP
2019-09-27 21:34 - 2019-09-27 21:34 - 000000874 _____ C:\Users\Abel\Desktop\ZHPCleaner.lnk
2019-09-27 21:34 - 2019-09-27 21:34 - 000000000 ____D C:\Users\Abel\AppData\Local\ZHP
2019-09-27 21:31 - 2019-09-27 21:31 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-09-27 21:31 - 2019-09-27 21:31 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-09-27 21:31 - 2019-09-27 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-09-27 21:23 - 2019-09-28 11:52 - 000000000 ____D C:\FRST
2019-09-27 21:11 - 2019-09-27 22:59 - 000002070 _____ C:\Users\Abel\Desktop\Rkill.txt
2019-09-27 21:11 - 2019-09-27 21:11 - 000841241 _____ C:\Users\Abel\Downloads\rkill.zip
2019-09-21 22:26 - 2019-09-27 22:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-09-15 13:12 - 2019-09-15 13:12 - 000003160 _____ C:\Windows\System32\Tasks\StartCN
2019-09-15 13:12 - 2019-09-15 13:12 - 000003080 _____ C:\Windows\System32\Tasks\StartDVR
2019-09-15 13:12 - 2019-09-15 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2019-09-15 13:12 - 2019-09-15 13:12 - 000000000 ____D C:\Program Files (x86)\AMD
2019-09-15 13:11 - 2019-09-15 13:11 - 000000000 ____D C:\Windows\LastGood.Tmp
2019-09-15 13:10 - 2019-09-15 13:11 - 000000000 ____D C:\Users\Abel\AppData\LocalLow\AMD
2019-09-15 13:06 - 2019-09-15 13:06 - 028290000 _____ (AMD Inc.) C:\Users\Abel\Downloads\radeon-software-adrenalin-2019-19.9.2-minimalsetup-190912_64bit.exe
2019-09-15 12:38 - 2019-09-15 12:38 - 000000000 ____D C:\Users\Abel\Downloads\Z170-A-ASUS-3802
2019-09-15 11:07 - 2019-09-15 11:07 - 000002580 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-09-15 11:07 - 2019-09-15 11:07 - 000002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-09-15 11:07 - 2019-09-15 11:07 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-09-15 11:07 - 2019-09-15 11:07 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-09-15 11:07 - 2019-09-15 11:07 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-09-15 11:07 - 2019-09-15 11:07 - 000002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-09-15 11:07 - 2019-09-15 11:07 - 000002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-09-15 11:07 - 2019-09-15 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-09-12 09:56 - 2019-09-12 09:56 - 001243352 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2019-09-12 09:56 - 2019-09-12 09:56 - 001073104 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-09-12 09:56 - 2019-09-12 09:56 - 001073104 _____ C:\Windows\system32\vulkan-1.dll
2019-09-12 09:56 - 2019-09-12 09:56 - 000929904 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-09-12 09:56 - 2019-09-12 09:56 - 000929904 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-09-12 09:56 - 2019-09-12 09:56 - 000852184 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-09-12 09:56 - 2019-09-12 09:56 - 000852184 _____ C:\Windows\system32\vulkaninfo.exe
2019-09-12 09:56 - 2019-09-12 09:56 - 000709848 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-09-12 09:56 - 2019-09-12 09:56 - 000709848 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-09-12 09:56 - 2019-09-12 09:56 - 000135384 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-09-12 09:56 - 2019-09-12 09:56 - 000122072 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-09-12 09:56 - 2019-09-12 09:56 - 000020392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2019-09-12 09:56 - 2019-09-12 09:56 - 000020392 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2019-09-11 21:20 - 2019-09-11 21:20 - 005436696 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-09-11 21:20 - 2019-09-11 21:20 - 003550384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-09-11 21:20 - 2019-09-11 21:20 - 002469432 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2019-09-11 21:20 - 2019-09-11 21:20 - 002323696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2019-09-11 21:20 - 2019-09-11 21:20 - 002099752 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-09-11 21:20 - 2019-09-11 21:20 - 001604760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-09-11 21:20 - 2019-09-11 21:20 - 001297120 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2019-09-11 21:20 - 2019-09-11 21:20 - 001075832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2019-09-11 21:20 - 2019-09-11 21:20 - 000798736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2019-09-11 21:20 - 2019-09-11 21:20 - 000154624 _____ (Microsoft Corporation) C:\Windows\system32\fcon.dll
2019-09-11 21:20 - 2019-09-11 21:20 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\LSCSHostPolicy.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 026808320 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 023453696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 022124760 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 020817408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 019011584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 017484800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 015221248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 012939776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 012244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 009679672 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 008903680 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 007921664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 007886848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 007871488 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 007690648 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 006542464 _____ (Microsoft Corporation) 

Parte 2

C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 006444544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 006310064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 006065664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 005597808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 005573232 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 005569024 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 004874752 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 004588752 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 004353016 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 004056576 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 003821728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 003702784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 003634688 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 003490816 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 003385856 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 003333984 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 003096576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 003082752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002924344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 002879488 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002871608 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 002779488 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 002700784 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002693120 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002645504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002593032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002421248 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 002415416 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.AppAgent.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002233688 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002199864 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002192384 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002148864 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppAgent.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002127360 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002086400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002085168 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 002073240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001994768 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001966096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 001929728 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001904128 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001899152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001893376 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001864192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001782272 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001764352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001743168 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001721360 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001720120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.AppAgent.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001702096 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-09-11 21:19 - 2019-09-11 21:19 - 001687552 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001674480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001668752 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001655976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001641400 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001608192 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001573240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001563880 _____ (Microsoft Corporation) C:\Windows\system32\ttdrecordcpu.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001551360 _____ (Microsoft Corporation) C:\Windows\system32\SpeechPal.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001522704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001521664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001484592 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001472576 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 001465472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001397048 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001388544 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001388032 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001387512 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001344960 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-09-11 21:19 - 2019-09-11 21:19 - 001331536 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001318400 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001307648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001294280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001272560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ttdrecordcpu.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001256960 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001253688 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 001221528 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 001191512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001187840 _____ (Microsoft Corporation) C:\Windows\system32\AgentService.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 001183744 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CommonBridge.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001182240 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 001180248 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001171968 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001132032 _____ (Microsoft Corporation) C:\Windows\system32\nettrace.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001128448 _____ (Microsoft Corporation) C:\Windows\system32\ApplySettingsTemplateCatalog.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 001098136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001081656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Services.TargetedContent.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001071616 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 001054952 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 001052160 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001048888 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 001047552 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001022824 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 001010688 _____ (Microsoft Corporation) C:\Windows\system32\refsutil.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000988672 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000968192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000948224 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000914432 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000900096 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000888120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pidgenx.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000883200 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000865576 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000851272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000848896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Signals.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000811024 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000807760 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000806568 _____ C:\Windows\SysWOW64\locale.nls
2019-09-11 21:19 - 2019-09-11 21:19 - 000806568 _____ C:\Windows\system32\locale.nls
2019-09-11 21:19 - 2019-09-11 21:19 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000793824 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000791352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000782968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000779776 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000774968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Services.TargetedContent.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000774192 _____ (Microsoft Corporation) C:\Windows\system32\pkeyhelper.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000773632 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000773632 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000764416 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000762880 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.PrinterCustomActions.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000751928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000741392 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_StorageSense.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000740904 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Office2013CustomActions.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000736768 _____ (Microsoft Corporation) C:\Windows\system32\LockController.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000736056 _____ (Microsoft Corporation) C:\Windows\system32\LicensingWinRT.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000689664 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000675096 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000660544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000652832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000652600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000652304 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000646656 _____ (Microsoft Corporation) C:\Windows\system32\w32time.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000637752 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000622392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicensingWinRT.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000622080 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000622080 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnrSvc.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000616448 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000606088 _____ (Microsoft Corporation) C:\Windows\system32\directmanipulation.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\facecredentialprovider.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000604344 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000603784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000595456 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000591160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000585184 _____ (Microsoft Corporation) C:\Windows\system32\AppResolver.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000574464 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000572416 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000558592 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000554000 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000540240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000535056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000532992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000532192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000520208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Vid.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000519168 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000515960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\directmanipulation.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000515152 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000513336 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000511288 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000506200 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000505128 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000497152 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\ResourceMapper.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000484352 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000464912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000450872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000449376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppResolver.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000449024 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000439808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ngccredprov.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000435712 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000425472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000422912 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CscUnpinTool.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\Windows\system32\curl.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000415544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000409256 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000405304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000402368 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000398336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000398208 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000386048 _____ (curl, hxxps://curl.haxx.se/) C:\Windows\SysWOW64\curl.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000378368 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000360960 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000351432 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000349144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000347576 _____ (Microsoft Corporation) C:\Windows\system32\AudioSrvPolicyManager.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000330672 _____ (Microsoft Corporation) C:\Windows\system32\ttdwriter.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000330592 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000324408 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000312832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000294728 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\TDLMigration.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000281088 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ConfigWrapper.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000279416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000275968 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.AppDefaults.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000274432 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000272648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ttdwriter.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000251904 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_ManagePhone.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000251904 _____ (Microsoft Corporation) C:\Windows\system32\HttpsDataSource.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\w32tm.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000240128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000224768 _____ (Microsoft Corporation) C:\Windows\system32\ptpprov.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000211968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000209920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\SecureTimeAggregator.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000195224 _____ (Microsoft Corporation) C:\Windows\system32\SecurityCenterBroker.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000177176 _____ (Microsoft Corporation) C:\Windows\system32\imm32.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\NcaSvc.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000168248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000164504 _____ (Microsoft Corporation) C:\Windows\system32\vertdll.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000164152 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000163328 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000157696 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000144080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000140600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000140088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsusbhub.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000130872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Display.BrightnessOverride.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000130560 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Storage.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000126976 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000120832 _____ (Microsoft Corporation) C:\Windows\system32\updatecsp.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000120344 _____ (Microsoft Corporation) C:\Windows\system32\OpenWith.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\drvsetup.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000106048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpenWith.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmUcsiCx.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000098080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Display.BrightnessOverride.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvsetup.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000090632 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000087056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhvr.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000078336 _____ (Microsoft Corporation) C:\Windows\system32\ComputerDefaults.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000071696 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ComputerDefaults.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2019-09-11 21:19 - 2019-09-11 21:19 - 000036152 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2019-09-11 21:19 - 2019-09-11 21:19 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmUcsiAcpiClient.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys
2019-09-11 21:19 - 2019-09-11 21:19 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-09-11 21:19 - 2019-09-11 21:19 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-09-11 21:19 - 2019-09-11 21:19 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-09-11 21:19 - 2019-09-11 21:19 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-09-11 21:19 - 2019-09-11 21:19 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-09-11 21:19 - 2019-09-11 21:19 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-09-11 21:19 - 2019-09-11 21:19 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-09-11 21:19 - 2019-09-11 21:19 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2019-09-07 04:15 - 2019-09-10 00:15 - 000000000 ____D C:\Windows\SysWOW64\luminati
2019-09-06 21:42 - 2019-09-06 21:42 - 008552222 _____ C:\Users\Abel\Downloads\Z170-A-ASUS-3802.zip
2019-09-04 20:10 - 2019-09-25 23:45 - 000001425 _____ C:\Users\Abel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera GX.lnk
2019-08-29 00:27 - 2019-09-28 01:14 - 000003813 _____ C:\Windows\diagwrn.xml
2019-08-29 00:27 - 2019-09-28 01:14 - 000003813 _____ C:\Windows\diagerr.xml

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-28 11:53 - 2019-06-29 16:55 - 000000000 ____D C:\Users\Abel\AppData\Local\Spotify
2019-09-28 11:52 - 2019-02-10 13:20 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-09-28 11:52 - 2018-12-29 17:04 - 000000000 ____D C:\Program Files (x86)\Steam
2019-09-28 11:42 - 2018-12-29 16:47 - 000000000 ____D C:\Users\Abel\AppData\Roaming\discord
2019-09-28 11:42 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-28 11:40 - 2018-12-29 16:09 - 000004216 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{07F0C068-D1A5-46CF-8E92-387E2A5C4C85}
2019-09-28 11:37 - 2018-12-29 15:13 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-09-28 08:00 - 2019-06-29 16:55 - 000000000 ____D C:\Users\Abel\AppData\Roaming\Spotify
2019-09-28 01:22 - 2018-12-29 16:12 - 000000000 ____D C:\Windows\Panther
2019-09-28 01:21 - 2018-09-15 02:31 - 000000000 ____D C:\Windows\INF
2019-09-28 01:20 - 2018-09-15 01:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-09-28 01:14 - 2019-03-19 07:58 - 000000000 ___HD C:\$WINDOWS.~BT
2019-09-27 22:53 - 2018-12-29 15:21 - 001776794 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-27 22:53 - 2018-09-15 11:39 - 000787094 _____ C:\Windows\system32\perfh00A.dat
2019-09-27 22:53 - 2018-09-15 11:39 - 000154116 _____ C:\Windows\system32\perfc00A.dat
2019-09-27 22:49 - 2019-08-11 14:05 - 000000000 ____D C:\Program Files (x86)\Mouse Server
2019-09-27 22:49 - 2019-04-13 13:21 - 000003110 _____ C:\Windows\System32\Tasks\AMDLinkUpdate
2019-09-27 22:49 - 2019-02-10 03:22 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-09-27 22:49 - 2018-12-29 15:13 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-27 22:48 - 2018-12-29 15:56 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-09-27 22:48 - 2018-09-15 01:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-09-27 22:24 - 2018-12-31 23:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-27 21:44 - 2018-09-15 02:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-09-27 21:42 - 2018-12-29 16:12 - 000000000 ____D C:\Program Files\KMSpico
2019-09-27 21:31 - 2019-02-10 03:22 - 000000000 ____D C:\Users\Abel\AppData\Roaming\TeamViewer
2019-09-27 21:31 - 2018-12-29 17:08 - 000000000 ____D C:\Users\Abel\AppData\Local\D3DSCache
2019-09-27 21:31 - 2018-12-29 15:37 - 000000000 ____D C:\Program Files\CCleaner
2019-09-27 21:31 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\LiveKernelReports
2019-09-27 21:27 - 2018-12-29 15:19 - 000000000 ____D C:\Users\Abel\AppData\Local\Packages
2019-09-27 21:27 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-09-27 21:27 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\AppReadiness
2019-09-27 20:55 - 2019-03-16 15:18 - 000007626 _____ C:\Users\Abel\AppData\Local\Resmon.ResmonCfg
2019-09-27 20:21 - 2019-01-06 16:18 - 000000000 ____D C:\Users\Abel\AppData\Local\Vivox
2019-09-25 23:45 - 2019-06-12 18:23 - 000004218 _____ C:\Windows\System32\Tasks\Opera GX scheduled Autoupdate 1560381831
2019-09-25 00:10 - 2018-12-31 23:44 - 000000000 ____D C:\Users\Abel\AppData\LocalLow\Mozilla
2019-09-23 23:48 - 2018-12-29 19:16 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-23 23:48 - 2018-12-29 19:16 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-23 23:46 - 2018-12-31 23:44 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-09-23 01:32 - 2018-12-29 16:56 - 000000000 ____D C:\Users\Abel\AppData\Local\Battle.net
2019-09-22 10:32 - 2019-07-01 23:16 - 000000000 ____D C:\Users\Abel\AppData\Local\TeamViewer
2019-09-22 10:32 - 2019-02-10 03:22 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-09-22 10:32 - 2019-02-10 03:22 - 000001028 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-09-21 01:31 - 2018-12-29 17:06 - 000000000 ____D C:\Program Files (x86)\Overwatch
2019-09-19 22:28 - 2018-12-29 15:13 - 000441488 _____ C:\Windows\system32\FNTCACHE.DAT
2019-09-19 21:49 - 2018-12-29 15:28 - 000000000 ____D C:\Users\Abel\AppData\Roaming\vlc
2019-09-18 22:52 - 2018-12-29 15:21 - 000003376 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2873761170-1005967962-895602886-1001
2019-09-18 22:52 - 2018-12-29 15:19 - 000002360 _____ C:\Users\Abel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-17 22:36 - 2019-03-21 07:18 - 000000000 ____D C:\Users\Abel\Documents\Adobe
2019-09-17 22:36 - 2018-12-29 15:19 - 000000000 ____D C:\Users\Abel\AppData\Roaming\Adobe
2019-09-16 19:31 - 2018-12-29 15:38 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-09-16 01:39 - 2018-12-29 15:29 - 000000000 ____D C:\Users\Abel\AppData\Roaming\AIMP
2019-09-15 13:12 - 2018-12-29 15:42 - 000000000 ____D C:\Program Files\AMD
2019-09-15 13:10 - 2018-12-29 16:07 - 000000000 ____D C:\Users\Abel\AppData\Local\AMD
2019-09-15 13:06 - 2019-07-13 16:58 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2019-09-15 13:06 - 2018-12-29 15:42 - 000000000 ____D C:\AMD
2019-09-15 12:48 - 2018-12-29 18:19 - 000000000 ____D C:\Users\Abel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-09-15 12:40 - 2018-12-29 16:09 - 000113637 ____H C:\Users\Abel\AppData\Local\IconCache.db.backup
2019-09-15 12:40 - 2018-12-29 15:19 - 000000000 ___HD C:\Users\Abel
2019-09-15 11:06 - 2018-12-29 16:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-09-12 09:56 - 2019-07-08 14:37 - 001593048 _____ (AMD) C:\Windows\system32\coinst_19.30.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 003915992 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 003517144 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 001714392 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 001243352 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000762072 _____ (AMD) C:\Windows\system32\atieclxx.exe
2019-09-12 09:56 - 2017-05-16 18:06 - 000574680 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000554200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000493784 _____ C:\Windows\system32\dgtrayicon.exe
2019-09-12 09:56 - 2017-05-16 18:06 - 000485592 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000480984 _____ C:\Windows\system32\GameManager64.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000469208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000440536 _____ C:\Windows\system32\atieah64.exe
2019-09-12 09:56 - 2017-05-16 18:06 - 000384216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000382168 _____ C:\Windows\SysWOW64\GameManager32.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000352984 _____ C:\Windows\SysWOW64\atieah32.exe
2019-09-12 09:56 - 2017-05-16 18:06 - 000349400 _____ C:\Windows\system32\clinfo.exe
2019-09-12 09:56 - 2017-05-16 18:06 - 000242896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000214744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000184536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000179376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000163544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000159448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000158216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000153304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000138968 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000136400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000126168 _____ (AMD) C:\Windows\system32\atimuixx.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000124632 _____ C:\Windows\system32\atidxx64.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000121552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000107736 _____ C:\Windows\SysWOW64\atidxx32.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000106200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000070864 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000047320 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2019-09-12 09:56 - 2017-05-16 18:06 - 000044248 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2019-09-12 09:55 - 2019-07-31 11:18 - 059439320 _____ C:\Windows\system32\amdcomgr64.dll
2019-09-12 09:55 - 2019-07-31 11:18 - 049336024 _____ C:\Windows\SysWOW64\amdcomgr.dll
2019-09-12 09:55 - 2017-05-16 18:06 - 000941784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2019-09-12 09:55 - 2017-05-16 18:06 - 000769240 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2019-09-12 09:55 - 2017-05-16 18:06 - 000473304 _____ C:\Windows\system32\amdgfxinfo64.dll
2019-09-12 09:55 - 2017-05-16 18:06 - 000382168 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2019-09-12 09:40 - 2018-12-29 15:19 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-09-12 09:40 - 2018-12-29 15:19 - 000000000 ___RD C:\Users\Abel\3D Objects
2019-09-12 06:55 - 2017-05-16 18:05 - 000128736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2019-09-12 06:55 - 2017-05-16 18:05 - 000108352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2019-09-12 06:54 - 2017-05-16 18:05 - 000554696 _____ C:\Windows\system32\amdmiracast.dll
2019-09-12 06:54 - 2017-05-16 18:05 - 000135456 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2019-09-12 06:54 - 2017-05-16 18:05 - 000128736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2019-09-12 06:54 - 2017-05-16 18:05 - 000119856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2019-09-12 06:54 - 2017-05-16 18:05 - 000108352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2019-09-12 00:10 - 2018-09-15 11:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-09-12 00:10 - 2018-09-15 02:33 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2019-09-12 00:10 - 2018-09-15 02:33 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-09-12 00:10 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-09-12 00:10 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\system32\oobe
2019-09-12 00:10 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\system32\es-MX
2019-09-12 00:10 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\ShellExperiences
2019-09-12 00:10 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\ShellComponents
2019-09-12 00:10 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-09-12 00:10 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\bcastdvr
2019-09-12 00:10 - 2018-09-15 01:09 - 000000000 ____D C:\Windows\system32\Dism
2019-09-11 21:21 - 2018-09-15 02:23 - 000000000 ____D C:\Windows\CbsTemp
2019-09-10 16:36 - 2017-04-25 00:56 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2019-09-10 16:36 - 2017-04-25 00:51 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2019-09-10 16:32 - 2017-04-25 01:06 - 000552808 _____ C:\Windows\SysWOW64\atiapfxx.blb
2019-09-10 16:32 - 2017-04-25 01:06 - 000552808 _____ C:\Windows\system32\atiapfxx.blb
2019-09-07 04:15 - 2019-08-11 14:05 - 000001131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Server.lnk
2019-09-07 04:15 - 2019-08-11 14:05 - 000001119 _____ C:\Users\Public\Desktop\Mouse Server.lnk
2019-09-04 14:44 - 2018-09-15 02:36 - 000835480 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-09-04 14:44 - 2018-09-15 02:36 - 000179816 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-08-31 05:24 - 2019-02-05 21:18 - 000000000 ____D C:\ProgramData\Origin
2019-08-30 01:27 - 2019-08-03 13:06 - 000212992 _____ C:\Windows\system32\ClickToRun_Pipeline16

==================== Files in the root of some directories ================

2019-03-24 08:11 - 2019-03-24 08:11 - 000000000 _____ () C:\Users\Abel\AppData\Local\oobelibMkey.log
2019-03-16 15:18 - 2019-09-27 20:55 - 000007626 _____ () C:\Users\Abel\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Y el otro de FRST que dice Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2019
Ran by Abel (28-09-2019 11:53:17)
Running from C:\Users\Abel\Pictures
Windows 10 Pro Version 1809 17763.737 (X64) (2018-12-29 20:17:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Abel (S-1-5-21-2873761170-1005967962-895602886-1001 - Administrator - Enabled) => C:\Users\Abel
Administrador (S-1-5-21-2873761170-1005967962-895602886-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2873761170-1005967962-895602886-503 - Limited - Disabled)
Invitado (S-1-5-21-2873761170-1005967962-895602886-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2873761170-1005967962-895602886-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Kaspersky Small Office Security (Disabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Small Office Security (Disabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Small Office Security (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.1.435 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_4) (Version: 19.1.4 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AIMP (HKLM-x32\...\AIMP) (Version: v4.50.2058, 27.12.2017 - AIMP DevTeam)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.9.2 - Advanced Micro Devices, Inc.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.1.5 - Electronic Arts, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{D19DBA3B-7451-49DB-98C4-E22F824663D9}) (Version: 1.1.220.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Chrome (HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Kaspersky Small Office Security (HKLM-x32\...\{C0758BA0-EC9D-4A07-AADE-105376FC82FC}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Small Office Security (HKLM-x32\...\InstallWIX_{C0758BA0-EC9D-4A07-AADE-105376FC82FC}) (Version: 19.0.0.1088 - Kaspersky Lab)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 365 Business - es-es (HKLM\...\O365BusinessRetail - es-es) (Version: 16.0.11929.20300 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Teams) (Version: 1.2.00.17057 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Mouse Server versión 1.7.7.7 (HKLM-x32\...\{7AFAA880-BB05-4E38-9279-C53EECE1B7BE}_is1) (Version: 1.7.7.7 - Necta Inc.)
Mozilla Firefox 69.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 69.0.1 (x64 es-ES)) (Version: 69.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.2.6.1 - Duodian Technology Co. Ltd.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Opera GX Stable 63.0.3368.55666 (HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Opera GX 63.0.3368.55666) (Version: 63.0.3368.55666 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.41.27263 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Spotify (HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Spotify) (Version: 1.1.16.522.g55a4b852 - Spotify AB)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{A7037EB2-F953-4B12-B843-195F4D988DA1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.6.2452 - TeamViewer)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

Packages:
=========
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2058.0_x64__rz1tebttyb220 [2019-09-04] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2018-12-29] (Fitbit)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-08-30] (Microsoft Studios) [MS Ad]
MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-10] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{04271989-C4D2-3EB8-757D-69A08D751E9F} -> [OneDrive - Aqua Ril S.A] => E:\OneDrive\OneDrive - Aqua Ril S.A.C [2018-12-30 17:41]
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{04271989-C4D2-FFB7-356B-CBCDD8C5F7BE} -> [Aqua Ril S.A] => E:\OneDrive\Aqua Ril S.A.C [2019-01-16 19:44]
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Abel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19127.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Abel\AppData\Local\Google\Chrome\Application\70.0.3538.110\notification_helper.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Abel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19127.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2018-12-29] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\x64\ShellEx.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\x64\ShellEx.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2018-12-29] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\x64\ShellEx.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-09-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\x64\ShellEx.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-01-08 12:54 - 2019-01-08 12:54 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 003598336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 001441280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2019-09-10 17:47 - 2019-09-10 17:47 - 005999104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 006413824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 001141760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000339968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 004143104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 003840000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000332800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000349184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 080959488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 005622272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000190464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 002825216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\sharepoint.com -> hxxps://aquaril-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 02:31 - 2018-09-15 02:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2873761170-1005967962-895602886-1001\Control Panel\Desktop\\Wallpaper -> E:\Mis Imágenes\bakemonogatari_forest_by_jaredharper-d4lnqvl.jpg
DNS Servers: 200.48.225.146 - 200.48.225.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\StartupApproved\Run: => "Parsec.App.0"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{17AD1BE5-671F-4CAC-93E4-AE20BF56B237}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{995BCC29-719D-4794-ADE2-32A5EE03B56D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E065F7A7-A345-42F1-B27C-478409B20A85}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{997967E9-EF74-4557-9CDA-69A75341150D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4F6598DF-D5FE-4E68-AD0E-C5DB986735C0}] => (Allow) E:\Juegos\Dota2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{1721B874-FF84-48AB-8993-6599F03A57A1}] => (Allow) E:\Juegos\Dota2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [TCP Query User{20DCBF95-222B-4CCB-9886-672559C43FA2}E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{87926216-FEA0-4F67-9974-78D0A93407A7}E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{94CE78A4-770B-446C-9AF4-38529E19558E}] => (Allow) E:\Program Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{518F443C-AEE3-4EB3-A855-E921FC00C62C}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
FirewallRules: [{CCAB0711-DE12-4AB6-9CD0-770C9996F59B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D4D3586E-CE41-4DB6-B73B-FF12427A89F4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7792331D-F376-44E4-B601-C090D6081FC8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6AD33158-8560-44E7-A712-5E6DF36F0D7F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{C3CFE68F-7191-44F9-B2E7-7D384C11984F}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [UDP Query User{D89F5677-845A-4B11-BDCE-377948F1D212}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [{541E397B-9E1F-47F5-8ACA-1910FD9D0409}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C7AEE78F-08BE-434F-8BED-080233CD53DC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2A1CF93A-AC11-474B-A13E-AAC645A2D582}] => (Allow) E:\Juegos\Dota2\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [{6F93DC1B-F95C-4DF4-86CC-C38B773C3D3D}] => (Allow) E:\Juegos\Dota2\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [{89AD6D5B-710B-4CF2-ABF8-8377100024D7}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{09618E68-3BC6-4200-9C41-5830F81D01AC}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{282AFC14-EB89-4B2F-8669-894EA6A20FF4}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{BBB632A5-B418-48B0-ACCB-9E1D926476AA}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{B2F2EE4C-4C1D-4F40-B8AA-369376198FD7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A2E62E98-4BC6-407B-AA52-1363DA9FFABB}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{021FCE67-3DB8-47E0-A9BE-2D0FD16B7182}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [TCP Query User{99D3E950-613F-44C7-8EAC-B4300B894BF0}C:\program files (x86)\mouse server\mouseserver.exe] => (Block) C:\program files (x86)\mouse server\mouseserver.exe (wifimouse.necta.us) [File not signed]
FirewallRules: [UDP Query User{2F42976D-ADB1-498D-A4F5-23553F34B890}C:\program files (x86)\mouse server\mouseserver.exe] => (Block) C:\program files (x86)\mouse server\mouseserver.exe (wifimouse.necta.us) [File not signed]
FirewallRules: [TCP Query User{CD9FA41F-B5DE-4CD3-99C4-548E82AC295C}C:\users\abel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\abel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{58183B5D-DC6F-4FD5-93F8-C44F1B425C29}C:\users\abel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\abel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{79035C44-8B3F-4AA9-A7EE-F4CE46BA600F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E48ECB47-13ED-46B1-B9CB-F1FB95F0BD2F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{FD955571-CFE4-4A7D-8CB3-87288391AD0B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{DF44D4AC-3A7C-4833-AC34-5EEB64464F3C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [TCP Query User{A40FDFA5-35F8-49DE-9FF3-3EF6C5AB5A59}C:\users\abel\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\abel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{C035DF4C-7BA4-4B90-B1B0-2D84173DAD1E}C:\users\abel\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\abel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{77712D1C-D228-4C9C-8F1C-E8F9B7938684}C:\program files (x86)\mouse server\mouseserver.exe] => (Block) C:\program files (x86)\mouse server\mouseserver.exe (wifimouse.necta.us) [File not signed]
FirewallRules: [UDP Query User{EE6DC7D8-73CA-411C-8620-E4E68E9D6809}C:\program files (x86)\mouse server\mouseserver.exe] => (Block) C:\program files (x86)\mouse server\mouseserver.exe (wifimouse.necta.us) [File not signed]
FirewallRules: [{81CADE1A-896D-47EA-8D56-BC5A28937A57}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

21-09-2019 23:17:20 Punto de control programado
28-09-2019 11:48:23 ZHPcleaner

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2019 10:54:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamtray.exe, versión: 3.1.0.1840, marca de tiempo: 0x5d5c13ae
Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5cba0161
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0018dc19
Identificador del proceso con errores: 0x2fc0
Hora de inicio de la aplicación con errores: 0x01d575afbcf267e5
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Identificador del informe: 3d2567d4-8f8e-4002-8ce1-f933d42a99a7
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (09/27/2019 10:51:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.17763.1, marca de tiempo: 0x1244354f
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x1a1c
Hora de inicio de la aplicación con errores: 0x01d575b00955a8d6
Ruta de acceso de la aplicación con errores: C:\Windows\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 252d24d6-9b48-4ddd-be7e-00602c6db2a2
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge

Error: (09/27/2019 10:46:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Spotify.exe, versión: 1.1.16.522, marca de tiempo: 0x5d84002a
Nombre del módulo con errores: Spotify.exe, versión: 1.1.16.522, marca de tiempo: 0x5d84002a
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x001371fc
Identificador del proceso con errores: 0x32d0
Hora de inicio de la aplicación con errores: 0x01d575ac66fb7a3f
Ruta de acceso de la aplicación con errores: C:\Users\Abel\AppData\Roaming\Spotify\Spotify.exe
Ruta de acceso del módulo con errores: C:\Users\Abel\AppData\Roaming\Spotify\Spotify.exe
Identificador del informe: d2a89e80-0a3c-4c1f-b286-ee5c74eaaca8
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (09/19/2019 09:33:18 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (09/15/2019 02:28:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa Spotify.exe (versión 1.1.15.448) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

Id. de proceso: 2678

Hora de Inicio: 01d56bf166faf096

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Users\Abel\AppData\Roaming\Spotify\Spotify.exe

Id. de informe: adc07e81-7f56-43ff-9083-d3f5e92e3491

Nombre completo del paquete con errores: 

Id. de la aplicación relativa al paquete con errores: 

Tipo de bloqueo: Cross-thread

Error: (09/15/2019 12:47:54 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: (-2146885628) No puede encontrar el objeto o propiedad

Error: (09/15/2019 12:47:54 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: (-2146885628) No puede encontrar el objeto o propiedad

Error: (09/08/2019 03:19:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.17763.1, marca de tiempo: 0x1244354f
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x6d4
Hora de inicio de la aplicación con errores: 0x01d56682c2bcd59b
Ruta de acceso de la aplicación con errores: C:\Windows\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: b6d1b59f-66e7-423e-88a2-e7a68fec440a
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge


System errors:
=============
Error: (09/28/2019 11:49:11 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/28/2019 11:46:05 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/28/2019 11:45:33 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/28/2019 12:14:39 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/27/2019 11:24:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/27/2019 11:18:08 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/27/2019 11:08:08 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/27/2019 10:51:17 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 y APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2019-01-06 14:06:29.261
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {9E10981B-CD02-4552-ACC8-F3574DD1A5BD}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-01-06 13:59:02.880
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {49309E73-50AB-41B1-B686-404BFE44FFED}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-12-31 18:30:59.904
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.283.1927.0, AS: 1.283.1927.0, NIS: 1.283.1927.0
Versión de motor: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-31 15:04:40.562
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {B3E29B6D-C8EA-4CCD-BAA1-2C8EDCD29AF1}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-12-31 14:51:28.562
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {F2426844-D20A-45B0-A11D-044C38E6800B}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2019-09-27 22:53:01.711
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-09-27 22:52:13.085
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-09-27 22:52:06.369
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-09-27 22:51:56.089
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-09-27 22:51:55.931
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-09-27 22:51:40.887
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-09-27 22:25:39.986
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-09-27 22:25:39.970
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 3802 03/15/2018
Motherboard: ASUSTeK COMPUTER INC. Z170-A
Processor: Intel(R) Core(TM) i5-6600 CPU @ 3.30GHz
Percentage of memory in use: 23%
Total physical RAM: 16323.13 MB
Available physical RAM: 12472.8 MB
Total Virtual: 18883.13 MB
Available Virtual: 12481.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.97 GB) (Free:21.1 GB) NTFS
Drive d: () (Fixed) (Total:465.66 GB) (Free:465.54 GB) NTFS
Drive e: (Nuevo vol) (Fixed) (Total:1863 GB) (Free:1648.08 GB) NTFS

\\?\Volume{244d57ef-2b7a-4de9-a718-0c93066eefe2}\ (Recuperación) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{a6855e64-eff7-4ff5-8fa7-7819e1775849}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 9E0F88FC)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: CCC25131)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Hola @Abel_Muro

Paso 1:

Ejecutaste FRST desde un lugar incorrecto:

  • Running from C:\Users\Abel\ Pictures

Corta el ejecutable y pegalo en tu escritorio <<< Esto es Muy Importante.

Paso 2:

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\MountPoints2: {3ece039c-599a-11e9-8708-14dda9eeb9ed} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\MountPoints2: {bae954de-4c10-11e9-8705-14dda9eeb9ed} - "F:\HiSuiteDownLoader.exe" 
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-02-13] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-02-13] <==== ATTENTION
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Paso 3:

Botón de Inicio >>> escribes CMD >>> Botón Derecho >>> Ejecutar como Administrador.

En la consola escribes tal cual:

NETSTAT -b

  • Sobre el resultado en la pantalla, presionas Botón Derecho >>> Seleccionar Todo.
  • Presionas juntas las teclas Ctrl + C (Copiar)
  • Abres un Notepad/Block de Notas en blanco y presionas juntas las teclas Ctrl + V (Pegar)

En tu próxima respuesta nos pegas ese reporte.

Nos comentas como sientes el equipo.

Salu2.